Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136322e302f32342d3234203d3e203432363839.roa
File:                     36322e38342e3136322e302f32342d3234203d3e203432363839.roa (raw, json)
Hash identifier:          RaPAQtD+DzXPAU2+0Fs7XAvZ+h8HkbqPYIUThNJAD9Q=
Subject key identifier:   14:7C:EF:57:68:6B:74:29:52:B6:A9:C2:52:15:EC:12:91:F7:AC:AB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3FA8F00337421D4E450E4B2288BC4E00D6FC8BF8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136322e302f32342d3234203d3e203432363839.roa
Signing time:             Tue 26 Aug 2025 09:48:33 +0000
ROA not before:           Tue 26 Aug 2025 09:43:33 +0000
ROA not after:            Tue 25 Aug 2026 09:48:33 +0000
asID:                     42689
IP address blocks:        62.84.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 01:27:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:a8:f0:03:37:42:1d:4e:45:0e:4b:22:88:bc:4e:00:d6:fc:8b:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 26 09:43:33 2025 GMT
            Not After : Aug 25 09:48:33 2026 GMT
        Subject: CN=147CEF57686B742952B6A9C25215EC1291F7ACAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:50:de:3c:26:9a:9f:c5:ae:8e:ac:55:b4:88:
                    9a:8e:db:9f:d7:35:8b:01:ab:ec:60:08:51:6d:75:
                    8e:6a:1d:0d:cc:94:5f:11:5c:b9:91:3a:20:ab:f7:
                    3c:7a:7c:82:79:63:8c:07:35:33:06:52:2a:47:ea:
                    bf:a2:e8:ec:7f:7f:85:a8:2d:d7:cd:37:ae:ee:a8:
                    bd:99:84:da:6d:21:90:2e:ef:66:71:c7:9f:41:72:
                    ef:87:4b:70:db:33:01:06:49:98:ee:fa:ca:3e:00:
                    db:c7:92:7f:8b:a6:ff:19:0d:5e:ec:9a:a1:c1:c0:
                    9b:a0:1f:86:99:16:fb:d3:c4:55:3c:8f:c1:51:30:
                    21:14:70:de:cb:71:ad:5c:ba:0f:dc:98:10:00:89:
                    ba:ce:ec:71:f1:65:a5:98:c7:c4:68:83:d2:63:9c:
                    2c:0d:ea:18:97:61:84:ee:65:9c:1e:83:b4:55:a8:
                    2f:39:57:19:bf:c5:6b:43:cc:f5:26:15:0c:10:07:
                    fb:20:b9:73:83:3d:46:0c:6f:b4:bf:e4:18:53:7a:
                    f4:50:ea:fc:e3:00:fc:00:b6:7b:dc:e0:ab:f9:56:
                    10:65:04:4c:1d:ce:a8:a2:8e:b1:4b:39:03:bc:2e:
                    04:c9:1d:2b:6c:93:62:ea:7a:f0:9d:59:28:1f:d2:
                    ac:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7C:EF:57:68:6B:74:29:52:B6:A9:C2:52:15:EC:12:91:F7:AC:AB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136322e302f32342d3234203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:b4:c8:97:44:c2:c0:21:a6:20:96:7c:05:52:12:e4:b8:f7:
         4c:71:6f:9c:37:72:7a:a1:75:12:ae:85:28:a5:de:42:62:15:
         e5:c4:f7:96:ff:8a:fe:bc:d4:05:7b:4c:bf:6d:50:ff:11:00:
         65:a4:91:a9:c8:d3:56:6e:06:30:a6:08:b4:fa:96:8f:76:5c:
         cf:5e:0c:7d:fd:9b:d4:d0:30:2f:9c:59:5f:c7:5f:62:51:bf:
         12:b5:bd:6a:16:13:f6:7e:7a:4e:3a:fe:a4:2c:6b:bb:67:99:
         a7:85:e3:fb:e3:b1:a4:e1:12:12:02:60:56:3d:33:4e:54:31:
         60:6f:4e:0a:75:2e:5c:8a:93:c3:79:65:39:a1:3a:d2:29:16:
         88:7f:7d:c5:8a:0f:47:ed:e7:74:c9:70:6a:e0:e0:4c:e7:89:
         e7:9f:25:04:3d:e7:fa:06:0a:d7:b6:5c:b0:59:09:69:97:ec:
         7f:7b:29:8b:fa:2d:90:55:30:78:87:57:2d:78:03:5a:ec:2e:
         e4:d8:48:e8:ad:4b:13:14:bd:f1:b0:33:11:3f:3a:dd:0b:3b:
         da:55:4f:74:94:ba:c7:d9:47:79:99:3f:72:20:6b:6d:94:e4:
         bd:28:9b:fd:58:1c:2c:9b:8f:ba:a9:a6:19:4c:09:21:a3:40:
         ec:4d:7d:a4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP6jwAzdCHU5FDksiiLxOANb8i/gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjYwOTQzMzNaFw0yNjA4MjUwOTQ4MzNaMDMxMTAvBgNV
BAMTKDE0N0NFRjU3Njg2Qjc0Mjk1MkI2QTlDMjUyMTVFQzEyOTFGN0FDQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7UN48Jpqfxa6OrFW0iJqO25/X
NYsBq+xgCFFtdY5qHQ3MlF8RXLmROiCr9zx6fIJ5Y4wHNTMGUipH6r+i6Ox/f4Wo
LdfNN67uqL2ZhNptIZAu72Zxx59Bcu+HS3DbMwEGSZju+so+ANvHkn+Lpv8ZDV7s
mqHBwJugH4aZFvvTxFU8j8FRMCEUcN7Lca1cug/cmBAAibrO7HHxZaWYx8Rog9Jj
nCwN6hiXYYTuZZweg7RVqC85Vxm/xWtDzPUmFQwQB/sguXODPUYMb7S/5BhTevRQ
6vzjAPwAtnvc4Kv5VhBlBEwdzqiijrFLOQO8LgTJHStsk2LqevCdWSgf0qw7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFHzvV2hrdClStqnCUhXsEpH3rKswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM2MzgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD5U
ojANBgkqhkiG9w0BAQsFAAOCAQEARLTIl0TCwCGmIJZ8BVIS5Lj3THFvnDdyeqF1
Eq6FKKXeQmIV5cT3lv+K/rzUBXtMv21Q/xEAZaSRqcjTVm4GMKYItPqWj3Zcz14M
ff2b1NAwL5xZX8dfYlG/ErW9ahYT9n56Tjr+pCxru2eZp4Xj++OxpOESEgJgVj0z
TlQxYG9OCnUuXIqTw3llOaE60ikWiH99xYoPR+3ndMlwauDgTOeJ558lBD3n+gYK
17ZcsFkJaZfsf3spi/otkFUweIdXLXgDWuwu5NhI6K1LExS98bAzET863Qs72lVP
dJS6x9lHeZk/ciBrbZTkvSib/VgcLJuPuqmmGUwJIaNA7E19pA==
-----END CERTIFICATE-----