Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136382e302f32342d3234203d3e203235333639.roa
File:                     36322e38342e3136382e302f32342d3234203d3e203235333639.roa (raw, json)
Hash identifier:          HxOCQyNIdRwnWxTwa2Ugk9shT09Yutm76h1Agf+hluY=
Subject key identifier:   EF:7B:57:23:42:A2:1C:F6:2A:04:07:7E:5B:70:73:A0:B0:ED:DF:1A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0DAC7CE8F816100CF73BE3CE116E2D885E30AF84
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136382e302f32342d3234203d3e203235333639.roa
Signing time:             Mon 19 May 2025 10:34:13 +0000
ROA not before:           Mon 19 May 2025 10:29:13 +0000
ROA not after:            Mon 18 May 2026 10:34:13 +0000
asID:                     25369
IP address blocks:        62.84.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:ac:7c:e8:f8:16:10:0c:f7:3b:e3:ce:11:6e:2d:88:5e:30:af:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 19 10:29:13 2025 GMT
            Not After : May 18 10:34:13 2026 GMT
        Subject: CN=EF7B572342A21CF62A04077E5B7073A0B0EDDF1A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ec:43:25:22:e4:7e:24:58:53:27:cb:8b:8f:
                    2b:69:c4:81:e2:c5:36:5c:20:b1:49:33:13:b6:8c:
                    f8:47:78:f1:30:c9:e4:d0:f7:c5:8a:12:a3:96:e1:
                    08:70:fe:0d:56:fd:09:80:58:df:25:96:a3:c4:8c:
                    f0:15:1e:ff:ff:43:04:3a:7f:3a:b8:42:4a:6f:65:
                    73:b0:92:41:c5:d6:0b:d4:a1:b4:25:08:1f:4f:81:
                    8e:7e:46:9b:5b:e5:35:3d:a6:63:3d:06:f6:5c:70:
                    ac:30:e0:55:71:9d:3a:e6:ed:0a:d5:31:ee:2f:1c:
                    6f:da:96:df:a9:fa:9a:17:fd:fe:71:e2:52:56:02:
                    53:0b:9b:c9:72:9b:4d:09:6f:bd:4d:ef:39:89:5e:
                    19:11:1b:f4:14:4d:51:98:54:47:62:05:03:d2:c5:
                    4e:2d:59:a7:20:64:c4:57:67:82:d9:48:9e:b9:71:
                    06:10:6a:ae:9a:0a:af:73:be:57:03:9b:a0:93:dd:
                    c7:18:2d:d8:a8:9b:4c:3e:1b:1b:85:69:45:ad:5b:
                    56:c7:ca:b2:bb:b8:23:dc:02:a8:de:5f:fb:2f:39:
                    a4:21:bc:07:17:3d:2c:c7:12:42:b3:09:90:db:b3:
                    77:cd:d7:51:3a:c2:23:52:48:ea:55:68:69:01:e2:
                    46:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:7B:57:23:42:A2:1C:F6:2A:04:07:7E:5B:70:73:A0:B0:ED:DF:1A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136382e302f32342d3234203d3e203235333639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:3a:6b:b5:0c:62:d1:e2:d2:ea:57:5b:44:e1:eb:c3:d9:1e:
         a4:2f:f3:b7:a9:ae:1a:6b:86:20:b5:39:67:d6:71:b2:b2:58:
         5c:a1:4b:16:76:9c:ed:2f:05:9c:cb:73:80:85:3d:70:12:0f:
         fd:7f:35:65:33:32:db:88:73:74:80:d6:ff:5c:fd:39:ee:ba:
         53:5f:df:a3:87:99:08:27:11:43:c7:6d:f3:13:b8:8f:a4:47:
         3c:a5:b0:68:98:d9:69:ec:3a:50:68:98:fa:3c:91:f6:28:f5:
         cd:d7:07:6f:01:44:8a:8a:69:8f:fb:b8:05:2d:71:e0:09:32:
         9a:03:35:dc:fd:fa:7d:0b:e6:34:6f:17:cb:90:9e:b6:4e:14:
         a2:80:d5:1a:9f:1d:70:a0:5c:d1:b7:c5:3f:ed:04:fc:0c:b0:
         8c:10:e3:e5:86:e7:c9:04:4c:c3:2c:7f:c6:84:58:fe:ac:c0:
         b6:63:93:b7:4f:45:4b:5c:f1:86:07:5a:50:a9:b7:11:1a:38:
         78:ad:08:c1:08:da:9b:1c:65:92:3c:e4:1e:be:07:7b:f6:65:
         2d:4b:f4:24:99:f0:67:b6:03:7d:8f:bf:9c:fc:bf:e3:90:36:
         ec:fe:6b:50:9f:14:20:37:4f:ba:0f:a7:b6:e3:54:ac:ec:c8:
         ba:7e:51:b3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDax86PgWEAz3O+POEW4tiF4wr4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTkxMDI5MTNaFw0yNjA1MTgxMDM0MTNaMDMxMTAvBgNV
BAMTKEVGN0I1NzIzNDJBMjFDRjYyQTA0MDc3RTVCNzA3M0EwQjBFRERGMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd7EMlIuR+JFhTJ8uLjytpxIHi
xTZcILFJMxO2jPhHePEwyeTQ98WKEqOW4Qhw/g1W/QmAWN8llqPEjPAVHv//QwQ6
fzq4QkpvZXOwkkHF1gvUobQlCB9PgY5+Rptb5TU9pmM9BvZccKww4FVxnTrm7QrV
Me4vHG/alt+p+poX/f5x4lJWAlMLm8lym00Jb71N7zmJXhkRG/QUTVGYVEdiBQPS
xU4tWacgZMRXZ4LZSJ65cQYQaq6aCq9zvlcDm6CT3ccYLdiom0w+GxuFaUWtW1bH
yrK7uCPcAqjeX/svOaQhvAcXPSzHEkKzCZDbs3fN11E6wiNSSOpVaGkB4kadAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU73tXI0KiHPYqBAd+W3BzoLDt3xowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNTMzMzYzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD5U
qDANBgkqhkiG9w0BAQsFAAOCAQEAnTprtQxi0eLS6ldbROHrw9kepC/zt6muGmuG
ILU5Z9ZxsrJYXKFLFnac7S8FnMtzgIU9cBIP/X81ZTMy24hzdIDW/1z9Oe66U1/f
o4eZCCcRQ8dt8xO4j6RHPKWwaJjZaew6UGiY+jyR9ij1zdcHbwFEioppj/u4BS1x
4AkymgM13P36fQvmNG8Xy5Cetk4UooDVGp8dcKBc0bfFP+0E/AywjBDj5YbnyQRM
wyx/xoRY/qzAtmOTt09FS1zxhgdaUKm3ERo4eK0IwQjamxxlkjzkHr4He/ZlLUv0
JJnwZ7YDfY+/nPy/45A27P5rUJ8UIDdPug+ntuNUrOzIun5Rsw==
-----END CERTIFICATE-----