Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34342e302f32322d3332203d3e20313431393935.roa
File:                     36322e37322e34342e302f32322d3332203d3e20313431393935.roa (raw, json)
Hash identifier:          N1uuxA9JC4NIn7xL/Xgkjpj81diSEijKKKe+apACAQ0=
Subject key identifier:   19:38:3D:9F:36:06:EC:E1:12:D1:2D:14:F7:9D:59:FE:93:14:FF:B5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       407996437A52150FC1FA6E8D15B1278F53D22D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34342e302f32322d3332203d3e20313431393935.roa
Signing time:             Thu 29 May 2025 14:46:33 +0000
ROA not before:           Thu 29 May 2025 14:41:33 +0000
ROA not after:            Thu 28 May 2026 14:46:33 +0000
asID:                     141995
IP address blocks:        62.72.44.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:79:96:43:7a:52:15:0f:c1:fa:6e:8d:15:b1:27:8f:53:d2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 29 14:41:33 2025 GMT
            Not After : May 28 14:46:33 2026 GMT
        Subject: CN=19383D9F3606ECE112D12D14F79D59FE9314FFB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:7a:76:f3:92:81:69:ad:5b:4b:55:e4:de:43:
                    7b:97:6a:3d:d0:fb:92:a9:ac:41:b1:66:09:9d:2e:
                    6e:5a:18:cb:13:87:07:98:d7:3a:9f:5b:3b:95:24:
                    87:ac:47:1c:72:b7:60:1c:07:3c:e7:63:c2:03:c1:
                    58:ba:76:16:1e:d7:35:67:01:3c:2b:f6:f8:0a:44:
                    0a:4d:b1:e2:37:1d:88:7e:6d:b5:a1:00:77:73:a4:
                    9f:b8:58:1b:e5:23:08:d3:d8:27:5e:a2:fe:9b:d4:
                    d2:bc:bb:99:4d:93:4d:75:35:46:2c:6c:2d:02:65:
                    1e:77:f2:4b:68:6d:b3:0e:1e:b5:e9:fe:c0:00:74:
                    14:d6:fb:bb:2d:7b:cd:35:f9:a7:7f:28:74:14:28:
                    61:61:45:d4:09:ce:f3:b5:d0:da:98:93:2f:e7:af:
                    86:94:1b:94:47:8f:29:e8:96:69:28:a8:5f:06:60:
                    b7:68:89:03:1b:d5:2d:04:9d:02:d8:ca:ba:7f:ce:
                    e9:5a:13:e2:cf:d8:22:eb:d4:6a:c0:4a:d3:85:01:
                    44:93:11:8d:d6:86:f1:b7:02:67:63:20:20:f6:0a:
                    db:6c:59:92:b5:cb:54:f7:a7:9a:97:13:6a:a7:98:
                    bc:9b:31:4e:f1:0c:6c:8f:64:a3:30:39:6d:c2:2b:
                    d9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:38:3D:9F:36:06:EC:E1:12:D1:2D:14:F7:9D:59:FE:93:14:FF:B5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34342e302f32322d3332203d3e20313431393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:ea:e5:b6:58:f0:a0:01:01:e7:36:56:a4:60:76:1c:c8:0d:
         eb:ee:99:bb:0a:e6:bd:3b:00:e5:79:03:31:a9:1a:8d:4b:fc:
         9b:17:da:e2:e0:ce:d5:53:e8:bf:f9:f4:f6:5b:da:94:a8:e3:
         04:50:11:f6:9b:e5:95:59:94:b7:5f:ea:11:a7:0c:33:77:b5:
         9d:cc:a3:f8:2d:72:43:33:af:cc:66:d0:7b:d3:24:82:d2:28:
         01:6c:bc:a7:b5:a3:f6:ef:c6:63:68:68:16:a8:63:3c:c3:e9:
         d2:9d:ac:b7:a5:09:57:d2:fe:9a:2d:fa:6d:74:44:57:b8:b1:
         d7:12:c0:88:08:0d:eb:9a:55:33:bb:3e:cf:92:b4:07:cc:f2:
         04:6c:41:8a:b6:ff:84:96:f3:8f:81:44:ca:6a:03:5e:24:75:
         53:c3:ad:c6:2a:44:0a:4f:7d:2b:60:d0:e0:c2:a0:5e:b3:af:
         ed:23:d0:96:3c:0e:43:3c:1e:ee:b8:53:d9:31:f6:4b:77:46:
         8f:17:b8:96:95:a6:37:28:93:17:88:b2:3a:0b:cd:d2:24:8a:
         58:0d:81:a1:01:ef:8d:73:6a:47:11:e1:08:24:8e:50:e3:17:
         a9:e0:45:11:fa:16:41:20:97:9d:c8:54:36:ac:4e:e2:38:0b:
         30:9f:d8:19
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgITQHmWQ3pSFQ/B+m6NFbEnj1PSLTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyhhYjJkY2MxNjljOTVmMmIxNGRmMzFkZDI0YTFmNjcwMzRl
YTc3NzljMB4XDTI1MDUyOTE0NDEzM1oXDTI2MDUyODE0NDYzM1owMzExMC8GA1UE
AxMoMTkzODNEOUYzNjA2RUNFMTEyRDEyRDE0Rjc5RDU5RkU5MzE0RkZCNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOt6dvOSgWmtW0tV5N5De5dqPdD7
kqmsQbFmCZ0ubloYyxOHB5jXOp9bO5Ukh6xHHHK3YBwHPOdjwgPBWLp2Fh7XNWcB
PCv2+ApECk2x4jcdiH5ttaEAd3Okn7hYG+UjCNPYJ16i/pvU0ry7mU2TTXU1Rixs
LQJlHnfyS2htsw4eten+wAB0FNb7uy17zTX5p38odBQoYWFF1AnO87XQ2piTL+ev
hpQblEePKeiWaSioXwZgt2iJAxvVLQSdAtjKun/O6VoT4s/YIuvUasBK04UBRJMR
jdaG8bcCZ2MgIPYK22xZkrXLVPenmpcTaqeYvJsxTvEMbI9kozA5bcIr2XkCAwEA
AaOCAjswggI3MB0GA1UdDgQWBBQZOD2fNgbs4RLRLRT3nVn+kxT/tTAfBgNVHSME
GDAWgBSrLcwWnJXysU3zHdJKH2cDTqd3nDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9mZTM3MDhhMC02N2Q1LTRhYzItYWJjNC1hMzMyNTkwYjk5
YWYvNC9BQjJEQ0MxNjlDOTVGMkIxNERGMzFERDI0QTFGNjcwMzRFQTc3NzlDLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcXkzTUZweVY4ckZOOHgzU1NoOW5BMDZu
ZDV3LmNlcjCBqwYIKwYBBQUHAQsEgZ4wgZswgZgGCCsGAQUFBzALhoGLcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9mZTM3MDhhMC02
N2Q1LTRhYzItYWJjNC1hMzMyNTkwYjk5YWYvNC8zNjMyMmUzNzMyMmUzNDM0MmUz
MDJmMzIzMjJkMzMzMjIwM2QzZTIwMzEzNDMxMzkzOTM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPkgs
MA0GCSqGSIb3DQEBCwUAA4IBAQAU6uW2WPCgAQHnNlakYHYcyA3r7pm7Cua9OwDl
eQMxqRqNS/ybF9ri4M7VU+i/+fT2W9qUqOMEUBH2m+WVWZS3X+oRpwwzd7WdzKP4
LXJDM6/MZtB70ySC0igBbLyntaP278ZjaGgWqGM8w+nSnay3pQlX0v6aLfptdERX
uLHXEsCICA3rmlUzuz7PkrQHzPIEbEGKtv+ElvOPgUTKagNeJHVTw63GKkQKT30r
YNDgwqBes6/tI9CWPA5DPB7uuFPZMfZLd0aPF7iWlaY3KJMXiLI6C83SJIpYDYGh
Ae+Nc2pHEeEIJI5Q4xep4EUR+hZBIJedyFQ2rE7iOAswn9gZ
-----END CERTIFICATE-----