Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137342e302f32342d3234203d3e203231383539.roa
File:                     36322e38342e3137342e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          cx1MlYV418UdAQlp929X1XMRHAUDH8gnL+Csv/qIAoo=
Subject key identifier:   30:CE:DF:D9:9C:74:65:89:0B:64:4F:45:B0:F7:10:59:0F:37:5A:F7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2B935955E7B8401130356311FF3520F5DA17BF11
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137342e302f32342d3234203d3e203231383539.roa
Signing time:             Thu 15 May 2025 14:08:31 +0000
ROA not before:           Thu 15 May 2025 14:03:31 +0000
ROA not after:            Thu 14 May 2026 14:08:31 +0000
asID:                     21859
IP address blocks:        62.84.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:93:59:55:e7:b8:40:11:30:35:63:11:ff:35:20:f5:da:17:bf:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 14:03:31 2025 GMT
            Not After : May 14 14:08:31 2026 GMT
        Subject: CN=30CEDFD99C7465890B644F45B0F710590F375AF7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b9:33:e5:bc:4f:8d:38:b1:98:dd:e8:e5:07:
                    5f:48:9f:8e:91:dc:8f:f7:0e:28:3c:aa:b4:8f:9b:
                    6c:40:79:9d:7e:90:54:5e:ad:47:89:46:38:6a:6a:
                    26:56:10:82:5d:5c:9d:22:1c:02:11:79:fa:3f:59:
                    8d:49:00:b7:37:ac:2b:be:91:36:f5:37:c1:d6:28:
                    88:6f:03:f2:31:7d:b1:2e:cd:26:cf:58:55:b6:ce:
                    b6:e9:10:d9:69:50:4c:d8:00:4e:b6:ef:c7:82:63:
                    b1:fd:eb:76:4c:d7:82:cc:c1:9a:7d:c7:f1:3d:db:
                    eb:ac:a2:cc:77:18:5e:95:de:10:85:d2:3d:e3:c2:
                    78:87:36:c1:12:5d:69:92:bd:a3:72:56:81:6e:65:
                    c5:87:fd:c0:d0:5b:23:eb:4a:1a:77:dc:44:77:27:
                    a6:33:cd:35:b6:60:81:93:d5:dc:3e:01:b6:60:3d:
                    86:c7:7e:e3:f2:43:fe:bb:0b:4a:e6:35:a2:97:28:
                    45:e6:0c:d8:62:d5:23:0d:83:19:89:0c:0e:6b:41:
                    79:e8:78:c7:52:88:b7:e8:72:3b:ca:ba:14:4e:85:
                    6b:db:9b:c3:88:cb:76:0d:2a:41:e5:d0:83:f8:c8:
                    ef:46:a3:f2:9d:07:36:8e:bb:45:21:9d:12:77:75:
                    bb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:CE:DF:D9:9C:74:65:89:0B:64:4F:45:B0:F7:10:59:0F:37:5A:F7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137342e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ce:fe:f0:bf:d9:25:4e:2b:6c:9d:8b:b2:b5:cb:6c:3d:e7:
         65:9b:9f:a2:20:eb:54:6a:9f:ea:7b:ca:ef:2d:90:b2:29:34:
         2e:70:de:82:03:da:a9:01:be:7b:c5:ba:55:f1:c5:8f:9e:47:
         27:fb:89:02:7e:52:bb:a1:17:c9:a9:26:97:25:db:96:24:51:
         80:4c:44:1a:cc:b8:f7:cb:f7:ba:e5:b5:2a:4b:f5:33:fc:48:
         4c:f1:6c:d0:fc:28:ef:11:c7:76:4a:3c:f9:8a:1e:c5:8b:61:
         34:7d:44:99:66:3d:80:53:cd:6b:d8:56:36:51:f6:cf:d8:e4:
         5b:07:5b:33:8e:10:47:f5:b0:38:00:31:9a:5d:de:81:ed:89:
         60:00:6f:44:4a:ec:bb:8e:0d:5c:a5:c3:47:c4:9e:09:b6:63:
         cc:4d:c4:a3:d4:e4:86:32:fb:88:f5:8c:86:f3:c5:46:c2:7b:
         24:88:c0:6b:b7:f8:a5:fc:1d:b9:5b:a3:d0:50:1f:13:fc:ab:
         10:0e:6f:e7:bf:81:0b:59:03:af:11:48:05:1d:1a:91:72:9d:
         1b:d0:1f:b5:e8:14:be:e5:a8:40:df:15:9d:d9:85:37:22:a2:
         eb:37:10:03:1c:22:73:31:ad:71:f3:86:b6:31:a3:28:da:65:
         93:0b:ae:bd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK5NZVee4QBEwNWMR/zUg9doXvxEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxNDAzMzFaFw0yNjA1MTQxNDA4MzFaMDMxMTAvBgNV
BAMTKDMwQ0VERkQ5OUM3NDY1ODkwQjY0NEY0NUIwRjcxMDU5MEYzNzVBRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJuTPlvE+NOLGY3ejlB19In46R
3I/3Dig8qrSPm2xAeZ1+kFRerUeJRjhqaiZWEIJdXJ0iHAIRefo/WY1JALc3rCu+
kTb1N8HWKIhvA/IxfbEuzSbPWFW2zrbpENlpUEzYAE6278eCY7H963ZM14LMwZp9
x/E92+usosx3GF6V3hCF0j3jwniHNsESXWmSvaNyVoFuZcWH/cDQWyPrShp33ER3
J6YzzTW2YIGT1dw+AbZgPYbHfuPyQ/67C0rmNaKXKEXmDNhi1SMNgxmJDA5rQXno
eMdSiLfocjvKuhROhWvbm8OIy3YNKkHl0IP4yO9Go/KdBzaOu0UhnRJ3dbtdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMM7f2Zx0ZYkLZE9FsPcQWQ83WvcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNzM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD5U
rjANBgkqhkiG9w0BAQsFAAOCAQEAAs7+8L/ZJU4rbJ2LsrXLbD3nZZufoiDrVGqf
6nvK7y2Qsik0LnDeggPaqQG+e8W6VfHFj55HJ/uJAn5Su6EXyakmlyXbliRRgExE
Gsy498v3uuW1Kkv1M/xITPFs0Pwo7xHHdko8+YoexYthNH1EmWY9gFPNa9hWNlH2
z9jkWwdbM44QR/WwOAAxml3ege2JYABvRErsu44NXKXDR8SeCbZjzE3Eo9TkhjL7
iPWMhvPFRsJ7JIjAa7f4pfwduVuj0FAfE/yrEA5v57+BC1kDrxFIBR0akXKdG9Af
tegUvuWoQN8VndmFNyKi6zcQAxwiczGtcfOGtjGjKNplkwuuvQ==
-----END CERTIFICATE-----