Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203136353039.roa
File:                     36322e38342e3136302e302f32302d3234203d3e203136353039.roa (raw, json)
Hash identifier:          5UKYSg5IdyGgQ9BNx2VNgrVW4rDPrPM92u5DcZ5WbHk=
Subject key identifier:   40:23:19:B3:F6:BD:B6:BE:6D:DC:BE:CB:58:E5:F9:18:38:9F:DD:8D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6A4B625FA1F742FD31EF89765DC3BDCA11850076
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203136353039.roa
Signing time:             Fri 22 Nov 2024 13:09:42 +0000
ROA not before:           Fri 22 Nov 2024 13:04:42 +0000
ROA not after:            Fri 21 Nov 2025 13:09:42 +0000
asID:                     16509
IP address blocks:        62.84.160.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:4b:62:5f:a1:f7:42:fd:31:ef:89:76:5d:c3:bd:ca:11:85:00:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov 22 13:04:42 2024 GMT
            Not After : Nov 21 13:09:42 2025 GMT
        Subject: CN=402319B3F6BDB6BE6DDCBECB58E5F918389FDD8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:47:7e:b2:ec:f2:39:83:97:8f:e6:83:0f:f8:
                    fa:b3:47:d5:65:82:53:dc:95:d0:d7:36:f0:9d:f2:
                    be:2b:b6:33:8b:d6:9f:c2:41:71:f4:63:fc:51:07:
                    54:d2:57:5c:f3:cb:53:0e:2f:a1:af:78:4f:ea:32:
                    7d:92:49:e9:22:22:36:32:2f:da:9b:2a:2b:e4:60:
                    b8:05:16:7d:61:3d:ac:2f:93:89:c5:af:20:f6:5b:
                    b0:73:43:d4:ed:cd:ea:3e:f6:60:45:6f:a3:76:f6:
                    94:ad:a0:13:06:1c:91:89:bb:06:66:ed:b8:e4:bc:
                    ed:54:d5:41:ca:60:dd:7d:4c:4d:73:75:80:f5:6f:
                    41:1b:63:b9:1b:b4:d0:89:ef:85:48:4a:07:d7:9c:
                    ed:e1:c6:ae:42:39:56:7b:a4:70:11:04:b4:0a:1e:
                    49:45:e4:dd:d1:05:37:92:08:4b:48:c2:a0:e0:b5:
                    ce:a2:55:31:29:4a:81:d2:35:71:c4:56:e7:35:a5:
                    bf:22:72:7c:cd:28:c2:db:1e:39:a0:b8:25:16:55:
                    a5:66:f6:b8:9a:aa:e5:df:50:cb:21:08:eb:da:4c:
                    2a:5b:8f:13:b4:5f:62:4d:f4:64:23:c6:d7:7a:d4:
                    7c:16:ea:8f:39:83:9f:ec:b4:87:fd:de:c6:15:a7:
                    42:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:23:19:B3:F6:BD:B6:BE:6D:DC:BE:CB:58:E5:F9:18:38:9F:DD:8D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5b:d0:89:b4:57:ec:6a:ba:e1:81:af:8c:63:1f:da:e5:9a:c0:
         e6:fb:76:5f:7a:09:02:6e:bf:15:d7:71:4b:f8:2f:46:66:98:
         f9:48:53:2f:9b:34:39:70:69:68:19:a9:29:0d:76:90:91:a6:
         c4:93:e0:b8:80:86:ca:63:f7:cb:67:d7:a8:b1:bf:82:c0:ac:
         b9:d5:f1:ed:b7:79:04:ce:21:a6:80:d6:50:12:31:e2:3b:44:
         2c:40:f4:05:be:a0:02:07:21:db:b8:45:35:cc:4c:f2:66:5e:
         0f:a8:35:c7:dc:58:fa:9c:44:60:fe:0f:0d:4a:93:e7:50:d7:
         d4:be:f8:4e:4d:e4:fe:32:7b:44:8f:79:41:6c:d0:c4:11:a0:
         f2:65:9e:5a:b6:79:5d:48:fd:72:5e:7a:87:ca:0f:11:11:b7:
         cc:2e:4c:6c:7a:31:6a:a6:0a:52:b7:ca:d9:a2:d2:d8:f4:0c:
         02:48:1e:92:73:bb:56:bb:eb:c5:05:af:5a:d2:7b:b5:dc:3c:
         e2:3c:e3:9d:04:bf:83:a7:a4:71:d7:0d:ff:da:d7:c5:a2:b9:
         69:c8:70:a5:a6:13:15:be:ae:d7:f0:58:c1:b0:ed:ea:24:38:
         fc:79:6a:07:95:29:aa:b1:b7:46:2a:35:c0:7a:8b:29:89:87:
         39:d6:de:de
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaktiX6H3Qv0x74l2XcO9yhGFAHYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDExMjIxMzA0NDJaFw0yNTExMjExMzA5NDJaMDMxMTAvBgNV
BAMTKDQwMjMxOUIzRjZCREI2QkU2RERDQkVDQjU4RTVGOTE4Mzg5RkREOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfR36y7PI5g5eP5oMP+PqzR9Vl
glPcldDXNvCd8r4rtjOL1p/CQXH0Y/xRB1TSV1zzy1MOL6GveE/qMn2SSekiIjYy
L9qbKivkYLgFFn1hPawvk4nFryD2W7BzQ9Ttzeo+9mBFb6N29pStoBMGHJGJuwZm
7bjkvO1U1UHKYN19TE1zdYD1b0EbY7kbtNCJ74VISgfXnO3hxq5COVZ7pHARBLQK
HklF5N3RBTeSCEtIwqDgtc6iVTEpSoHSNXHEVuc1pb8icnzNKMLbHjmguCUWVaVm
9riaquXfUMshCOvaTCpbjxO0X2JN9GQjxtd61HwW6o85g5/stIf93sYVp0JlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQCMZs/a9tr5t3L7LWOX5GDif3Y0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMw
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzEzNjM1MzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBD5U
oDANBgkqhkiG9w0BAQsFAAOCAQEAW9CJtFfsarrhga+MYx/a5ZrA5vt2X3oJAm6/
FddxS/gvRmaY+UhTL5s0OXBpaBmpKQ12kJGmxJPguICGymP3y2fXqLG/gsCsudXx
7bd5BM4hpoDWUBIx4jtELED0Bb6gAgch27hFNcxM8mZeD6g1x9xY+pxEYP4PDUqT
51DX1L74Tk3k/jJ7RI95QWzQxBGg8mWeWrZ5XUj9cl56h8oPERG3zC5MbHoxaqYK
UrfK2aLS2PQMAkgeknO7VrvrxQWvWtJ7tdw84jzjnQS/g6ekcdcN/9rXxaK5achw
paYTFb6u1/BYwbDt6iQ4/HlqB5UpqrG3Rio1wHqLKYmHOdbe3g==
-----END CERTIFICATE-----