Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32312d3231203d3e203437353833.roa
File:                     36322e37322e35362e302f32312d3231203d3e203437353833.roa (raw, json)
Hash identifier:          9UgimN4vBAAYlkCeZJceYwCqY1Y+NPrY52oLt+tw2xE=
Subject key identifier:   AF:D1:99:A1:8D:00:23:C4:CE:71:1B:36:F9:C7:C2:72:FA:C3:AA:30
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5330BDD59581F0C4D803447974DA33333D99B5E8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32312d3231203d3e203437353833.roa
Signing time:             Tue 08 Aug 2023 07:35:20 +0000
ROA not before:           Tue 08 Aug 2023 07:30:20 +0000
ROA not after:            Tue 06 Aug 2024 07:35:20 +0000
asID:                     47583
IP address blocks:        62.72.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:30:bd:d5:95:81:f0:c4:d8:03:44:79:74:da:33:33:3d:99:b5:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug  8 07:30:20 2023 GMT
            Not After : Aug  6 07:35:20 2024 GMT
        Subject: CN=AFD199A18D0023C4CE711B36F9C7C272FAC3AA30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:44:0b:8e:47:e7:b7:4d:51:a7:b1:b3:81:44:
                    b1:74:c0:fe:de:89:00:4b:d0:f8:c0:db:5e:c1:f9:
                    7f:53:d9:0e:77:9a:71:ea:6d:9b:e9:a5:8a:6e:f1:
                    7f:a1:85:b7:c1:a7:de:27:9c:9a:b7:07:a2:45:e5:
                    47:57:17:e2:f2:a6:b3:bf:04:aa:53:f2:c7:b9:c4:
                    0c:d2:ff:ab:9d:e8:1e:eb:82:d1:f3:75:61:83:cb:
                    b0:9a:7d:8e:5d:ff:bc:b9:a8:84:6b:0c:d4:af:4e:
                    41:4a:0d:14:83:2b:80:d0:13:60:82:7b:2f:23:43:
                    51:0a:da:1b:72:ba:cb:1b:d2:d8:5b:49:a1:e9:ca:
                    fe:38:e3:50:4b:cb:83:07:f1:cb:07:f0:1f:51:30:
                    ee:a4:4b:43:2a:f2:7c:15:aa:7e:a5:2a:28:17:99:
                    91:6b:5c:20:38:7b:a5:2e:26:d0:0e:8b:cc:7c:d0:
                    be:67:5b:00:7f:ec:83:de:84:61:7b:74:de:5a:41:
                    06:7c:69:61:80:0f:79:2a:76:e8:b4:2c:70:6c:b9:
                    36:f5:f4:8c:1f:80:85:ae:45:a1:84:65:85:a9:12:
                    b0:00:b2:8a:80:69:02:3b:9d:4d:2c:80:55:87:73:
                    4a:0f:da:5a:30:d4:f7:a9:40:d4:6e:13:84:d6:2c:
                    77:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D1:99:A1:8D:00:23:C4:CE:71:1B:36:F9:C7:C2:72:FA:C3:AA:30
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32312d3231203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         96:0b:87:39:89:e7:cb:ab:46:6a:a2:20:b8:47:f0:a6:32:56:
         ef:f9:e8:00:7f:a7:18:e9:ab:5e:2c:2c:64:aa:23:d0:37:27:
         4f:7d:20:36:e0:0e:8d:8f:4b:91:b2:ee:52:db:ac:93:63:99:
         9a:94:16:37:31:5e:32:95:6e:db:7f:f0:9c:a3:72:05:b7:29:
         9c:03:00:64:95:41:51:63:f5:fc:cd:c7:c9:4b:fa:83:ea:6e:
         fa:bd:8d:1b:a2:e0:2f:fe:20:f9:ef:b1:95:cc:16:7a:db:5f:
         ab:02:8d:f9:c5:cf:29:e6:e3:30:d9:49:90:60:8b:89:91:ba:
         02:b2:fb:a2:8f:02:e6:17:17:7b:97:3a:73:ba:af:cd:37:9e:
         36:f4:47:ae:2e:3b:6d:88:c1:a9:f5:5e:54:28:32:1b:eb:e9:
         45:cc:9b:3c:3b:9b:cf:c3:c9:ae:33:6c:79:d8:24:6b:21:c8:
         10:41:44:87:d3:8b:53:7c:cd:2d:ef:3c:4d:03:75:8d:ef:86:
         bf:f7:3b:d7:2c:0b:2e:33:16:df:36:cb:9b:27:4f:ab:97:4c:
         5b:74:cd:9b:1b:a7:d4:b5:7a:08:e5:de:c9:68:8e:fc:76:51:
         a5:e2:b3:32:ae:6d:de:58:b4:87:1f:64:71:8b:20:2d:f4:7b:
         f8:d6:1c:ce
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUzC91ZWB8MTYA0R5dNozMz2ZtegwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MDgwNzMwMjBaFw0yNDA4MDYwNzM1MjBaMDMxMTAvBgNV
BAMTKEFGRDE5OUExOEQwMDIzQzRDRTcxMUIzNkY5QzdDMjcyRkFDM0FBMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJRAuOR+e3TVGnsbOBRLF0wP7e
iQBL0PjA217B+X9T2Q53mnHqbZvppYpu8X+hhbfBp94nnJq3B6JF5UdXF+LyprO/
BKpT8se5xAzS/6ud6B7rgtHzdWGDy7CafY5d/7y5qIRrDNSvTkFKDRSDK4DQE2CC
ey8jQ1EK2htyussb0thbSaHpyv4441BLy4MH8csH8B9RMO6kS0Mq8nwVqn6lKigX
mZFrXCA4e6UuJtAOi8x80L5nWwB/7IPehGF7dN5aQQZ8aWGAD3kqdui0LHBsuTb1
9IwfgIWuRaGEZYWpErAAsoqAaQI7nU0sgFWHc0oP2low1PepQNRuE4TWLHf7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUr9GZoY0AI8TOcRs2+cfCcvrDqjAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzUzNjJl
MzAyZjMyMzEyZDMyMzEyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAM+SDgw
DQYJKoZIhvcNAQELBQADggEBAJYLhzmJ58urRmqiILhH8KYyVu/56AB/pxjpq14s
LGSqI9A3J099IDbgDo2PS5Gy7lLbrJNjmZqUFjcxXjKVbtt/8JyjcgW3KZwDAGSV
QVFj9fzNx8lL+oPqbvq9jRui4C/+IPnvsZXMFnrbX6sCjfnFzynm4zDZSZBgi4mR
ugKy+6KPAuYXF3uXOnO6r803njb0R64uO22Iwan1XlQoMhvr6UXMmzw7m8/Dya4z
bHnYJGshyBBBRIfTi1N8zS3vPE0DdY3vhr/3O9csCy4zFt82y5snT6uXTFt0zZsb
p9S1egjl3slojvx2UaXiszKubd5YtIcfZHGLIC30e/jWHM4=
-----END CERTIFICATE-----