Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33362e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e33362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          KSIzA3tycB32SmYnIiq6RswQ7JP/K/4ffwNqF8uWZFE=
Subject key identifier:   0A:E3:FD:A6:48:F7:EB:C2:BF:6A:54:7D:16:62:94:BD:42:51:27:7C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0B9CECC324F11D71746498ADF7771E8FFA168FE0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33362e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 22 May 2026 08:24:24 +0000
ROA not before:           Fri 22 May 2026 08:19:24 +0000
ROA not after:            Fri 21 May 2027 08:24:24 +0000
asID:                     47583
IP address blocks:        62.72.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:9c:ec:c3:24:f1:1d:71:74:64:98:ad:f7:77:1e:8f:fa:16:8f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 22 08:19:24 2026 GMT
            Not After : May 21 08:24:24 2027 GMT
        Subject: CN=0AE3FDA648F7EBC2BF6A547D166294BD4251277C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8a:ce:68:f7:ee:ab:93:b4:52:66:e8:14:60:
                    c3:58:89:fa:c5:64:e0:6c:42:7a:2d:27:bd:25:27:
                    7d:7d:4e:7e:d5:54:dc:b2:be:96:00:b5:08:b9:06:
                    87:84:df:ca:f0:40:3b:d5:0b:a2:5e:4b:3b:1b:80:
                    05:91:82:64:10:6f:47:44:8a:ce:9c:2d:54:74:b6:
                    bc:6c:b7:cf:6b:7d:33:7c:bd:ba:b9:9d:c1:e4:59:
                    ef:d5:68:29:1a:e0:3c:a2:17:a3:96:f5:84:76:8f:
                    49:a5:0f:b2:23:82:14:87:6c:f2:0f:83:dd:f1:52:
                    d7:d7:98:b9:cf:00:80:f0:b1:34:26:c5:5c:ad:cd:
                    96:7a:10:79:cb:d3:41:46:98:2d:66:4c:ce:62:75:
                    5b:6d:0d:71:85:f1:a9:eb:de:23:a6:7e:4b:36:8f:
                    ed:da:9b:99:e6:0b:a8:7a:13:28:c1:1e:cb:c4:a0:
                    c2:7c:3c:c9:d8:ab:2a:c4:70:74:ad:eb:d2:70:a9:
                    29:f6:33:d2:2c:d3:0d:34:44:f5:37:bd:c7:a0:e6:
                    70:17:d4:62:53:67:53:e1:9e:5d:d9:f8:3e:3c:be:
                    41:4b:13:d2:ab:af:12:1b:6a:4c:2a:c9:4f:b4:45:
                    a3:10:22:5d:01:aa:c0:f2:24:87:1d:c7:9a:55:a1:
                    63:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:E3:FD:A6:48:F7:EB:C2:BF:6A:54:7D:16:62:94:BD:42:51:27:7C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:2c:a9:c2:f8:de:a3:df:d2:7c:67:18:f2:f8:92:3a:09:95:
         0f:2d:5f:95:cf:aa:ff:7b:7d:7b:d7:15:3e:60:d7:1a:3f:08:
         3e:cd:f6:84:1b:26:b3:86:c1:fa:34:9b:87:e2:85:b7:10:94:
         65:41:93:11:5a:85:40:da:31:01:2a:8e:54:59:94:5f:38:33:
         a0:d2:a8:cd:3e:ed:03:a9:70:b1:0c:cc:92:db:7f:2a:8a:ec:
         8b:a7:c1:28:9a:cd:38:95:5e:cd:2d:e0:df:77:21:1f:ce:95:
         09:1f:90:94:35:15:79:12:c3:c2:2b:5e:23:52:1d:3e:56:d2:
         23:82:c6:3c:b7:9c:47:55:d2:b4:50:d1:c3:7f:e8:0b:9b:b7:
         bc:95:af:40:b6:9c:7b:a5:bb:ba:bc:e6:02:14:a4:c0:69:07:
         87:1d:24:a3:cd:2c:bd:fb:74:13:2f:0c:a8:f5:bb:bf:ed:80:
         8c:e1:e7:71:b7:aa:4f:08:e7:3a:90:c2:96:16:df:28:3d:b9:
         41:9c:2f:ed:6e:a4:79:24:37:54:6c:fa:84:8a:ea:63:bb:d5:
         d3:cc:23:99:22:04:73:29:86:a7:85:87:92:38:c0:42:41:a0:
         f5:3f:e2:b2:0c:0a:e4:6a:24:de:4c:6f:99:dd:24:48:fa:e2:
         d9:42:5f:01
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUC5zswyTxHXF0ZJit93cej/oWj+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjIwODE5MjRaFw0yNzA1MjEwODI0MjRaMDMxMTAvBgNV
BAMTKDBBRTNGREE2NDhGN0VCQzJCRjZBNTQ3RDE2NjI5NEJENDI1MTI3N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1is5o9+6rk7RSZugUYMNYifrF
ZOBsQnotJ70lJ319Tn7VVNyyvpYAtQi5BoeE38rwQDvVC6JeSzsbgAWRgmQQb0dE
is6cLVR0trxst89rfTN8vbq5ncHkWe/VaCka4DyiF6OW9YR2j0mlD7IjghSHbPIP
g93xUtfXmLnPAIDwsTQmxVytzZZ6EHnL00FGmC1mTM5idVttDXGF8anr3iOmfks2
j+3am5nmC6h6EyjBHsvEoMJ8PMnYqyrEcHSt69JwqSn2M9Is0w00RPU3vceg5nAX
1GJTZ1Phnl3Z+D48vkFLE9KrrxIbakwqyU+0RaMQIl0BqsDyJIcdx5pVoWMZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUCuP9pkj368K/alR9FmKUvUJRJ3wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzMzNjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SCQw
DQYJKoZIhvcNAQELBQADggEBAJUsqcL43qPf0nxnGPL4kjoJlQ8tX5XPqv97fXvX
FT5g1xo/CD7N9oQbJrOGwfo0m4fihbcQlGVBkxFahUDaMQEqjlRZlF84M6DSqM0+
7QOpcLEMzJLbfyqK7IunwSiazTiVXs0t4N93IR/OlQkfkJQ1FXkSw8IrXiNSHT5W
0iOCxjy3nEdV0rRQ0cN/6Aubt7yVr0C2nHulu7q85gIUpMBpB4cdJKPNLL37dBMv
DKj1u7/tgIzh53G3qk8I5zqQwpYW3yg9uUGcL+1upHkkN1Rs+oSK6mO71dPMI5ki
BHMphqeFh5I4wEJBoPU/4rIMCuRqJN5Mb5ndJEj64tlCXwE=
-----END CERTIFICATE-----