Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e382e302f32322d3232203d3e203437353833.roa
File:                     36322e37322e382e302f32322d3232203d3e203437353833.roa (raw, json)
Hash identifier:          FtrctFVXAAzRW+pFz0zVoTg561R56J04a2VfuzItSDQ=
Subject key identifier:   BA:39:C4:CA:CC:6C:42:EB:30:ED:84:E0:6F:62:09:DA:19:68:BE:79
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0CD74E091E68A86ED385CFA0C61EC17D18A8429C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e382e302f32322d3232203d3e203437353833.roa
Signing time:             Wed 12 Jul 2023 18:15:53 +0000
ROA not before:           Wed 12 Jul 2023 18:10:53 +0000
ROA not after:            Wed 10 Jul 2024 18:15:53 +0000
asID:                     47583
IP address blocks:        62.72.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:d7:4e:09:1e:68:a8:6e:d3:85:cf:a0:c6:1e:c1:7d:18:a8:42:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 12 18:10:53 2023 GMT
            Not After : Jul 10 18:15:53 2024 GMT
        Subject: CN=BA39C4CACC6C42EB30ED84E06F6209DA1968BE79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e6:79:8b:61:1e:73:e8:01:3d:88:4c:35:66:
                    3b:59:30:f6:39:ff:33:a0:61:ff:ee:d1:70:3a:31:
                    d2:19:e0:ab:01:38:89:66:29:8e:7f:d3:82:30:bf:
                    6a:39:71:23:f9:e1:d1:39:d7:b7:15:69:af:5d:8b:
                    9b:0a:db:55:aa:34:4d:ca:5e:2d:89:f4:9d:df:2a:
                    da:57:07:b3:1c:3d:f9:db:03:e3:20:5f:73:6f:91:
                    88:a5:8a:60:03:52:e3:ae:85:fd:9a:a1:6d:54:e1:
                    2b:83:70:83:c9:1b:7a:48:77:95:79:e6:2c:99:d2:
                    6a:e3:d4:f3:0e:b4:5b:4f:3d:de:5b:25:a0:00:f3:
                    a8:5b:c2:0a:e7:d2:60:a3:7c:09:f5:c0:60:c2:00:
                    db:60:d8:dc:29:8f:87:6b:01:bf:18:19:a2:51:0f:
                    8e:bd:fa:d4:65:4c:39:ab:fa:c2:ca:1c:02:b0:20:
                    47:9a:7a:c7:c9:64:80:06:9f:e7:db:1d:12:ac:e1:
                    ba:01:58:0b:c5:c7:50:94:fb:b4:4f:b2:70:31:3d:
                    65:42:19:e9:04:bf:3f:63:61:2c:e2:81:2b:24:cf:
                    21:06:4b:eb:62:6b:25:6f:b1:fb:9f:d5:94:ab:ad:
                    62:81:82:b9:80:da:36:93:7e:ae:01:b9:32:cd:44:
                    71:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:39:C4:CA:CC:6C:42:EB:30:ED:84:E0:6F:62:09:DA:19:68:BE:79
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e382e302f32322d3232203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:c8:55:77:3f:06:a3:63:96:d7:ae:45:64:6e:1e:45:a9:b2:
         b0:51:22:22:16:46:f6:46:a8:e6:44:84:2e:6b:1f:b4:8f:98:
         71:bb:b8:59:05:ed:75:0d:3a:2d:4c:c9:cf:1b:55:43:b4:a2:
         03:8d:68:4e:50:d6:0d:91:c1:b9:96:5a:fc:ca:3d:5e:5e:df:
         fe:11:f4:e5:b4:1c:54:db:75:6c:9f:8e:d7:74:4a:fc:f3:0a:
         c1:2e:62:8e:d5:74:48:d1:0f:7f:79:77:88:84:a7:a1:5f:da:
         1f:22:72:60:04:e4:4d:59:5b:57:ac:46:44:04:87:d0:2f:07:
         f4:d1:4a:e2:22:df:58:1b:af:db:8b:ba:b4:ec:02:55:a1:7c:
         bf:2b:d1:2d:ae:7d:43:22:b6:61:57:ea:d7:ef:a0:d3:9b:eb:
         11:02:89:65:9c:30:b7:76:ec:75:dc:fe:1c:25:c7:9a:9e:29:
         47:ad:04:ef:33:7c:56:6c:6a:0c:6b:a8:6c:86:f6:05:dd:22:
         d6:b2:5a:26:02:e7:f3:07:77:5a:b3:ac:f1:a1:f8:87:f3:c5:
         64:6d:9a:eb:f4:54:02:89:86:9b:34:4a:34:93:15:76:48:08:
         b2:d8:6f:de:a4:86:01:5f:2e:22:6d:08:a5:1f:c1:f1:39:ca:
         15:7c:57:7f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDNdOCR5oqG7Thc+gxh7BfRioQpwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA3MTIxODEwNTNaFw0yNDA3MTAxODE1NTNaMDMxMTAvBgNV
BAMTKEJBMzlDNENBQ0M2QzQyRUIzMEVEODRFMDZGNjIwOURBMTk2OEJFNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh5nmLYR5z6AE9iEw1ZjtZMPY5
/zOgYf/u0XA6MdIZ4KsBOIlmKY5/04Iwv2o5cSP54dE517cVaa9di5sK21WqNE3K
Xi2J9J3fKtpXB7McPfnbA+MgX3NvkYilimADUuOuhf2aoW1U4SuDcIPJG3pId5V5
5iyZ0mrj1PMOtFtPPd5bJaAA86hbwgrn0mCjfAn1wGDCANtg2Nwpj4drAb8YGaJR
D469+tRlTDmr+sLKHAKwIEeaesfJZIAGn+fbHRKs4boBWAvFx1CU+7RPsnAxPWVC
GekEvz9jYSzigSskzyEGS+tiayVvsfuf1ZSrrWKBgrmA2jaTfq4BuTLNRHE7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUujnEysxsQusw7YTgb2IJ2hlovnkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzgyZTMw
MmYzMjMyMmQzMjMyMjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPkgIMA0G
CSqGSIb3DQEBCwUAA4IBAQApyFV3PwajY5bXrkVkbh5FqbKwUSIiFkb2RqjmRIQu
ax+0j5hxu7hZBe11DTotTMnPG1VDtKIDjWhOUNYNkcG5llr8yj1eXt/+EfTltBxU
23Vsn47XdEr88wrBLmKO1XRI0Q9/eXeIhKehX9ofInJgBORNWVtXrEZEBIfQLwf0
0UriIt9YG6/bi7q07AJVoXy/K9Etrn1DIrZhV+rX76DTm+sRAollnDC3dux13P4c
JceanilHrQTvM3xWbGoMa6hshvYF3SLWslomAufzB3das6zxofiH88VkbZrr9FQC
iYabNEo0kxV2SAiy2G/epIYBXy4ibQilH8HxOcoVfFd/
-----END CERTIFICATE-----