Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203136353039.roa
File:                     36322e38342e3136302e302f32302d3234203d3e203136353039.roa (raw, json)
Hash identifier:          pol5hjjbygjCaw0ZHUsJSRUSJrMMYQ31jnX2SrCwmxs=
Subject key identifier:   B2:59:D7:1F:5C:24:6D:82:45:D4:D2:6D:5C:64:8D:CC:20:CB:7B:4D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       28F324B48A336B3D6E5AF87781D009C1A9EC407B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203136353039.roa
Signing time:             Tue 26 Dec 2023 20:00:44 +0000
ROA not before:           Tue 26 Dec 2023 19:55:44 +0000
ROA not after:            Tue 24 Dec 2024 20:00:44 +0000
asID:                     16509
IP address blocks:        62.84.160.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:f3:24:b4:8a:33:6b:3d:6e:5a:f8:77:81:d0:09:c1:a9:ec:40:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Dec 26 19:55:44 2023 GMT
            Not After : Dec 24 20:00:44 2024 GMT
        Subject: CN=B259D71F5C246D8245D4D26D5C648DCC20CB7B4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:1d:3c:78:42:a7:92:04:fc:99:2e:7c:9b:96:
                    f9:08:b7:66:73:6e:df:4e:b0:bd:2e:68:a0:aa:08:
                    ec:d4:6a:b6:f4:86:05:e2:69:1a:68:0e:b1:81:80:
                    f8:04:40:56:36:15:ac:e4:61:a3:55:23:7c:c3:1a:
                    f4:33:9b:10:51:7a:e5:ad:78:93:61:09:32:9d:d1:
                    f5:f4:9d:88:44:79:01:b0:4e:fd:62:b7:ca:90:e6:
                    84:9e:3c:37:a9:0b:ae:90:bf:35:a9:25:b5:b6:79:
                    fd:c3:78:24:d7:2c:ed:ae:21:32:11:fe:95:d9:f5:
                    34:85:d6:a0:be:de:dd:93:af:0f:6b:16:61:eb:85:
                    bf:a1:19:c0:43:1b:84:56:03:d1:e1:a0:c1:61:ac:
                    db:ea:0b:b6:b0:96:a5:9e:59:70:4b:0f:7e:83:04:
                    58:59:1c:69:c3:3f:87:c6:fa:07:f8:dc:9c:65:3a:
                    1b:c8:18:d6:a6:40:d8:54:9f:6e:0d:8d:28:78:79:
                    19:52:ae:bb:a6:e6:9b:98:42:b1:07:b7:92:1d:d4:
                    69:54:36:44:99:30:36:e4:7f:8b:a4:6e:3e:c0:0e:
                    5f:58:3c:1f:55:93:a8:58:35:9c:da:b7:ce:e9:3e:
                    58:40:0b:9c:9b:67:82:59:08:44:6b:83:af:2c:f3:
                    93:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:59:D7:1F:5C:24:6D:82:45:D4:D2:6D:5C:64:8D:CC:20:CB:7B:4D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         26:09:1b:66:39:68:f9:1c:a1:88:5d:3e:da:2d:c3:b0:44:53:
         25:7c:e1:aa:66:c3:3e:11:96:e6:10:63:7e:a6:e3:d5:07:f4:
         60:1a:3b:49:5c:cf:f6:06:a4:36:3b:bc:c9:f5:19:f9:42:3e:
         41:c1:02:50:72:9e:d3:d5:fa:82:46:91:34:1f:2f:b6:51:35:
         44:98:e0:a8:08:f9:e3:c7:f3:7e:e9:d2:2f:4f:c6:3f:14:49:
         10:fe:9f:c8:e3:72:99:4d:99:88:13:1c:50:38:5e:32:5f:a9:
         16:a2:4a:4a:0e:95:54:72:19:25:93:58:59:aa:51:82:90:67:
         f8:2c:2e:d5:15:09:58:ff:7a:bd:b9:be:17:b1:ce:ad:a5:b8:
         77:e4:44:35:8c:dd:0f:93:57:ae:50:11:0a:f7:9e:aa:e8:ac:
         bf:f4:a1:f9:84:c0:e9:da:b7:96:12:f0:17:dc:1c:05:c3:8c:
         00:30:21:30:03:21:3a:2d:45:d8:e9:45:01:2e:21:b5:82:33:
         a1:07:c7:cf:11:a2:5d:03:32:78:16:c3:7b:73:67:a5:ae:f5:
         a3:4b:e2:d0:a3:e6:cd:0b:91:10:20:bf:fc:17:e8:75:d3:78:
         de:a2:8e:36:7a:23:4c:ce:f1:02:58:57:e1:98:61:6d:dd:00:
         c7:89:5d:f0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKPMktIozaz1uWvh3gdAJwansQHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEyMjYxOTU1NDRaFw0yNDEyMjQyMDAwNDRaMDMxMTAvBgNV
BAMTKEIyNTlENzFGNUMyNDZEODI0NUQ0RDI2RDVDNjQ4RENDMjBDQjdCNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlHTx4QqeSBPyZLnyblvkIt2Zz
bt9OsL0uaKCqCOzUarb0hgXiaRpoDrGBgPgEQFY2FazkYaNVI3zDGvQzmxBReuWt
eJNhCTKd0fX0nYhEeQGwTv1it8qQ5oSePDepC66QvzWpJbW2ef3DeCTXLO2uITIR
/pXZ9TSF1qC+3t2Trw9rFmHrhb+hGcBDG4RWA9HhoMFhrNvqC7awlqWeWXBLD36D
BFhZHGnDP4fG+gf43JxlOhvIGNamQNhUn24NjSh4eRlSrrum5puYQrEHt5Id1GlU
NkSZMDbkf4ukbj7ADl9YPB9Vk6hYNZzat87pPlhAC5ybZ4JZCERrg68s85PBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUslnXH1wkbYJF1NJtXGSNzCDLe00wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMw
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzEzNjM1MzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBD5U
oDANBgkqhkiG9w0BAQsFAAOCAQEAJgkbZjlo+RyhiF0+2i3DsERTJXzhqmbDPhGW
5hBjfqbj1Qf0YBo7SVzP9gakNju8yfUZ+UI+QcECUHKe09X6gkaRNB8vtlE1RJjg
qAj548fzfunSL0/GPxRJEP6fyONymU2ZiBMcUDheMl+pFqJKSg6VVHIZJZNYWapR
gpBn+Cwu1RUJWP96vbm+F7HOraW4d+RENYzdD5NXrlARCveequisv/Sh+YTA6dq3
lhLwF9wcBcOMADAhMAMhOi1F2OlFAS4htYIzoQfHzxGiXQMyeBbDe3Nnpa71o0vi
0KPmzQuRECC//BfoddN43qKONnojTM7xAlhX4Zhhbd0Ax4ld8A==
-----END CERTIFICATE-----