Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203134363138.roa
File:                     36322e38342e3136302e302f32302d3234203d3e203134363138.roa (raw, json)
Hash identifier:          F2aO0jD+HWN/FtI1mphxaim25/LkJzSeGuymmDn1oN8=
Subject key identifier:   1D:70:DC:F4:BF:2F:71:1C:D5:6D:8D:6A:D6:17:24:54:CC:7A:10:BB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       03AFE8FF71B81E589414824B203774999D9BAC83
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203134363138.roa
Signing time:             Fri 22 Nov 2024 13:09:01 +0000
ROA not before:           Fri 22 Nov 2024 13:04:01 +0000
ROA not after:            Fri 21 Nov 2025 13:09:01 +0000
asID:                     14618
IP address blocks:        62.84.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:af:e8:ff:71:b8:1e:58:94:14:82:4b:20:37:74:99:9d:9b:ac:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov 22 13:04:01 2024 GMT
            Not After : Nov 21 13:09:01 2025 GMT
        Subject: CN=1D70DCF4BF2F711CD56D8D6AD6172454CC7A10BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:99:a9:e3:81:3f:64:29:0f:48:87:af:b5:3e:
                    41:4e:dc:e4:f4:c1:4a:16:2a:ab:fc:31:13:38:c6:
                    f1:3b:9c:29:74:a1:d5:7b:f2:8b:b4:cd:f5:0e:18:
                    29:3a:86:2a:1d:f3:8d:1c:79:41:e6:e8:63:72:f9:
                    d2:de:4e:7f:2b:82:92:f5:a0:89:8d:a7:4b:cb:d6:
                    03:aa:43:2b:90:08:51:36:ee:b1:d4:77:75:9e:c2:
                    64:8a:ef:41:3d:11:96:5a:d0:ba:c3:61:74:fc:73:
                    e2:c7:5a:bb:e4:c2:f4:e7:40:19:7c:82:0a:0f:95:
                    19:b5:51:e6:00:5c:37:e8:b3:97:cb:32:ac:e8:00:
                    dd:a0:50:99:91:e3:4f:11:56:d5:8d:ee:b1:d2:c3:
                    49:7a:34:f0:f7:7b:24:08:e1:f5:64:5f:77:8f:84:
                    61:26:c0:cd:47:d9:1a:66:38:bd:18:79:8a:7f:8a:
                    44:92:4e:53:8f:33:22:37:c0:37:a4:b1:56:70:0d:
                    c4:1a:fa:d5:10:45:73:08:b7:d4:ee:62:af:98:28:
                    d3:df:c8:f1:e4:47:12:73:b3:72:86:fc:a4:5e:79:
                    ce:0f:8f:73:7c:a5:ad:4f:0f:15:00:cc:7a:d0:0c:
                    ea:ec:d7:1d:79:3d:90:ec:67:98:a5:8f:1b:bb:3b:
                    95:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:70:DC:F4:BF:2F:71:1C:D5:6D:8D:6A:D6:17:24:54:CC:7A:10:BB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         69:9b:59:91:f6:9a:34:01:b6:c7:af:fa:c0:c6:b5:ff:34:b9:
         ef:a5:fa:81:5e:f6:1b:7b:2b:48:82:7c:0d:3f:b1:b7:26:48:
         4e:85:89:c2:30:fb:b0:d6:c8:26:d7:4c:40:dc:f9:d8:b3:ff:
         cd:e9:db:4e:38:d3:8f:6a:e6:7f:8c:38:8d:20:6a:c0:94:90:
         21:2e:a7:39:d3:fa:b8:73:d1:94:a1:22:7c:ca:d2:57:5c:07:
         17:51:a3:04:ee:3b:64:fe:1d:e1:70:bc:14:2d:95:0b:8e:19:
         d9:d0:6d:30:4c:4f:79:5e:5c:f2:e6:1e:75:88:b8:7f:ec:8b:
         01:1f:96:39:bd:3a:1b:85:f9:e7:9f:82:d1:3f:d1:7e:9a:8b:
         c4:04:28:14:be:91:b8:09:66:ef:8d:51:66:30:f1:10:1b:b2:
         86:da:5c:2c:e4:ed:0a:a5:b9:5e:c7:ab:99:84:52:90:c6:cd:
         17:51:e5:0e:c8:80:c6:8d:23:91:3c:40:0d:46:32:2f:00:bf:
         36:d2:a4:a5:19:31:6b:ab:2c:db:e7:4a:64:06:86:d8:b2:90:
         16:dc:10:25:b0:2a:58:f0:8f:a5:23:50:c4:90:11:98:5a:03:
         70:e9:dc:a9:31:5f:7a:35:94:33:c8:bd:77:cf:ab:99:fe:9c:
         27:3f:f5:ff
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUA6/o/3G4HliUFIJLIDd0mZ2brIMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDExMjIxMzA0MDFaFw0yNTExMjExMzA5MDFaMDMxMTAvBgNV
BAMTKDFENzBEQ0Y0QkYyRjcxMUNENTZEOEQ2QUQ2MTcyNDU0Q0M3QTEwQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTmanjgT9kKQ9Ih6+1PkFO3OT0
wUoWKqv8MRM4xvE7nCl0odV78ou0zfUOGCk6hiod840ceUHm6GNy+dLeTn8rgpL1
oImNp0vL1gOqQyuQCFE27rHUd3WewmSK70E9EZZa0LrDYXT8c+LHWrvkwvTnQBl8
ggoPlRm1UeYAXDfos5fLMqzoAN2gUJmR408RVtWN7rHSw0l6NPD3eyQI4fVkX3eP
hGEmwM1H2RpmOL0YeYp/ikSSTlOPMyI3wDeksVZwDcQa+tUQRXMIt9TuYq+YKNPf
yPHkRxJzs3KG/KReec4Pj3N8pa1PDxUAzHrQDOrs1x15PZDsZ5iljxu7O5VVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHXDc9L8vcRzVbY1q1hckVMx6ELswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMw
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBD5U
oDANBgkqhkiG9w0BAQsFAAOCAQEAaZtZkfaaNAG2x6/6wMa1/zS576X6gV72G3sr
SIJ8DT+xtyZIToWJwjD7sNbIJtdMQNz52LP/zenbTjjTj2rmf4w4jSBqwJSQIS6n
OdP6uHPRlKEifMrSV1wHF1GjBO47ZP4d4XC8FC2VC44Z2dBtMExPeV5c8uYedYi4
f+yLAR+WOb06G4X555+C0T/RfpqLxAQoFL6RuAlm741RZjDxEBuyhtpcLOTtCqW5
XsermYRSkMbNF1HlDsiAxo0jkTxADUYyLwC/NtKkpRkxa6ss2+dKZAaG2LKQFtwQ
JbAqWPCPpSNQxJARmFoDcOncqTFfejWUM8i9d8+rmf6cJz/1/w==
-----END CERTIFICATE-----