Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34382e302f32312d3234203d3e203437353833.roa
File:                     36322e37322e34382e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          6k5NdODOMiEgyoyTs/rHkqUDvslt3Bv/0S4IevNctzg=
Subject key identifier:   89:04:46:A6:F5:07:E6:60:1F:EC:8B:C5:0F:D3:C4:BA:CD:AC:2D:AB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       43EB35FEAAAAF830A0F34D8F73C41D1FD7221882
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34382e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:40:53 +0000
ROA not before:           Thu 13 Jun 2024 10:35:53 +0000
ROA not after:            Thu 12 Jun 2025 10:40:53 +0000
asID:                     47583
IP address blocks:        62.72.48.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:eb:35:fe:aa:aa:f8:30:a0:f3:4d:8f:73:c4:1d:1f:d7:22:18:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:35:53 2024 GMT
            Not After : Jun 12 10:40:53 2025 GMT
        Subject: CN=890446A6F507E6601FEC8BC50FD3C4BACDAC2DAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:15:9a:59:57:15:db:0a:01:18:f6:87:21:fc:
                    92:3d:80:25:0f:33:7f:65:11:91:0d:96:b6:95:a5:
                    06:b8:1a:78:a5:87:a8:7b:d3:58:d5:69:29:41:7b:
                    7b:eb:75:d2:f4:14:bc:ef:5d:b7:b7:91:44:66:0b:
                    ec:f9:2e:d5:b8:06:b2:79:2e:91:cf:ad:f0:6e:fb:
                    fd:e2:61:a4:b3:72:35:60:dd:3e:03:49:ad:3d:90:
                    ac:e4:9d:c0:8a:fd:bf:5c:e0:d7:a0:89:a2:a8:65:
                    d7:13:85:59:cf:1b:13:fd:b3:e6:7e:1a:da:fe:f6:
                    e6:79:70:75:83:11:08:0c:fd:78:38:53:c1:3c:2d:
                    1c:ae:4b:d5:e5:bc:c0:f2:9d:dc:f7:f6:c4:85:1f:
                    08:b5:34:e8:34:a3:78:2e:d3:86:16:49:b6:47:e4:
                    e0:88:57:32:91:fa:97:70:44:ff:8b:ca:b4:40:0d:
                    95:a5:bd:2a:72:dc:17:36:51:82:3d:a5:f8:d3:cd:
                    87:8c:8f:c1:f8:5d:b8:88:67:5a:53:3f:bf:69:7c:
                    88:eb:60:73:f6:05:2a:6c:66:3e:3b:b6:7e:0c:b2:
                    4a:61:50:1b:60:c2:b1:7c:8b:4c:63:f0:2e:95:33:
                    d5:ed:01:17:a8:66:f5:54:4a:af:f8:3b:10:89:81:
                    37:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:04:46:A6:F5:07:E6:60:1F:EC:8B:C5:0F:D3:C4:BA:CD:AC:2D:AB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e34382e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a2:44:89:3a:01:a8:5c:3f:62:71:e7:eb:7c:27:59:29:f5:e4:
         3b:06:95:44:9e:38:72:87:39:79:83:bd:5e:49:01:52:00:61:
         2a:c1:23:54:09:c6:a8:15:c6:fc:6d:a7:68:3a:a8:0a:8c:71:
         1d:70:23:ad:0a:e6:bd:c6:51:90:e8:3b:2d:db:04:c1:c1:f8:
         35:39:ff:52:8a:7e:b3:81:22:f4:09:eb:0f:e1:3b:3f:6f:46:
         7a:10:c4:34:45:74:23:34:b5:21:d1:dd:1e:82:f4:25:a0:1c:
         f8:57:f3:e7:08:05:03:3b:d1:29:13:c7:f8:75:54:99:62:13:
         22:9c:03:4e:b7:6b:b0:cf:9d:83:c3:67:b1:d3:b2:0f:be:41:
         7b:6a:19:14:0e:53:72:52:4c:35:74:f0:73:cb:3b:f9:62:94:
         6c:6c:cb:8d:9c:d3:7e:f3:bc:a4:1d:bf:ab:75:61:e7:b5:5d:
         f5:83:9b:20:70:00:49:fe:9b:c6:fa:36:81:81:8e:be:e5:11:
         fc:2f:5a:f4:88:63:12:cc:27:1f:7a:70:f0:db:3d:f0:53:81:
         6f:e0:36:b8:ee:0c:f4:37:91:5c:e2:b7:80:d3:57:64:e6:15:
         20:31:09:b7:29:4c:5c:b6:ad:31:e2:eb:0c:de:e3:0b:ad:f0:
         ad:99:b0:c8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQ+s1/qqq+DCg802Pc8QdH9ciGIIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM1NTNaFw0yNTA2MTIxMDQwNTNaMDMxMTAvBgNV
BAMTKDg5MDQ0NkE2RjUwN0U2NjAxRkVDOEJDNTBGRDNDNEJBQ0RBQzJEQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1FZpZVxXbCgEY9och/JI9gCUP
M39lEZENlraVpQa4Gnilh6h701jVaSlBe3vrddL0FLzvXbe3kURmC+z5LtW4BrJ5
LpHPrfBu+/3iYaSzcjVg3T4DSa09kKzkncCK/b9c4NegiaKoZdcThVnPGxP9s+Z+
Gtr+9uZ5cHWDEQgM/Xg4U8E8LRyuS9XlvMDyndz39sSFHwi1NOg0o3gu04YWSbZH
5OCIVzKR+pdwRP+LyrRADZWlvSpy3Bc2UYI9pfjTzYeMj8H4XbiIZ1pTP79pfIjr
YHP2BSpsZj47tn4MskphUBtgwrF8i0xj8C6VM9XtAReoZvVUSq/4OxCJgTc1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUiQRGpvUH5mAf7IvFD9PEus2sLaswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzQzODJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAM+SDAw
DQYJKoZIhvcNAQELBQADggEBAKJEiToBqFw/YnHn63wnWSn15DsGlUSeOHKHOXmD
vV5JAVIAYSrBI1QJxqgVxvxtp2g6qAqMcR1wI60K5r3GUZDoOy3bBMHB+DU5/1KK
frOBIvQJ6w/hOz9vRnoQxDRFdCM0tSHR3R6C9CWgHPhX8+cIBQM70SkTx/h1VJli
EyKcA063a7DPnYPDZ7HTsg++QXtqGRQOU3JSTDV08HPLO/lilGxsy42c037zvKQd
v6t1Yee1XfWDmyBwAEn+m8b6NoGBjr7lEfwvWvSIYxLMJx96cPDbPfBTgW/gNrju
DPQ3kVzit4DTV2TmFSAxCbcpTFy2rTHi6wze4wut8K2ZsMg=
-----END CERTIFICATE-----