Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137312e302f32342d3234203d3e20383334.roa
File:                     36322e38342e3137312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Y333QS4Udy8/KKQZ6iE0Bpmye8wTSbMcjadNxmiuOXg=
Subject key identifier:   D9:9C:38:A3:30:70:61:C4:C4:BF:2F:C6:75:1A:F6:36:E8:5C:CC:49
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3A304A7432B743A61282B1DF108A429A87FCD9DE
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 15 Jun 2026 07:01:51 +0000
ROA not before:           Mon 15 Jun 2026 06:56:51 +0000
ROA not after:            Mon 14 Jun 2027 07:01:51 +0000
asID:                     834
IP address blocks:        62.84.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:30:4a:74:32:b7:43:a6:12:82:b1:df:10:8a:42:9a:87:fc:d9:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 15 06:56:51 2026 GMT
            Not After : Jun 14 07:01:51 2027 GMT
        Subject: CN=D99C38A3307061C4C4BF2FC6751AF636E85CCC49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:71:bb:70:f9:32:32:34:a1:cb:e9:da:01:6d:
                    da:43:39:44:c6:7e:c3:57:75:0a:37:7a:0b:cc:84:
                    0b:64:8d:b4:1e:84:fd:c2:c3:eb:e4:70:7f:85:1b:
                    06:91:16:79:f1:44:1a:7d:03:2c:a0:56:56:54:f6:
                    06:03:0a:10:5c:b5:f1:56:3d:96:1a:ab:fc:60:3f:
                    02:22:30:e4:a4:5f:ea:9f:86:01:95:32:08:de:42:
                    0c:d0:3e:7b:22:e6:5f:0f:b0:2d:40:c2:b3:c5:62:
                    5e:6a:0d:b5:6c:e7:71:10:11:2f:80:0d:73:ad:56:
                    e2:5f:93:64:c6:34:87:91:a0:f4:77:06:3a:c7:30:
                    e7:1b:0a:14:8c:f3:f0:04:26:c3:5b:60:8e:c6:4b:
                    33:80:87:4e:8a:e4:4e:ca:61:0e:4d:18:03:08:83:
                    3d:d6:2f:d4:1a:66:71:0c:1a:39:69:12:0c:2f:c2:
                    d8:38:94:54:b8:ba:13:07:60:b4:f0:3d:25:e5:10:
                    6e:a8:63:98:1a:02:dd:7f:56:a2:78:12:b8:92:3d:
                    8e:ec:bc:3d:95:ac:ac:ba:aa:83:4f:20:06:e1:7b:
                    db:77:de:2e:83:79:43:4d:17:49:0b:f8:2f:66:1e:
                    8a:98:de:1a:91:a2:39:ae:1e:80:e0:6c:49:1d:20:
                    ab:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:9C:38:A3:30:70:61:C4:C4:BF:2F:C6:75:1A:F6:36:E8:5C:CC:49
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:e8:69:e1:1b:5b:e3:3b:b7:a2:21:a1:51:41:5e:a3:d8:d4:
         7a:54:8c:0e:1e:7d:af:1d:47:66:03:c1:98:19:d7:2f:99:13:
         72:a4:46:ba:8d:f6:00:c0:40:98:cf:99:fa:37:12:85:9d:c8:
         bd:89:34:78:6e:2f:da:27:60:5d:50:c3:d1:20:55:1a:52:f4:
         ad:9d:06:51:e0:5a:dc:6c:b2:26:89:f1:c7:46:56:1b:fa:63:
         d4:ae:a0:aa:09:73:10:3f:ca:87:26:97:88:db:b5:05:ea:c3:
         0c:2e:ec:94:42:13:dc:bd:1f:cf:db:3c:32:d8:aa:ba:2d:82:
         74:ed:88:ae:7f:b9:ad:2e:1b:cb:6b:f6:2b:f4:7f:fb:4f:d4:
         29:c2:39:52:3a:e4:13:fe:b8:cf:2c:7b:8c:8b:07:e1:e9:e7:
         2a:5b:9b:45:39:4a:46:c5:4b:e9:e0:0d:0b:61:ba:40:23:0c:
         7f:da:92:65:0d:e3:6c:0d:0d:8e:d8:f9:31:8d:3b:37:3d:ee:
         54:f1:bb:9e:c4:62:2e:96:d1:b6:1c:56:88:c4:21:a2:ce:9a:
         12:83:90:04:6a:aa:98:0e:7c:7c:e0:ef:bb:a9:de:ec:09:bc:
         51:35:de:9d:49:0f:b1:50:3e:e0:57:fd:86:36:12:3e:41:4a:
         ef:18:58:e1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUOjBKdDK3Q6YSgrHfEIpCmof82d4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MTUwNjU2NTFaFw0yNzA2MTQwNzAxNTFaMDMxMTAvBgNV
BAMTKEQ5OUMzOEEzMzA3MDYxQzRDNEJGMkZDNjc1MUFGNjM2RTg1Q0NDNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDccbtw+TIyNKHL6doBbdpDOUTG
fsNXdQo3egvMhAtkjbQehP3Cw+vkcH+FGwaRFnnxRBp9AyygVlZU9gYDChBctfFW
PZYaq/xgPwIiMOSkX+qfhgGVMgjeQgzQPnsi5l8PsC1AwrPFYl5qDbVs53EQES+A
DXOtVuJfk2TGNIeRoPR3BjrHMOcbChSM8/AEJsNbYI7GSzOAh06K5E7KYQ5NGAMI
gz3WL9QaZnEMGjlpEgwvwtg4lFS4uhMHYLTwPSXlEG6oY5gaAt1/VqJ4EriSPY7s
vD2VrKy6qoNPIAbhe9t33i6DeUNNF0kL+C9mHoqY3hqRojmuHoDgbEkdIKvlAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU2Zw4ozBwYcTEvy/GdRr2NuhczEkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlSrMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ6GnhG1vjO7eiIaFRQV6j2NR6VIwOHn2vHUdmA8GY
GdcvmRNypEa6jfYAwECYz5n6NxKFnci9iTR4bi/aJ2BdUMPRIFUaUvStnQZR4Frc
bLImifHHRlYb+mPUrqCqCXMQP8qHJpeI27UF6sMMLuyUQhPcvR/P2zwy2Kq6LYJ0
7Yiuf7mtLhvLa/Yr9H/7T9QpwjlSOuQT/rjPLHuMiwfh6ecqW5tFOUpGxUvp4A0L
YbpAIwx/2pJlDeNsDQ2O2PkxjTs3Pe5U8buexGIultG2HFaIxCGizpoSg5AEaqqY
Dnx84O+7qd7sCbxRNd6dSQ+xUD7gV/2GNhI+QUrvGFjh
-----END CERTIFICATE-----