Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e20383334.roa
File:                     36322e38342e3136302e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          HfshnDhP/gLumdQabz3lnDQkZdQG5g15eg7QIkES+gs=
Subject key identifier:   35:55:A4:1A:C8:4B:76:8F:96:02:B3:7E:E0:0E:FE:FE:EB:8D:86:3F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0FC8FAB4B4B200CD58D683DA7445FBBE974FD322
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e20383334.roa
Signing time:             Tue 22 Oct 2024 19:50:56 +0000
ROA not before:           Tue 22 Oct 2024 19:45:56 +0000
ROA not after:            Tue 21 Oct 2025 19:50:56 +0000
asID:                     834
IP address blocks:        62.84.160.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:c8:fa:b4:b4:b2:00:cd:58:d6:83:da:74:45:fb:be:97:4f:d3:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 22 19:45:56 2024 GMT
            Not After : Oct 21 19:50:56 2025 GMT
        Subject: CN=3555A41AC84B768F9602B37EE00EFEFEEB8D863F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5c:86:4a:89:66:bf:80:30:c5:87:aa:b9:62:
                    32:2b:14:9c:34:46:12:a7:4f:bd:b3:a0:2c:b6:16:
                    be:53:a9:b0:f2:51:28:4f:c9:d6:80:c4:5a:40:25:
                    cd:6c:c0:2a:83:90:89:4c:36:84:fb:8d:e5:5f:32:
                    cb:e2:32:56:9e:99:a3:14:47:32:0a:57:f0:54:b8:
                    10:a3:fc:79:4c:b1:12:d7:df:21:f0:54:9a:a2:cf:
                    6f:58:2b:9c:fa:9d:30:e7:4a:19:fa:4e:e5:59:d8:
                    f6:7f:12:5c:16:1a:cd:d3:24:0c:26:6d:05:39:01:
                    da:62:03:eb:30:cb:35:06:e4:14:cc:6f:dd:35:28:
                    db:a0:34:1d:09:84:48:35:5f:2b:d3:8b:c4:17:8a:
                    cd:6b:63:92:2b:b8:df:98:e5:4d:23:ee:32:b3:7c:
                    92:f2:d1:3f:9c:2f:71:a4:5d:8c:f1:d0:90:e5:e4:
                    17:b1:c5:f0:04:e6:62:d2:5c:bc:5d:19:47:2c:e0:
                    b0:19:61:27:1a:50:60:7f:1a:c6:e7:3e:89:6f:03:
                    0d:45:51:a2:b9:38:72:3d:58:35:a8:ff:ef:75:3a:
                    ca:f6:2b:d8:7e:20:e9:18:fd:3d:a9:a8:09:1e:06:
                    43:21:35:01:a0:1a:a7:82:ca:0a:24:8a:b5:43:b3:
                    d7:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:55:A4:1A:C8:4B:76:8F:96:02:B3:7E:E0:0E:FE:FE:EB:8D:86:3F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136302e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0f:82:63:bd:d2:37:0c:fb:28:e9:1d:aa:4d:51:1e:d1:74:c5:
         74:d1:c7:c8:a4:29:ed:30:71:15:94:2d:27:e7:b1:c8:6d:21:
         36:9e:6d:83:6c:c8:88:1f:95:2d:46:71:97:74:f8:d3:a9:ed:
         84:af:42:91:b9:2a:fc:2d:30:4d:aa:09:76:a0:15:ae:a2:77:
         74:ff:ba:0c:be:c1:e8:17:c0:b6:1e:a0:e7:40:36:95:aa:aa:
         19:69:86:dd:b3:0f:e7:85:91:c7:8c:87:b8:10:60:e8:14:8c:
         d2:9a:b8:1e:15:25:2b:08:fd:c1:04:28:ad:64:d3:9a:b4:c7:
         b0:e7:99:e3:53:02:ed:fc:54:23:c5:00:55:15:b6:61:2b:1e:
         4b:5c:c7:95:0c:56:81:8d:e5:42:6b:93:27:82:7b:c4:b5:d4:
         5f:ff:e3:13:23:a5:05:9f:7d:12:55:08:cb:46:d7:99:84:22:
         42:1b:79:4e:12:97:08:ca:ef:f7:cf:a5:a6:72:0a:eb:51:6b:
         1d:d3:ab:be:e9:db:43:cb:e0:e1:2b:be:6e:7c:9a:ac:4f:ac:
         f8:2d:64:4c:31:2a:b9:bc:77:8f:f5:4a:82:e0:e4:a1:0c:76:
         d2:dd:a1:1e:26:0d:e4:f6:26:11:27:72:78:b6:cf:52:88:8f:
         46:9a:dd:d8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUD8j6tLSyAM1Y1oPadEX7vpdP0yIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEwMjIxOTQ1NTZaFw0yNTEwMjExOTUwNTZaMDMxMTAvBgNV
BAMTKDM1NTVBNDFBQzg0Qjc2OEY5NjAyQjM3RUUwMEVGRUZFRUI4RDg2M0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCXIZKiWa/gDDFh6q5YjIrFJw0
RhKnT72zoCy2Fr5TqbDyUShPydaAxFpAJc1swCqDkIlMNoT7jeVfMsviMlaemaMU
RzIKV/BUuBCj/HlMsRLX3yHwVJqiz29YK5z6nTDnShn6TuVZ2PZ/ElwWGs3TJAwm
bQU5AdpiA+swyzUG5BTMb901KNugNB0JhEg1XyvTi8QXis1rY5IruN+Y5U0j7jKz
fJLy0T+cL3GkXYzx0JDl5BexxfAE5mLSXLxdGUcs4LAZYScaUGB/GsbnPolvAw1F
UaK5OHI9WDWo/+91Osr2K9h+IOkY/T2pqAkeBkMhNQGgGqeCygokirVDs9clAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUNVWkGshLdo+WArN+4A7+/uuNhj8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMw
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPlSgMA0G
CSqGSIb3DQEBCwUAA4IBAQAPgmO90jcM+yjpHapNUR7RdMV00cfIpCntMHEVlC0n
57HIbSE2nm2DbMiIH5UtRnGXdPjTqe2Er0KRuSr8LTBNqgl2oBWuond0/7oMvsHo
F8C2HqDnQDaVqqoZaYbdsw/nhZHHjIe4EGDoFIzSmrgeFSUrCP3BBCitZNOatMew
55njUwLt/FQjxQBVFbZhKx5LXMeVDFaBjeVCa5MngnvEtdRf/+MTI6UFn30SVQjL
RteZhCJCG3lOEpcIyu/3z6WmcgrrUWsd06u+6dtDy+DhK75ufJqsT6z4LWRMMSq5
vHeP9UqC4OShDHbS3aEeJg3k9iYRJ3J4ts9SiI9Gmt3Y
-----END CERTIFICATE-----