Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136332e302f32342d3234203d3e203432363839.roa
File:                     36322e38342e3136332e302f32342d3234203d3e203432363839.roa (raw, json)
Hash identifier:          K4j6ge9AzTqug3+/em79elHFogOIKxcIOK+Ql94fDoU=
Subject key identifier:   00:E0:5D:C9:F7:A7:02:43:B1:F6:A1:B3:F7:76:2F:C1:2A:A9:26:64
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6C49722811A989FB77EEC5FA24E66948A11853AF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136332e302f32342d3234203d3e203432363839.roa
Signing time:             Tue 26 Aug 2025 20:19:46 +0000
ROA not before:           Tue 26 Aug 2025 20:14:46 +0000
ROA not after:            Tue 25 Aug 2026 20:19:46 +0000
asID:                     42689
IP address blocks:        62.84.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 01:27:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:49:72:28:11:a9:89:fb:77:ee:c5:fa:24:e6:69:48:a1:18:53:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 26 20:14:46 2025 GMT
            Not After : Aug 25 20:19:46 2026 GMT
        Subject: CN=00E05DC9F7A70243B1F6A1B3F7762FC12AA92664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:87:39:74:9c:93:c0:85:73:5b:71:e2:f6:48:
                    a9:c9:d7:2e:5d:30:5e:8c:3d:1b:bf:e1:78:4c:b0:
                    75:12:ae:dc:a9:12:e6:ac:67:e2:32:60:d4:cb:2a:
                    14:6b:db:0c:14:1d:e6:94:1f:ff:a8:65:ae:8e:62:
                    66:ee:c9:33:97:a2:12:fe:b4:d8:52:c8:4d:c3:d8:
                    4e:fa:9b:fc:f2:bd:42:10:10:d5:8a:7e:af:19:8d:
                    e9:37:ed:69:6a:e7:62:2d:7b:66:e4:85:ca:78:62:
                    1a:9e:15:36:a0:58:67:98:1c:4a:84:12:48:c7:0c:
                    5b:ce:a4:01:e6:b7:d4:6d:55:7b:65:7e:01:d6:b1:
                    b5:3f:ec:53:af:78:ba:3e:b3:6c:d1:1d:84:e7:da:
                    eb:90:11:2d:5a:4d:e2:8d:92:25:22:e4:b1:b2:5e:
                    9a:a0:8b:81:c8:12:14:b1:da:61:d1:34:8d:84:bd:
                    c2:57:76:44:25:4e:7e:0b:aa:7e:06:e9:bc:9a:2e:
                    57:f8:91:84:82:e4:47:e7:fe:a8:44:64:85:c8:44:
                    35:d1:b8:dd:9a:87:20:4b:9a:7e:33:3f:19:47:82:
                    37:d1:30:0c:ba:04:dc:f2:11:69:9d:18:e0:ba:62:
                    04:c7:df:70:db:a9:8a:94:58:db:a3:1e:40:e1:f7:
                    c4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E0:5D:C9:F7:A7:02:43:B1:F6:A1:B3:F7:76:2F:C1:2A:A9:26:64
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136332e302f32342d3234203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:47:ca:b3:99:dd:37:d8:bc:bf:51:52:e8:44:12:8c:82:8d:
         67:cd:80:a7:b4:f4:ad:5b:d9:62:c6:81:2a:73:32:91:e4:50:
         ab:b5:1b:88:21:6b:77:09:a7:ea:42:dc:ad:bc:f7:08:46:a4:
         b7:77:03:24:78:4c:d6:af:4f:30:b8:f2:1d:d0:0d:d2:73:65:
         c0:dc:3f:5f:b5:04:71:ff:a3:6b:14:cd:a2:1d:94:d2:a1:44:
         cf:9f:3b:ff:e8:c1:05:36:93:3d:80:b7:8c:07:b6:f5:d0:1b:
         d0:6d:c8:e3:e0:99:54:3a:45:5b:79:4b:c1:ac:7f:e9:af:45:
         47:a5:4e:3d:94:6a:58:d0:b0:cf:71:ea:24:a0:5c:3c:3b:29:
         77:3b:3c:29:0c:94:26:bb:08:72:1c:52:e0:90:79:42:30:d4:
         6e:28:c4:a3:7b:43:09:f2:fd:45:6f:bf:c6:a4:e7:6b:8f:54:
         e7:13:cf:ac:d0:85:3c:82:13:44:14:9d:33:38:c2:b7:90:9a:
         03:ce:dc:11:a1:b9:25:4b:17:ca:8e:9d:b1:ad:77:45:e5:4e:
         34:70:76:ca:7f:0e:8c:de:76:e5:85:6e:e6:08:95:3e:34:93:
         bb:f3:62:18:6a:f0:76:d1:09:c9:4d:4d:4c:3e:bf:4c:63:d6:
         fb:63:2c:28
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbElyKBGpift37sX6JOZpSKEYU68wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjYyMDE0NDZaFw0yNjA4MjUyMDE5NDZaMDMxMTAvBgNV
BAMTKDAwRTA1REM5RjdBNzAyNDNCMUY2QTFCM0Y3NzYyRkMxMkFBOTI2NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbhzl0nJPAhXNbceL2SKnJ1y5d
MF6MPRu/4XhMsHUSrtypEuasZ+IyYNTLKhRr2wwUHeaUH/+oZa6OYmbuyTOXohL+
tNhSyE3D2E76m/zyvUIQENWKfq8Zjek37Wlq52Ite2bkhcp4YhqeFTagWGeYHEqE
EkjHDFvOpAHmt9RtVXtlfgHWsbU/7FOveLo+s2zRHYTn2uuQES1aTeKNkiUi5LGy
Xpqgi4HIEhSx2mHRNI2EvcJXdkQlTn4Lqn4G6byaLlf4kYSC5Efn/qhEZIXIRDXR
uN2ahyBLmn4zPxlHgjfRMAy6BNzyEWmdGOC6YgTH33DbqYqUWNujHkDh98TzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUAOBdyfenAkOx9qGz93YvwSqpJmQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM2MzgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD5U
ozANBgkqhkiG9w0BAQsFAAOCAQEAHEfKs5ndN9i8v1FS6EQSjIKNZ82Ap7T0rVvZ
YsaBKnMykeRQq7UbiCFrdwmn6kLcrbz3CEakt3cDJHhM1q9PMLjyHdAN0nNlwNw/
X7UEcf+jaxTNoh2U0qFEz587/+jBBTaTPYC3jAe29dAb0G3I4+CZVDpFW3lLwax/
6a9FR6VOPZRqWNCwz3HqJKBcPDspdzs8KQyUJrsIchxS4JB5QjDUbijEo3tDCfL9
RW+/xqTna49U5xPPrNCFPIITRBSdMzjCt5CaA87cEaG5JUsXyo6dsa13ReVONHB2
yn8OjN525YVu5giVPjSTu/NiGGrwdtEJyU1NTD6/TGPW+2MsKA==
-----END CERTIFICATE-----