Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34342e302f32322d3332203d3e20313431393935.roa
File:                     36322e37322e34342e302f32322d3332203d3e20313431393935.roa (raw, json)
Hash identifier:          nLJ75DbftgTv21G2YE5jbivK7nu9InKm4mugzJ/vGPM=
Subject key identifier:   DB:C5:BC:8C:66:04:F8:6F:6C:E2:A3:91:41:C4:DF:98:79:56:D2:56
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       27F9FBDB42C5D3C79B25D139E0D70B6241F007C8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34342e302f32322d3332203d3e20313431393935.roa
Signing time:             Thu 27 Jun 2024 14:04:08 +0000
ROA not before:           Thu 27 Jun 2024 13:59:08 +0000
ROA not after:            Thu 26 Jun 2025 14:04:08 +0000
asID:                     141995
IP address blocks:        62.72.44.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:f9:fb:db:42:c5:d3:c7:9b:25:d1:39:e0:d7:0b:62:41:f0:07:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 27 13:59:08 2024 GMT
            Not After : Jun 26 14:04:08 2025 GMT
        Subject: CN=DBC5BC8C6604F86F6CE2A39141C4DF987956D256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:65:e4:81:01:12:e1:83:52:06:60:92:d8:94:
                    c0:46:a2:ea:2b:d7:9b:15:a9:2b:9f:8a:7d:5c:3e:
                    3f:b9:3a:e9:8e:96:00:d2:57:49:19:d6:b3:a7:a6:
                    d7:ce:e0:92:76:df:69:d4:e1:8c:ce:99:6b:4a:00:
                    1d:b0:c8:94:37:05:7b:50:7d:7d:82:d0:00:93:e4:
                    a6:a9:b5:1c:5a:e9:92:85:61:50:2f:4d:89:eb:11:
                    7d:ce:3d:f4:1e:c2:d4:f9:e3:0c:c7:02:f4:00:2e:
                    96:dd:9e:51:3a:30:4c:b7:d5:8f:b9:8e:61:30:82:
                    de:d0:37:74:e5:c9:87:53:88:be:7f:09:dd:1d:d2:
                    ce:e7:c5:d4:21:54:4f:7f:95:61:02:63:0a:fa:fe:
                    f6:16:97:49:77:df:5a:31:4b:e0:c9:85:92:dd:22:
                    c5:18:89:f5:8a:d6:e2:95:41:96:74:86:78:56:b8:
                    84:c2:e7:38:71:ac:0d:64:c6:4c:0f:92:a7:5b:0b:
                    13:0f:b3:6e:13:bb:3d:43:b6:fe:c2:b2:67:b0:c1:
                    a2:7d:ac:e0:e9:01:de:f7:31:9c:ac:97:1b:31:29:
                    8c:9d:28:18:51:2e:9d:f8:32:0c:d5:c9:c9:d0:32:
                    f4:c6:eb:d8:04:a2:66:40:77:28:04:36:96:dc:c9:
                    ab:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C5:BC:8C:66:04:F8:6F:6C:E2:A3:91:41:C4:DF:98:79:56:D2:56
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34342e302f32322d3332203d3e20313431393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:72:be:32:4d:34:b3:96:ec:1a:3f:ba:93:af:03:1c:5f:15:
         ad:36:f8:3a:84:9a:1e:bd:50:8b:ef:a9:a8:81:29:8f:41:32:
         48:9f:d1:09:1e:d9:47:ac:5a:06:b5:37:1f:46:1d:ee:fa:c3:
         77:02:46:e3:40:19:5d:f3:95:19:50:7b:ea:3d:74:f0:e8:6e:
         f7:e1:b8:73:b4:ff:29:67:28:23:f7:dc:fa:21:32:73:c2:cf:
         ca:34:e6:55:3b:c3:07:bb:d7:44:6e:46:1a:99:0f:a3:41:41:
         e9:68:5c:cc:0b:c5:40:b9:f2:d0:0a:67:2a:21:1a:b8:b0:ee:
         f6:a8:74:d2:19:29:73:86:a0:a6:6f:01:33:ae:d0:c5:f9:fa:
         9f:1a:72:9c:e5:6b:a1:15:f1:e8:19:3e:d1:b0:28:30:40:46:
         d6:7c:14:89:05:7b:a2:48:b5:cf:8d:c9:d8:6a:be:a8:32:2d:
         ae:9d:4d:58:16:d1:5c:b4:2f:5f:23:d1:fd:88:d8:93:f2:4b:
         c0:1f:12:42:38:dc:f0:f3:5b:9e:22:be:c5:03:cf:47:3d:2e:
         ec:33:fd:49:dd:27:29:56:4b:e7:20:f3:73:8a:cc:c8:d7:42:
         c4:e5:a2:52:04:07:ab:af:5f:38:79:13:79:af:38:a9:71:71:
         8f:65:0e:92
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ/n720LF08ebJdE54NcLYkHwB8gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MjcxMzU5MDhaFw0yNTA2MjYxNDA0MDhaMDMxMTAvBgNV
BAMTKERCQzVCQzhDNjYwNEY4NkY2Q0UyQTM5MTQxQzRERjk4Nzk1NkQyNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOZeSBARLhg1IGYJLYlMBGouor
15sVqSufin1cPj+5OumOlgDSV0kZ1rOnptfO4JJ232nU4YzOmWtKAB2wyJQ3BXtQ
fX2C0ACT5KaptRxa6ZKFYVAvTYnrEX3OPfQewtT54wzHAvQALpbdnlE6MEy31Y+5
jmEwgt7QN3TlyYdTiL5/Cd0d0s7nxdQhVE9/lWECYwr6/vYWl0l331oxS+DJhZLd
IsUYifWK1uKVQZZ0hnhWuITC5zhxrA1kxkwPkqdbCxMPs24Tuz1Dtv7CsmewwaJ9
rODpAd73MZyslxsxKYydKBhRLp34MgzVycnQMvTG69gEomZAdygENpbcyasNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU28W8jGYE+G9s4qORQcTfmHlW0lYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzQzNDJl
MzAyZjMyMzIyZDMzMzIyMDNkM2UyMDMxMzQzMTM5MzkzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAj5I
LDANBgkqhkiG9w0BAQsFAAOCAQEADHK+Mk00s5bsGj+6k68DHF8VrTb4OoSaHr1Q
i++pqIEpj0EySJ/RCR7ZR6xaBrU3H0Yd7vrDdwJG40AZXfOVGVB76j108Ohu9+G4
c7T/KWcoI/fc+iEyc8LPyjTmVTvDB7vXRG5GGpkPo0FB6WhczAvFQLny0ApnKiEa
uLDu9qh00hkpc4agpm8BM67Qxfn6nxpynOVroRXx6Bk+0bAoMEBG1nwUiQV7oki1
z43J2Gq+qDItrp1NWBbRXLQvXyPR/YjYk/JLwB8SQjjc8PNbniK+xQPPRz0u7DP9
Sd0nKVZL5yDzc4rMyNdCxOWiUgQHq69fOHkTea84qXFxj2UOkg==
-----END CERTIFICATE-----