Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e36302e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e36302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          uAVsZbVhOHODKsB6Cs9gj4UmkPcn7lCWhKOi3hC2uIc=
Subject key identifier:   10:64:0C:56:16:FB:33:1A:3E:71:4A:01:32:9B:10:C7:AD:F8:D4:45
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       55646ABA0179B912A6241DB346CB104E3DA0F308
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e36302e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 22 May 2026 08:24:24 +0000
ROA not before:           Fri 22 May 2026 08:19:24 +0000
ROA not after:            Fri 21 May 2027 08:24:24 +0000
asID:                     47583
IP address blocks:        62.72.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:64:6a:ba:01:79:b9:12:a6:24:1d:b3:46:cb:10:4e:3d:a0:f3:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 22 08:19:24 2026 GMT
            Not After : May 21 08:24:24 2027 GMT
        Subject: CN=10640C5616FB331A3E714A01329B10C7ADF8D445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8b:5c:72:3a:31:cc:ba:85:4a:4e:bb:06:b6:
                    9c:d6:fa:3d:82:32:ef:fa:2b:39:d4:33:54:d8:d6:
                    b3:77:ff:53:41:4e:b2:cb:10:1c:46:d4:0f:0e:9b:
                    3e:29:14:e8:4b:ba:e4:1e:5c:3f:33:4c:50:76:e1:
                    62:66:eb:c6:41:b9:15:c6:ca:26:76:d7:91:09:b6:
                    d6:ea:1f:7a:b0:12:b7:a2:21:a4:a9:2d:4b:fd:89:
                    b2:9f:6e:55:cb:41:53:17:ee:39:78:6c:59:94:f8:
                    e4:bb:fd:3f:fd:ee:73:b4:32:89:7d:37:e2:44:bf:
                    ae:92:79:36:98:36:dd:c5:19:eb:02:76:26:6f:01:
                    8a:df:fe:23:9e:0d:fd:42:f7:2c:ea:0f:0b:bf:b6:
                    72:3b:82:68:78:6a:03:6e:bd:a3:60:a2:f4:db:41:
                    ad:af:f5:17:9f:04:4b:d1:e6:aa:9e:15:54:62:72:
                    0c:ab:75:e6:28:55:5b:4d:07:82:fd:d7:5a:25:f1:
                    a1:be:ff:29:b4:a7:b0:06:76:88:41:74:46:81:cf:
                    1b:9f:3e:d0:f1:2c:91:06:22:30:0c:33:52:d7:41:
                    36:3a:c4:7c:6c:0c:2a:b4:fa:7d:6f:8d:0e:d1:a0:
                    7d:9c:d9:24:e7:71:6a:86:f1:e9:ac:68:96:e1:63:
                    f1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:64:0C:56:16:FB:33:1A:3E:71:4A:01:32:9B:10:C7:AD:F8:D4:45
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e36302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:52:04:05:03:69:c6:37:5f:79:f2:5a:b1:6c:e4:15:32:8b:
         b7:ec:2b:91:84:3e:18:63:2a:c9:2a:6d:60:c8:73:a1:9d:ab:
         6e:5d:94:97:45:32:0e:e6:34:5c:bc:0e:af:1e:50:66:22:7d:
         7b:6c:89:20:5b:5a:ef:af:f8:0a:d6:92:15:a6:f0:f6:9a:96:
         a5:15:7c:24:30:28:19:36:d5:d9:9d:a6:a1:1a:69:7d:7e:99:
         75:82:f5:39:b0:9e:bd:10:de:09:bc:a9:c6:69:04:cf:21:ee:
         97:6f:eb:4e:09:ed:79:22:28:53:d8:8f:df:76:98:74:4b:c2:
         78:1b:d3:13:3e:65:96:53:67:86:db:ef:7c:fa:ba:19:78:18:
         8e:1b:a1:f2:29:f5:6a:38:be:d1:95:0e:fa:1a:8b:28:79:b0:
         6c:1a:76:fe:90:82:d4:7d:70:32:76:a1:3c:15:66:de:26:bc:
         1c:5f:1f:80:2b:fd:c5:8c:1a:9b:0c:eb:2c:f6:59:42:e2:a6:
         eb:40:9d:d0:7d:1f:9d:9c:d4:89:5b:fd:f3:4d:5b:38:5f:90:
         f2:a5:85:c6:76:30:4b:bc:35:86:d0:aa:e2:9c:db:f0:83:2b:
         5f:d0:33:3a:ef:fb:b6:ae:73:48:72:54:b4:c2:d9:d2:3d:6d:
         36:ba:07:9c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVWRqugF5uRKmJB2zRssQTj2g8wgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjIwODE5MjRaFw0yNzA1MjEwODI0MjRaMDMxMTAvBgNV
BAMTKDEwNjQwQzU2MTZGQjMzMUEzRTcxNEEwMTMyOUIxMEM3QURGOEQ0NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDei1xyOjHMuoVKTrsGtpzW+j2C
Mu/6KznUM1TY1rN3/1NBTrLLEBxG1A8Omz4pFOhLuuQeXD8zTFB24WJm68ZBuRXG
yiZ215EJttbqH3qwEreiIaSpLUv9ibKfblXLQVMX7jl4bFmU+OS7/T/97nO0Mol9
N+JEv66SeTaYNt3FGesCdiZvAYrf/iOeDf1C9yzqDwu/tnI7gmh4agNuvaNgovTb
Qa2v9RefBEvR5qqeFVRicgyrdeYoVVtNB4L911ol8aG+/ym0p7AGdohBdEaBzxuf
PtDxLJEGIjAMM1LXQTY6xHxsDCq0+n1vjQ7RoH2c2STncWqG8emsaJbhY/GZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEGQMVhb7Mxo+cUoBMpsQx6341EUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzYzMDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SDww
DQYJKoZIhvcNAQELBQADggEBABxSBAUDacY3X3nyWrFs5BUyi7fsK5GEPhhjKskq
bWDIc6Gdq25dlJdFMg7mNFy8Dq8eUGYifXtsiSBbWu+v+ArWkhWm8PaalqUVfCQw
KBk21dmdpqEaaX1+mXWC9Tmwnr0Q3gm8qcZpBM8h7pdv604J7XkiKFPYj992mHRL
wngb0xM+ZZZTZ4bb73z6uhl4GI4bofIp9Wo4vtGVDvoaiyh5sGwadv6QgtR9cDJ2
oTwVZt4mvBxfH4Ar/cWMGpsM6yz2WULiputAndB9H52c1Ilb/fNNWzhfkPKlhcZ2
MEu8NYbQquKc2/CDK1/QMzrv+7auc0hyVLTC2dI9bTa6B5w=
-----END CERTIFICATE-----