Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203134363138.roa
File:                     36322e38342e3136302e302f32302d3234203d3e203134363138.roa (raw, json)
Hash identifier:          2ajX/v6SfxS6SVq2Wk80SZJhvthh8ARgu9A0nwLYN10=
Subject key identifier:   97:01:FD:B7:51:B4:A6:DD:5D:7D:EC:4D:39:F8:8A:71:4B:FD:B1:B4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6A99F731DEC3098B1346EF015233A108616F6C5D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203134363138.roa
Signing time:             Tue 26 Dec 2023 20:00:56 +0000
ROA not before:           Tue 26 Dec 2023 19:55:56 +0000
ROA not after:            Tue 24 Dec 2024 20:00:56 +0000
asID:                     14618
IP address blocks:        62.84.160.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:99:f7:31:de:c3:09:8b:13:46:ef:01:52:33:a1:08:61:6f:6c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Dec 26 19:55:56 2023 GMT
            Not After : Dec 24 20:00:56 2024 GMT
        Subject: CN=9701FDB751B4A6DD5D7DEC4D39F88A714BFDB1B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b5:f7:79:97:96:a6:2f:b7:c0:b8:b9:ca:28:
                    07:4c:2c:46:1e:41:75:f8:07:bb:87:b2:ce:9c:68:
                    3a:4f:3e:31:6f:47:e5:3d:22:46:dc:80:42:60:32:
                    b3:5f:14:ba:5a:7e:54:0d:a4:9d:46:1c:44:0b:e2:
                    3f:9b:b4:b0:0f:67:ff:09:2c:aa:13:eb:ee:dd:c8:
                    68:cd:1f:7a:78:22:27:28:59:fd:df:41:bb:f7:46:
                    2a:6e:ec:9a:73:0c:21:d0:6f:43:1b:4e:bb:a5:62:
                    7f:f2:c3:94:c6:52:98:e4:fd:65:7a:13:0b:70:be:
                    ee:67:8b:e3:5b:53:6e:c6:16:03:7d:df:a3:b3:af:
                    a1:ac:d8:f6:c8:7a:2a:d3:1d:8e:c4:61:dc:8f:a1:
                    1a:f0:be:f3:c7:2e:c0:7e:c9:26:11:f2:b8:71:e2:
                    b9:5a:34:98:52:bc:f5:63:1b:3f:35:66:ec:aa:08:
                    94:18:15:d9:75:d2:c6:b5:0f:b8:2d:f4:ed:96:61:
                    81:82:3c:01:31:25:d4:14:10:ee:82:1f:21:bd:75:
                    30:f7:57:e7:6a:34:9c:54:13:ca:73:b7:31:3d:80:
                    a5:bf:56:91:6c:a5:94:48:47:75:c3:9b:9f:d4:b1:
                    68:be:b2:c8:3c:f9:cd:09:80:c6:43:39:17:49:8f:
                    3d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:01:FD:B7:51:B4:A6:DD:5D:7D:EC:4D:39:F8:8A:71:4B:FD:B1:B4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5a:c7:70:21:63:f8:c7:e4:db:96:1b:52:94:d7:25:09:76:d3:
         13:7a:c9:86:e5:51:64:a6:a2:98:fe:31:23:bb:60:91:d3:5c:
         79:b8:21:4d:25:9d:5f:15:7d:29:d5:17:5d:ef:2d:4b:f2:06:
         46:f8:56:98:e0:1e:57:1a:03:3e:a7:03:f8:03:3e:64:ee:b0:
         2c:0c:97:41:12:44:53:51:15:e7:b8:37:3b:51:01:09:1c:48:
         1a:5b:45:e6:ae:e2:b6:03:76:f5:47:a3:c9:3e:ca:e3:41:78:
         73:49:66:ec:94:1e:4c:e9:42:37:f1:7a:97:d8:17:ea:2d:20:
         77:30:4a:44:86:a1:8d:f9:ca:99:f5:0a:19:3a:83:60:88:66:
         06:d8:0e:16:1c:bf:6f:0e:93:7a:dd:71:c8:db:a4:9e:96:8d:
         5b:20:76:59:37:6a:d2:c2:09:df:0e:87:45:60:72:01:de:21:
         4c:fc:02:70:05:38:f5:04:a7:e1:7c:56:c0:eb:1f:2a:3b:bd:
         f6:1e:97:7c:05:85:25:b3:ae:a6:4b:84:73:1d:25:03:ae:71:
         0f:7d:cf:2c:39:bb:c9:0c:e3:85:9f:e4:32:07:bb:f6:1b:47:
         76:31:2a:9f:88:a0:86:bc:f6:0f:7b:9c:98:29:68:9a:2a:f3:
         ec:66:24:fa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUapn3Md7DCYsTRu8BUjOhCGFvbF0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEyMjYxOTU1NTZaFw0yNDEyMjQyMDAwNTZaMDMxMTAvBgNV
BAMTKDk3MDFGREI3NTFCNEE2REQ1RDdERUM0RDM5Rjg4QTcxNEJGREIxQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7tfd5l5amL7fAuLnKKAdMLEYe
QXX4B7uHss6caDpPPjFvR+U9IkbcgEJgMrNfFLpaflQNpJ1GHEQL4j+btLAPZ/8J
LKoT6+7dyGjNH3p4IicoWf3fQbv3Ripu7JpzDCHQb0MbTrulYn/yw5TGUpjk/WV6
Ewtwvu5ni+NbU27GFgN936Ozr6Gs2PbIeirTHY7EYdyPoRrwvvPHLsB+ySYR8rhx
4rlaNJhSvPVjGz81ZuyqCJQYFdl10sa1D7gt9O2WYYGCPAExJdQUEO6CHyG9dTD3
V+dqNJxUE8pztzE9gKW/VpFspZRIR3XDm5/UsWi+ssg8+c0JgMZDORdJjz0VAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUlwH9t1G0pt1dfexNOfiKcUv9sbQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMw
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBD5U
oDANBgkqhkiG9w0BAQsFAAOCAQEAWsdwIWP4x+TblhtSlNclCXbTE3rJhuVRZKai
mP4xI7tgkdNcebghTSWdXxV9KdUXXe8tS/IGRvhWmOAeVxoDPqcD+AM+ZO6wLAyX
QRJEU1EV57g3O1EBCRxIGltF5q7itgN29UejyT7K40F4c0lm7JQeTOlCN/F6l9gX
6i0gdzBKRIahjfnKmfUKGTqDYIhmBtgOFhy/bw6Tet1xyNuknpaNWyB2WTdq0sIJ
3w6HRWByAd4hTPwCcAU49QSn4XxWwOsfKju99h6XfAWFJbOupkuEcx0lA65xD33P
LDm7yQzjhZ/kMge79htHdjEqn4ighrz2D3ucmClomirz7GYk+g==
-----END CERTIFICATE-----