Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e35362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          gtj1xu8wPQPCDcpTHDUtNrs5TBmqQhXTFtByrDqzYlU=
Subject key identifier:   B7:5C:D5:FB:45:EE:7B:69:69:99:9E:24:BA:F3:26:2E:74:11:6D:EE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4C66E96FEC838815F8B3C596D331BC888AC6FC8A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 18 Aug 2023 06:43:25 +0000
ROA not before:           Fri 18 Aug 2023 06:38:25 +0000
ROA not after:            Fri 16 Aug 2024 06:43:25 +0000
asID:                     47583
IP address blocks:        62.72.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:66:e9:6f:ec:83:88:15:f8:b3:c5:96:d3:31:bc:88:8a:c6:fc:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 18 06:38:25 2023 GMT
            Not After : Aug 16 06:43:25 2024 GMT
        Subject: CN=B75CD5FB45EE7B6969999E24BAF3262E74116DEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c9:3c:f8:75:d6:04:70:84:5f:a6:3f:0a:bb:
                    7d:20:bf:57:1d:08:7b:0f:e7:3c:9f:f6:eb:bb:58:
                    8b:d8:2d:0c:4f:07:7f:4a:d1:1e:43:d4:11:71:55:
                    7f:f1:65:24:5d:4b:7f:cf:d9:d7:06:79:a3:ed:5d:
                    27:96:e9:de:82:6c:fc:83:ff:49:7f:7a:7a:eb:4a:
                    21:12:49:31:df:1f:37:5c:a8:da:9a:01:39:39:23:
                    5f:50:37:9c:a5:84:4f:bb:eb:28:e2:7d:cd:3c:69:
                    10:b7:e8:dd:0d:1a:15:eb:21:24:e6:07:ef:ed:4a:
                    a7:4b:7c:5f:2f:80:8d:09:b5:4e:3b:eb:67:47:13:
                    be:34:83:95:dc:af:7d:fa:b8:e1:f7:62:81:5e:ff:
                    f9:3e:93:92:ee:e9:0f:76:aa:5f:3a:62:c4:b5:46:
                    34:40:1e:9d:72:90:d4:65:3d:74:db:da:8f:76:8d:
                    52:bb:1a:9a:8e:d1:55:af:1d:57:0c:2e:32:6e:ea:
                    3e:cd:73:81:2e:01:16:4d:35:48:01:30:f3:28:58:
                    ad:16:4e:49:2f:67:5f:d5:3a:60:0c:03:c2:d7:00:
                    c4:eb:58:9e:f0:cc:4c:ac:a1:68:7b:43:1d:a1:c3:
                    57:bb:5a:60:02:40:b2:77:47:08:9b:9c:05:bf:ad:
                    5a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:5C:D5:FB:45:EE:7B:69:69:99:9E:24:BA:F3:26:2E:74:11:6D:EE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e35362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:fa:6c:fc:4e:4e:78:ed:83:4f:42:7e:03:47:b6:f5:7f:71:
         d9:6d:b0:43:7e:f6:69:9f:73:a8:b7:1c:b4:5c:ba:13:89:f5:
         f8:e6:70:9f:23:4f:63:bf:e4:af:8b:02:fc:dd:91:af:7e:7a:
         32:0c:b1:62:64:93:ed:1b:91:4f:36:a1:10:b0:5f:fc:13:8e:
         44:9c:d7:3a:90:ca:5f:fa:98:0c:7f:dc:05:b7:e2:65:b9:38:
         a0:fb:4d:d7:19:f1:9a:d0:95:a0:71:03:eb:67:7f:70:13:9d:
         26:45:84:62:bd:06:8e:9b:7a:6c:66:f3:c5:24:13:25:99:fd:
         a5:30:29:54:7e:0d:94:bc:9d:8e:cb:14:0f:20:cc:9b:56:b5:
         d1:5b:d3:61:9c:fc:6e:1a:e1:eb:ce:c7:b3:41:86:4d:6c:e4:
         c7:2e:ff:f8:5e:d4:b0:e0:07:f7:a2:18:fe:4c:5a:1f:06:62:
         76:ed:25:a0:92:37:e2:0e:46:99:50:b2:0f:92:cd:ce:a1:26:
         52:b8:69:86:09:df:d7:22:90:95:3c:c0:5a:29:cb:38:46:52:
         e9:a6:42:53:9d:3b:7b:9b:8e:b6:33:b6:4c:a5:fa:25:87:c0:
         ad:f2:10:ee:19:75:2c:cc:70:4c:e8:72:ff:e3:44:37:bf:5b:
         61:5f:de:59
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTGbpb+yDiBX4s8WW0zG8iIrG/IowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MTgwNjM4MjVaFw0yNDA4MTYwNjQzMjVaMDMxMTAvBgNV
BAMTKEI3NUNENUZCNDVFRTdCNjk2OTk5OUUyNEJBRjMyNjJFNzQxMTZERUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbyTz4ddYEcIRfpj8Ku30gv1cd
CHsP5zyf9uu7WIvYLQxPB39K0R5D1BFxVX/xZSRdS3/P2dcGeaPtXSeW6d6CbPyD
/0l/enrrSiESSTHfHzdcqNqaATk5I19QN5ylhE+76yjifc08aRC36N0NGhXrISTm
B+/tSqdLfF8vgI0JtU4762dHE740g5Xcr336uOH3YoFe//k+k5Lu6Q92ql86YsS1
RjRAHp1ykNRlPXTb2o92jVK7GpqO0VWvHVcMLjJu6j7Nc4EuARZNNUgBMPMoWK0W
TkkvZ1/VOmAMA8LXAMTrWJ7wzEysoWh7Qx2hw1e7WmACQLJ3RwibnAW/rVqdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUt1zV+0Xue2lpmZ4kuvMmLnQRbe4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzUzNjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SDgw
DQYJKoZIhvcNAQELBQADggEBAFv6bPxOTnjtg09CfgNHtvV/cdltsEN+9mmfc6i3
HLRcuhOJ9fjmcJ8jT2O/5K+LAvzdka9+ejIMsWJkk+0bkU82oRCwX/wTjkSc1zqQ
yl/6mAx/3AW34mW5OKD7TdcZ8ZrQlaBxA+tnf3ATnSZFhGK9Bo6bemxm88UkEyWZ
/aUwKVR+DZS8nY7LFA8gzJtWtdFb02Gc/G4a4evOx7NBhk1s5Mcu//he1LDgB/ei
GP5MWh8GYnbtJaCSN+IORplQsg+Szc6hJlK4aYYJ39cikJU8wFopyzhGUummQlOd
O3ubjrYztkyl+iWHwK3yEO4ZdSzMcEzocv/jRDe/W2Ff3lk=
-----END CERTIFICATE-----