Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136332e302f32342d3234203d3e2039333034.roa
File:                     36322e38342e3136332e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          GLEkkpJ3kBTfUC2VHe/3ypQxUeliQIwhXpYXZP/cb0U=
Subject key identifier:   A3:A2:0B:99:9A:5F:D9:FA:E5:94:31:34:BA:54:83:67:6F:95:85:98
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       70D8A945DB15E2441D235740511B9461DAA14DF9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136332e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 02 Jun 2026 05:12:43 +0000
ROA not before:           Tue 02 Jun 2026 05:07:43 +0000
ROA not after:            Tue 01 Jun 2027 05:12:43 +0000
asID:                     9304
IP address blocks:        62.84.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 12:09:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:d8:a9:45:db:15:e2:44:1d:23:57:40:51:1b:94:61:da:a1:4d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  2 05:07:43 2026 GMT
            Not After : Jun  1 05:12:43 2027 GMT
        Subject: CN=A3A20B999A5FD9FAE5943134BA5483676F958598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:94:76:60:cb:4f:83:bd:c0:20:ec:7b:d5:30:
                    e4:13:cf:21:9d:04:6a:77:10:f0:e8:81:59:94:1b:
                    c2:eb:3f:ab:a5:cd:3f:37:99:a1:72:6a:85:b6:be:
                    0c:be:45:b0:32:8c:d2:ba:43:f9:b9:a4:37:6e:00:
                    a6:87:2e:45:7f:53:51:5a:2f:62:16:93:c8:c0:fc:
                    70:2a:a0:37:68:71:fa:43:02:6c:16:f5:26:52:7a:
                    fe:f1:36:81:23:4b:a8:f1:1a:2c:45:85:eb:bd:8a:
                    bd:2c:4a:31:1b:f4:85:e3:e9:c9:42:d6:35:f5:0a:
                    57:0e:85:20:db:63:78:99:9b:f1:23:0b:17:c5:a5:
                    89:ae:63:32:6f:55:27:89:37:a7:a0:e2:ae:3f:b9:
                    92:65:d0:13:24:4c:37:d4:43:35:f5:f1:ce:41:d9:
                    44:ad:b9:19:c9:0c:39:35:9d:de:38:11:46:31:4b:
                    68:2d:53:ce:28:ed:88:b4:4b:fb:30:39:1b:8b:a9:
                    5a:64:7f:62:fd:e9:63:c9:06:8b:68:5e:31:33:9d:
                    7c:c4:b2:8c:88:20:47:10:be:15:b9:e1:e0:b1:e7:
                    17:ce:ad:3d:26:a6:40:bc:53:9d:19:64:6b:36:f1:
                    97:6a:2d:98:5b:87:a1:fa:6f:3d:4a:55:6f:62:70:
                    db:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A2:0B:99:9A:5F:D9:FA:E5:94:31:34:BA:54:83:67:6F:95:85:98
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136332e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:66:af:eb:7e:ad:cd:c4:c7:da:e0:0a:5e:10:89:07:3d:25:
         0f:c7:a5:ad:4a:27:75:9c:ff:98:2d:2d:78:f2:a4:4d:b2:8e:
         23:de:57:5f:c2:73:dc:a8:62:d6:8c:d5:47:05:c2:50:d0:a1:
         24:9b:15:13:2f:35:f1:88:c5:b4:32:36:41:f2:fc:82:71:e6:
         76:8b:98:43:4f:86:9d:e7:72:82:b4:9d:b9:d1:b9:f7:5a:3c:
         57:09:63:d1:cd:1c:30:3f:a5:85:ef:4f:7c:b7:e7:ff:fc:e6:
         b5:ab:89:d2:14:fb:3c:9d:da:a4:30:6e:ab:31:76:b7:b4:ad:
         7b:4d:dd:e1:c7:10:74:10:f5:0d:c1:30:b5:2d:2f:12:05:c2:
         86:c3:53:c7:42:e4:b4:16:58:b3:bb:c4:a7:ee:f0:2e:a4:64:
         a9:fd:e9:97:28:2b:6d:e1:e2:46:4b:50:4b:80:10:42:78:cb:
         f6:a5:19:2a:12:25:4e:71:c4:2b:f9:bb:31:ba:55:57:00:74:
         0f:5b:fd:e0:2e:dc:07:64:4c:77:e2:b9:f6:c3:a4:ec:e5:c2:
         b8:f3:20:3c:5b:a0:f2:d2:2a:da:27:b2:08:79:de:bf:f0:85:
         5d:2d:68:1c:3c:23:4c:a8:ed:e4:85:5a:84:64:1a:f4:29:34:
         f3:fe:90:6c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcNipRdsV4kQdI1dAURuUYdqhTfkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDIwNTA3NDNaFw0yNzA2MDEwNTEyNDNaMDMxMTAvBgNV
BAMTKEEzQTIwQjk5OUE1RkQ5RkFFNTk0MzEzNEJBNTQ4MzY3NkY5NTg1OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdlHZgy0+DvcAg7HvVMOQTzyGd
BGp3EPDogVmUG8LrP6ulzT83maFyaoW2vgy+RbAyjNK6Q/m5pDduAKaHLkV/U1Fa
L2IWk8jA/HAqoDdocfpDAmwW9SZSev7xNoEjS6jxGixFheu9ir0sSjEb9IXj6clC
1jX1ClcOhSDbY3iZm/EjCxfFpYmuYzJvVSeJN6eg4q4/uZJl0BMkTDfUQzX18c5B
2UStuRnJDDk1nd44EUYxS2gtU84o7Yi0S/swORuLqVpkf2L96WPJBotoXjEznXzE
soyIIEcQvhW54eCx5xfOrT0mpkC8U50ZZGs28ZdqLZhbh6H6bz1KVW9icNtbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUo6ILmZpf2frllDE0ulSDZ2+VhZgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+VKMw
DQYJKoZIhvcNAQELBQADggEBAABmr+t+rc3Ex9rgCl4QiQc9JQ/Hpa1KJ3Wc/5gt
LXjypE2yjiPeV1/Cc9yoYtaM1UcFwlDQoSSbFRMvNfGIxbQyNkHy/IJx5naLmENP
hp3ncoK0nbnRufdaPFcJY9HNHDA/pYXvT3y35//85rWridIU+zyd2qQwbqsxdre0
rXtN3eHHEHQQ9Q3BMLUtLxIFwobDU8dC5LQWWLO7xKfu8C6kZKn96ZcoK23h4kZL
UEuAEEJ4y/alGSoSJU5xxCv5uzG6VVcAdA9b/eAu3AdkTHfiufbDpOzlwrjzIDxb
oPLSKtonsgh53r/whV0taBw8I0yo7eSFWoRkGvQpNPP+kGw=
-----END CERTIFICATE-----