Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e36302e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e36302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          HEgZb1aQ9zGTcuM+1AVVxL0cieRu2KfUO9KWP71OrnU=
Subject key identifier:   38:57:92:86:3C:BF:23:4C:0F:16:14:B7:DF:30:3E:F4:0B:34:21:D0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7ACC44644D043572E964E420F72CDC824E2C0BFC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e36302e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 19 Jul 2024 07:04:15 +0000
ROA not before:           Fri 19 Jul 2024 06:59:15 +0000
ROA not after:            Fri 18 Jul 2025 07:04:15 +0000
asID:                     47583
IP address blocks:        62.72.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:cc:44:64:4d:04:35:72:e9:64:e4:20:f7:2c:dc:82:4e:2c:0b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 19 06:59:15 2024 GMT
            Not After : Jul 18 07:04:15 2025 GMT
        Subject: CN=385792863CBF234C0F1614B7DF303EF40B3421D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:09:8a:a7:5f:94:0e:c6:3c:7f:9b:f5:96:c1:
                    82:a9:64:aa:9c:1c:ef:3e:65:29:f5:ee:b0:94:79:
                    02:b5:b5:8d:9b:c4:2b:af:c1:d6:be:a7:2a:38:30:
                    42:f8:45:2b:7f:0f:14:7d:2c:28:d3:03:a2:60:b6:
                    02:b0:b7:6f:0a:c4:f2:a6:2b:79:68:6b:ff:5e:73:
                    a4:e7:00:d9:47:67:f3:39:b8:50:27:ee:dd:d8:85:
                    80:7f:30:f0:9c:2a:3c:3c:c7:11:06:b1:b3:75:78:
                    fa:5a:86:5e:d2:c9:90:ff:c4:f9:3c:20:c6:ad:90:
                    31:d0:da:ad:20:88:5c:ca:8f:a1:84:70:64:5a:98:
                    96:bb:ae:34:83:74:11:0c:29:c2:86:9a:5a:50:7e:
                    2b:38:54:03:1c:34:1b:d1:4f:ab:af:42:7d:5c:0c:
                    89:a5:bb:b8:37:68:d8:ff:c6:b5:54:df:82:46:aa:
                    b0:4e:98:b2:ff:02:a9:d3:b0:b5:62:15:33:5e:a7:
                    50:e3:0f:b1:d0:bc:87:57:6e:15:44:3d:52:1f:2d:
                    b1:31:ce:88:b7:24:8c:54:8d:46:21:04:c8:90:d5:
                    f1:df:99:ae:ef:50:48:c2:66:52:f8:f8:6c:21:1b:
                    00:65:1d:bd:52:1e:97:97:af:70:6c:f5:38:22:ba:
                    88:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:57:92:86:3C:BF:23:4C:0F:16:14:B7:DF:30:3E:F4:0B:34:21:D0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e36302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:23:93:12:8a:16:90:56:91:26:46:85:78:c3:d8:5f:dc:66:
         21:24:b0:fd:42:72:9d:45:f8:12:e2:e6:be:48:3d:3b:12:35:
         a2:cc:37:91:f8:2c:f5:aa:19:5c:a1:d9:74:2b:7b:0b:4f:0c:
         b4:fb:dd:3b:17:76:b5:8d:33:6a:58:1a:c3:c3:63:a1:64:70:
         26:6a:f5:a2:bc:cf:d0:42:ea:44:68:4e:a1:d2:24:f7:23:21:
         c5:25:21:83:99:fe:16:04:3b:2f:a3:fa:62:91:33:43:6c:9c:
         d7:ef:14:a5:90:c1:e5:07:37:76:c6:b8:b5:27:08:30:12:fe:
         ce:81:9d:4a:2c:0a:d9:d0:47:96:27:10:a0:f9:89:ff:4c:96:
         3d:e6:55:b4:39:1d:b1:d2:39:b6:18:dc:69:fe:88:a2:e7:d4:
         3e:58:87:ec:12:4d:74:92:f3:54:76:b6:59:1d:89:c8:5b:89:
         f5:18:d6:b1:3d:a6:2c:4c:75:c7:fc:0b:e9:cc:ad:13:4a:6a:
         e0:e6:48:c1:52:ae:fd:92:f2:f2:25:bd:42:34:05:18:fc:d2:
         5e:37:f4:14:6e:2e:29:83:fd:52:7d:6e:a5:24:c5:d4:78:90:
         28:2f:62:69:26:f2:2f:c4:0b:13:18:f7:5e:89:fe:dc:55:6f:
         f1:4a:3a:8d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUesxEZE0ENXLpZOQg9yzcgk4sC/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MTkwNjU5MTVaFw0yNTA3MTgwNzA0MTVaMDMxMTAvBgNV
BAMTKDM4NTc5Mjg2M0NCRjIzNEMwRjE2MTRCN0RGMzAzRUY0MEIzNDIxRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLCYqnX5QOxjx/m/WWwYKpZKqc
HO8+ZSn17rCUeQK1tY2bxCuvwda+pyo4MEL4RSt/DxR9LCjTA6JgtgKwt28KxPKm
K3loa/9ec6TnANlHZ/M5uFAn7t3YhYB/MPCcKjw8xxEGsbN1ePpahl7SyZD/xPk8
IMatkDHQ2q0giFzKj6GEcGRamJa7rjSDdBEMKcKGmlpQfis4VAMcNBvRT6uvQn1c
DImlu7g3aNj/xrVU34JGqrBOmLL/AqnTsLViFTNep1DjD7HQvIdXbhVEPVIfLbEx
zoi3JIxUjUYhBMiQ1fHfma7vUEjCZlL4+GwhGwBlHb1SHpeXr3Bs9TgiuogvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUOFeShjy/I0wPFhS33zA+9As0IdAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzYzMDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SDww
DQYJKoZIhvcNAQELBQADggEBADcjkxKKFpBWkSZGhXjD2F/cZiEksP1Ccp1F+BLi
5r5IPTsSNaLMN5H4LPWqGVyh2XQrewtPDLT73TsXdrWNM2pYGsPDY6FkcCZq9aK8
z9BC6kRoTqHSJPcjIcUlIYOZ/hYEOy+j+mKRM0NsnNfvFKWQweUHN3bGuLUnCDAS
/s6BnUosCtnQR5YnEKD5if9Mlj3mVbQ5HbHSObYY3Gn+iKLn1D5Yh+wSTXSS81R2
tlkdichbifUY1rE9pixMdcf8C+nMrRNKauDmSMFSrv2S8vIlvUI0BRj80l439BRu
LimD/VJ9bqUkxdR4kCgvYmkm8i/ECxMY916J/txVb/FKOo0=
-----END CERTIFICATE-----