Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e35362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          bHMuNuEZdDh7maA0n4eJEQA64zUT+B39+Z+BVRTXMHw=
Subject key identifier:   FC:8C:FA:D9:C2:13:5C:80:09:14:EA:94:FE:CB:BD:8E:7C:13:ED:D2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6C66602B628C8CBCBD366439CF6AF849AB48BFE8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 19 Jul 2024 07:04:15 +0000
ROA not before:           Fri 19 Jul 2024 06:59:15 +0000
ROA not after:            Fri 18 Jul 2025 07:04:15 +0000
asID:                     47583
IP address blocks:        62.72.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:66:60:2b:62:8c:8c:bc:bd:36:64:39:cf:6a:f8:49:ab:48:bf:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 19 06:59:15 2024 GMT
            Not After : Jul 18 07:04:15 2025 GMT
        Subject: CN=FC8CFAD9C2135C800914EA94FECBBD8E7C13EDD2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:78:9e:e3:c2:05:d6:e4:56:a2:51:8f:e6:d4:
                    83:b7:0a:b6:6d:ba:e2:10:93:b9:b1:8d:c8:b2:b0:
                    41:ec:7b:37:32:c6:47:b1:50:4e:57:6f:3a:2f:f6:
                    26:f6:d3:5d:85:45:56:a8:4b:3c:ef:0f:dd:34:e4:
                    84:a8:b5:09:ce:bc:e1:0f:5e:ab:38:79:d6:35:19:
                    30:53:0a:e2:63:74:d8:15:e3:5c:2b:35:a3:ca:51:
                    7e:8b:ef:56:a2:0f:84:29:a2:55:c5:13:13:96:4f:
                    e1:1c:9f:9e:a7:20:db:62:46:1e:2c:eb:3f:89:67:
                    7f:18:05:9f:45:72:30:2b:08:64:23:4e:15:fb:c3:
                    10:98:3a:d9:da:c9:99:45:92:25:a2:c0:58:99:a5:
                    e1:3f:ed:78:2a:83:0d:1c:54:67:e1:b0:73:b6:03:
                    bc:94:bb:d5:4f:3d:58:27:2c:9f:05:c9:0d:79:80:
                    b1:9e:5e:3a:8b:12:08:57:8c:0c:1a:69:87:28:23:
                    2c:82:12:14:2f:d7:e7:98:ae:46:a3:ee:91:f1:47:
                    72:aa:f4:6e:b7:66:ab:1c:33:8a:c1:ca:fb:69:31:
                    a4:24:f1:03:66:1d:86:13:6c:d1:b0:1d:f7:cd:ba:
                    50:6d:15:5f:a2:d7:d1:7a:8e:2e:29:39:8a:61:65:
                    a2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:8C:FA:D9:C2:13:5C:80:09:14:EA:94:FE:CB:BD:8E:7C:13:ED:D2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:ed:ae:3d:8f:fb:7e:7c:f2:8e:a4:0a:2b:14:b2:e7:d6:27:
         7f:50:67:10:42:9d:3b:8a:8b:7e:09:f2:06:cb:62:df:e2:ae:
         f5:c5:ca:11:1c:73:ac:99:22:26:cc:d4:3b:74:e4:67:2f:f8:
         5d:64:10:d7:37:96:ca:d2:f4:86:4d:25:e9:25:15:26:64:03:
         26:37:67:8e:0d:aa:24:e0:f7:45:bd:d3:2b:ce:4c:a1:b5:33:
         21:75:7d:0f:35:fa:e4:82:4c:13:7d:d7:ff:f0:46:ab:e1:ae:
         21:6d:63:b7:31:66:58:69:d3:06:c1:b2:19:85:65:9b:a5:38:
         6d:fb:3f:39:09:99:c3:70:1f:25:0a:96:e7:e4:66:27:d4:cf:
         ed:d2:9d:91:ab:91:71:88:e6:6e:b7:e3:6a:eb:9e:2d:32:53:
         b2:ab:69:98:df:94:80:f5:6f:07:9c:33:80:0f:c2:0a:64:46:
         11:9a:b0:50:d9:c0:75:88:61:6d:ea:f1:16:9b:f5:a1:b6:9e:
         38:6b:8c:ad:bc:48:23:f5:85:75:9b:6a:cd:90:48:d1:fb:ea:
         42:fa:76:21:a3:ed:17:1f:c0:7a:5c:7b:c4:13:06:7f:f1:6b:
         d5:bf:e7:6b:3c:5e:60:10:f2:c8:d5:9f:4d:b9:bd:f5:b8:4c:
         ff:d6:fb:f0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbGZgK2KMjLy9NmQ5z2r4SatIv+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MTkwNjU5MTVaFw0yNTA3MTgwNzA0MTVaMDMxMTAvBgNV
BAMTKEZDOENGQUQ5QzIxMzVDODAwOTE0RUE5NEZFQ0JCRDhFN0MxM0VERDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDeJ7jwgXW5FaiUY/m1IO3CrZt
uuIQk7mxjciysEHsezcyxkexUE5Xbzov9ib2012FRVaoSzzvD9005ISotQnOvOEP
Xqs4edY1GTBTCuJjdNgV41wrNaPKUX6L71aiD4QpolXFExOWT+Ecn56nINtiRh4s
6z+JZ38YBZ9FcjArCGQjThX7wxCYOtnayZlFkiWiwFiZpeE/7Xgqgw0cVGfhsHO2
A7yUu9VPPVgnLJ8FyQ15gLGeXjqLEghXjAwaaYcoIyyCEhQv1+eYrkaj7pHxR3Kq
9G63ZqscM4rByvtpMaQk8QNmHYYTbNGwHffNulBtFV+i19F6ji4pOYphZaLTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU/Iz62cITXIAJFOqU/su9jnwT7dIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzUzNjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SDgw
DQYJKoZIhvcNAQELBQADggEBACjtrj2P+3588o6kCisUsufWJ39QZxBCnTuKi34J
8gbLYt/irvXFyhEcc6yZIibM1Dt05Gcv+F1kENc3lsrS9IZNJeklFSZkAyY3Z44N
qiTg90W90yvOTKG1MyF1fQ81+uSCTBN91//wRqvhriFtY7cxZlhp0wbBshmFZZul
OG37PzkJmcNwHyUKlufkZifUz+3SnZGrkXGI5m6342rrni0yU7KraZjflID1bwec
M4APwgpkRhGasFDZwHWIYW3q8Rab9aG2njhrjK28SCP1hXWbas2QSNH76kL6diGj
7RcfwHpce8QTBn/xa9W/52s8XmAQ8sjVn025vfW4TP/W+/A=
-----END CERTIFICATE-----