Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34382e302f32312d3234203d3e203437353833.roa
File:                     36322e37322e34382e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          vkVe/eTA4YcMJYy8B7F/rQZBW6t7qnD1eKo7UWRCTu8=
Subject key identifier:   8A:3C:62:13:3B:61:03:39:29:0D:A4:BF:3D:70:39:FB:9D:24:D7:78
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       10B55E42A3DF3792B5A4FEEBD38DCE49EA7C4BC6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34382e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:19 +0000
ROA not before:           Thu 15 May 2025 10:41:19 +0000
ROA not after:            Thu 14 May 2026 10:46:19 +0000
asID:                     47583
IP address blocks:        62.72.48.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:b5:5e:42:a3:df:37:92:b5:a4:fe:eb:d3:8d:ce:49:ea:7c:4b:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:19 2025 GMT
            Not After : May 14 10:46:19 2026 GMT
        Subject: CN=8A3C62133B610339290DA4BF3D7039FB9D24D778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:96:03:9d:64:c9:b7:1f:8d:f2:e1:1c:0d:01:
                    10:1b:5b:39:b5:65:86:c6:7a:64:02:d5:fc:be:ba:
                    92:ea:ad:74:5d:a7:78:cb:a2:d7:f8:43:1d:3b:d3:
                    ed:55:96:f7:bd:f0:1e:de:1b:0e:69:16:df:05:9d:
                    7a:4e:5e:81:91:17:80:f6:d0:e0:43:2b:37:d6:22:
                    76:60:4c:b6:79:e3:61:f1:55:a7:1f:dc:b9:c5:9e:
                    36:e2:35:46:36:ce:f2:fa:d0:91:e6:ee:c5:32:65:
                    3b:fd:dc:4a:2e:50:80:94:ba:65:da:23:67:e2:2f:
                    f8:40:28:5b:b3:84:db:fc:64:2a:b1:6e:bb:cf:15:
                    2f:df:69:cf:7c:b6:49:0e:81:cb:60:5a:c9:a8:30:
                    65:c4:10:3b:3b:b6:60:3e:fd:00:30:4c:71:f0:0c:
                    f0:37:b8:a7:09:50:9b:ed:67:75:a6:b2:73:2b:e1:
                    2a:b1:37:a4:10:62:52:50:0a:de:8f:47:fc:3f:74:
                    85:43:df:79:8e:ff:b5:30:b6:6c:f9:6f:44:3e:28:
                    ca:cb:ef:60:f2:a3:f7:56:24:13:30:2e:dc:56:12:
                    f5:82:53:58:2f:fc:cc:1a:72:c9:e3:42:d8:42:9a:
                    f3:8e:a2:94:39:54:85:a8:5f:33:a1:36:70:8b:6c:
                    c1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:3C:62:13:3B:61:03:39:29:0D:A4:BF:3D:70:39:FB:9D:24:D7:78
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34382e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:ac:5b:c9:38:0e:b7:92:af:10:48:6d:05:1e:7b:e4:52:6e:
         78:d5:1f:d1:34:dd:bf:f9:90:a7:de:a0:49:26:f2:3e:58:60:
         79:c5:88:c7:26:76:95:9b:bd:36:7d:58:4d:da:b9:da:31:b4:
         2d:7a:d7:d6:9c:86:2e:33:5a:c3:68:24:25:95:f7:2c:f9:3b:
         14:5f:b9:f7:58:4c:9a:88:71:81:d1:01:6f:41:b7:17:ef:17:
         86:82:4a:03:ac:a8:44:59:9d:57:af:6c:29:76:1c:a7:62:18:
         27:23:4f:69:f4:9e:9d:7f:05:9e:08:81:e7:20:e9:b6:a9:45:
         48:ae:e4:94:7c:0b:32:94:06:de:45:02:20:77:be:d4:bc:bf:
         6d:bf:f5:3d:e4:17:78:55:4d:47:d4:a1:90:6a:3e:86:db:c9:
         f5:f1:eb:27:40:7f:5d:fe:2e:45:3a:5d:d1:a3:34:c6:26:b0:
         f1:13:dd:8c:c8:86:2b:63:52:19:b3:8d:38:41:06:3a:63:58:
         85:e5:53:9e:7c:f7:5c:21:48:cb:a2:42:78:8b:d9:1b:a4:a7:
         7c:7b:22:e1:dc:9c:48:2e:89:5f:e5:15:c8:98:b1:8c:ab:0f:
         0f:73:fd:80:a2:ff:1c:8d:8a:c7:86:06:66:fe:c5:6c:9e:00:
         19:d7:ef:e2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUELVeQqPfN5K1pP7r043OSep8S8YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTlaFw0yNjA1MTQxMDQ2MTlaMDMxMTAvBgNV
BAMTKDhBM0M2MjEzM0I2MTAzMzkyOTBEQTRCRjNENzAzOUZCOUQyNEQ3NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSlgOdZMm3H43y4RwNARAbWzm1
ZYbGemQC1fy+upLqrXRdp3jLotf4Qx070+1Vlve98B7eGw5pFt8FnXpOXoGRF4D2
0OBDKzfWInZgTLZ542HxVacf3LnFnjbiNUY2zvL60JHm7sUyZTv93EouUICUumXa
I2fiL/hAKFuzhNv8ZCqxbrvPFS/fac98tkkOgctgWsmoMGXEEDs7tmA+/QAwTHHw
DPA3uKcJUJvtZ3WmsnMr4SqxN6QQYlJQCt6PR/w/dIVD33mO/7Uwtmz5b0Q+KMrL
72Dyo/dWJBMwLtxWEvWCU1gv/MwacsnjQthCmvOOopQ5VIWoXzOhNnCLbMFXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUijxiEzthAzkpDaS/PXA5+50k13gwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzQzODJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAM+SDAw
DQYJKoZIhvcNAQELBQADggEBAAmsW8k4DreSrxBIbQUee+RSbnjVH9E03b/5kKfe
oEkm8j5YYHnFiMcmdpWbvTZ9WE3audoxtC1619achi4zWsNoJCWV9yz5OxRfufdY
TJqIcYHRAW9BtxfvF4aCSgOsqERZnVevbCl2HKdiGCcjT2n0np1/BZ4Igecg6bap
RUiu5JR8CzKUBt5FAiB3vtS8v22/9T3kF3hVTUfUoZBqPobbyfXx6ydAf13+LkU6
XdGjNMYmsPET3YzIhitjUhmzjThBBjpjWIXlU55891whSMuiQniL2Rukp3x7IuHc
nEguiV/lFciYsYyrDw9z/YCi/xyNiseGBmb+xWyeABnX7+I=
-----END CERTIFICATE-----