Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e35362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          +43n3ABNdhEz206pUfzXFx4SQkahR/2zVM0TBvaOXoY=
Subject key identifier:   E8:1C:B3:31:43:C3:04:A4:5B:05:B1:DB:2E:13:D4:49:11:E1:6C:E2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       44FD11632B6123D1699DB703389681330327A50B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 22 May 2026 08:24:24 +0000
ROA not before:           Fri 22 May 2026 08:19:24 +0000
ROA not after:            Fri 21 May 2027 08:24:24 +0000
asID:                     47583
IP address blocks:        62.72.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:fd:11:63:2b:61:23:d1:69:9d:b7:03:38:96:81:33:03:27:a5:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 22 08:19:24 2026 GMT
            Not After : May 21 08:24:24 2027 GMT
        Subject: CN=E81CB33143C304A45B05B1DB2E13D44911E16CE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c4:33:40:69:7e:50:97:e1:65:f9:3b:18:f7:
                    16:15:71:07:78:e6:f7:a3:6a:f8:0f:17:ec:c4:4a:
                    a6:e5:40:f3:11:3b:df:17:27:f7:d4:d1:c3:2d:c9:
                    40:22:69:12:eb:50:0c:d8:bc:9d:33:28:6e:ad:ef:
                    cc:61:75:c8:f0:5c:e3:3b:3f:2f:02:b2:6d:1e:3d:
                    a9:1c:f0:21:f5:9f:1f:26:aa:f3:24:66:a9:15:f4:
                    a0:78:1e:ed:01:c1:6e:ec:a2:c0:98:e1:cd:9f:c8:
                    a1:4b:46:22:89:3f:39:d6:bc:9d:0d:09:b8:b2:a0:
                    07:24:74:b8:3d:13:c6:98:4c:ea:8b:e5:41:54:6d:
                    6a:a9:15:54:7d:7b:ff:8e:b1:2e:82:ae:26:bd:74:
                    6b:2a:2f:49:03:9d:b0:b7:d0:62:c6:b5:e9:af:0f:
                    d9:73:be:76:2d:f0:08:6a:1a:d8:bf:05:b2:b6:c5:
                    19:eb:dc:3a:25:72:07:8b:32:02:1d:a7:66:94:6a:
                    a8:f2:09:8e:96:b8:ce:39:2c:db:cd:b3:da:40:a7:
                    9d:4a:d0:ce:a6:d2:7e:90:7d:a7:37:cf:5a:04:b5:
                    a4:32:4a:fa:26:7e:81:67:78:b5:29:e4:72:b8:a3:
                    0b:dd:7c:62:2a:6e:02:0f:10:8f:16:19:d6:36:e1:
                    ef:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:1C:B3:31:43:C3:04:A4:5B:05:B1:DB:2E:13:D4:49:11:E1:6C:E2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:ee:35:ef:91:cc:3e:b2:8e:4a:85:40:5f:3d:67:2e:a5:7e:
         fd:9c:6f:1e:d4:4c:4d:05:2d:eb:05:45:80:1e:e0:ce:a8:9f:
         b6:12:af:54:61:80:96:bd:50:eb:f3:d3:e8:95:6b:87:89:04:
         21:1e:a2:9c:d9:fc:f3:36:27:1a:65:3b:fe:f3:4e:c3:c6:40:
         d5:cc:f0:2e:3b:d6:46:e0:26:ce:a9:dd:bc:d6:23:ae:13:b6:
         11:04:9a:13:6c:1e:ae:47:a8:45:93:9e:d5:3d:55:a4:22:56:
         65:30:93:d5:85:1e:05:ad:55:8e:48:09:8e:c7:fe:cc:e0:e0:
         3c:d9:98:6d:4a:1f:41:9c:08:0f:af:d2:67:95:d0:36:54:0a:
         6a:59:28:ca:bf:15:b9:58:14:23:07:03:ba:32:c7:0f:b9:22:
         59:1f:87:05:33:40:a8:6e:d3:cb:93:3a:26:b0:a5:cc:cc:35:
         5b:57:4c:a0:2b:18:c8:e9:11:1d:23:c9:2e:dd:97:84:99:c3:
         0f:b5:be:32:a4:01:7d:28:b2:39:7c:cd:2e:cf:c2:5b:5d:63:
         a3:8a:ef:84:b9:88:c3:3d:52:f8:e5:96:96:32:7a:90:dd:4c:
         d3:35:e0:0f:d3:2d:a8:15:c0:f1:ae:c6:f3:70:98:37:8a:be:
         7a:3b:79:24
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURP0RYythI9FpnbcDOJaBMwMnpQswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjIwODE5MjRaFw0yNzA1MjEwODI0MjRaMDMxMTAvBgNV
BAMTKEU4MUNCMzMxNDNDMzA0QTQ1QjA1QjFEQjJFMTNENDQ5MTFFMTZDRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtxDNAaX5Ql+Fl+TsY9xYVcQd4
5vejavgPF+zESqblQPMRO98XJ/fU0cMtyUAiaRLrUAzYvJ0zKG6t78xhdcjwXOM7
Py8Csm0ePakc8CH1nx8mqvMkZqkV9KB4Hu0BwW7sosCY4c2fyKFLRiKJPznWvJ0N
CbiyoAckdLg9E8aYTOqL5UFUbWqpFVR9e/+OsS6Cria9dGsqL0kDnbC30GLGtemv
D9lzvnYt8AhqGti/BbK2xRnr3DolcgeLMgIdp2aUaqjyCY6WuM45LNvNs9pAp51K
0M6m0n6Qfac3z1oEtaQySvomfoFneLUp5HK4owvdfGIqbgIPEI8WGdY24e8rAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU6ByzMUPDBKRbBbHbLhPUSRHhbOIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzUzNjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SDgw
DQYJKoZIhvcNAQELBQADggEBAHTuNe+RzD6yjkqFQF89Zy6lfv2cbx7UTE0FLesF
RYAe4M6on7YSr1RhgJa9UOvz0+iVa4eJBCEeopzZ/PM2JxplO/7zTsPGQNXM8C47
1kbgJs6p3bzWI64TthEEmhNsHq5HqEWTntU9VaQiVmUwk9WFHgWtVY5ICY7H/szg
4DzZmG1KH0GcCA+v0meV0DZUCmpZKMq/FblYFCMHA7oyxw+5IlkfhwUzQKhu08uT
OiawpczMNVtXTKArGMjpER0jyS7dl4SZww+1vjKkAX0osjl8zS7PwltdY6OK74S5
iMM9UvjllpYyepDdTNM14A/TLagVwPGuxvNwmDeKvno7eSQ=
-----END CERTIFICATE-----