Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137362e302f32302d3332203d3e203531313637.roa
File:                     36322e38342e3137362e302f32302d3332203d3e203531313637.roa (raw, json)
Hash identifier:          lWfBHcSj4drr1BDay3q6jq+/LjZ9m8waXI0qCi8CtzU=
Subject key identifier:   5B:AE:99:3B:77:FE:5B:F8:D9:D7:CD:E9:32:EC:6E:27:8F:BD:79:4F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3833250E4C10A396725F13492184E0F872DFBEC8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137362e302f32302d3332203d3e203531313637.roa
Signing time:             Thu 27 Jun 2024 17:23:56 +0000
ROA not before:           Thu 27 Jun 2024 17:18:56 +0000
ROA not after:            Thu 26 Jun 2025 17:23:56 +0000
asID:                     51167
IP address blocks:        62.84.176.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:33:25:0e:4c:10:a3:96:72:5f:13:49:21:84:e0:f8:72:df:be:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 27 17:18:56 2024 GMT
            Not After : Jun 26 17:23:56 2025 GMT
        Subject: CN=5BAE993B77FE5BF8D9D7CDE932EC6E278FBD794F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:73:0f:37:95:d2:64:20:87:ae:e4:23:18:a8:
                    1d:c0:e1:97:11:c0:2b:59:45:85:f4:04:3b:aa:0f:
                    93:df:58:54:07:9c:1b:92:2a:51:3d:bc:ae:2c:e0:
                    62:43:e7:5e:36:25:32:d0:5a:cb:34:5c:52:a0:24:
                    ad:a6:01:f0:ce:46:a2:68:f4:4b:2e:8f:31:33:08:
                    90:c7:83:22:e5:83:0a:de:b2:f0:4d:59:c6:68:f3:
                    c6:b0:c7:3e:70:c8:04:14:2f:b2:4b:aa:1f:50:8e:
                    ea:43:0a:14:2d:57:90:e8:c9:78:aa:b2:8d:ff:89:
                    e2:6c:b8:ba:5b:64:56:f1:de:e9:d9:16:25:0b:d1:
                    c8:aa:f1:ec:3d:a9:58:d4:da:ba:8d:fc:f9:8d:e6:
                    15:fb:08:e3:f5:47:34:cd:f5:4a:4b:82:9b:d6:ca:
                    12:ca:62:a8:75:92:ed:4e:4a:3a:3f:4c:b7:53:3f:
                    c9:66:bb:91:ee:5b:ce:9d:86:d8:de:9d:fd:70:5b:
                    f7:9a:8e:a6:32:9b:07:3f:d2:d9:78:04:aa:37:c0:
                    d6:ab:f8:3d:a6:00:43:57:aa:05:65:95:80:b3:8e:
                    50:99:d0:af:5b:b7:df:6f:b8:39:fa:0d:09:21:0e:
                    30:78:fc:0d:a7:4f:40:b7:91:11:14:a1:ae:82:af:
                    9a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:AE:99:3B:77:FE:5B:F8:D9:D7:CD:E9:32:EC:6E:27:8F:BD:79:4F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137362e302f32302d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         51:b9:69:b4:10:48:2b:15:7e:13:5a:8d:cd:5e:d0:be:fe:94:
         dd:ea:10:88:17:21:a3:33:60:28:a0:ed:01:ba:63:75:ab:1f:
         26:82:95:4e:b6:8d:3e:ee:68:52:c2:19:b4:9c:20:2c:ae:f6:
         9a:57:2a:23:02:a2:9e:06:5b:07:a6:06:7b:bc:b9:4a:15:d6:
         c1:37:42:23:fe:9d:7f:b4:6b:de:ba:8d:c7:e6:19:72:c5:29:
         2e:3e:8a:34:d4:35:8f:3e:07:f6:c0:e3:4d:62:0c:85:93:28:
         aa:d6:3e:d1:fc:75:eb:61:71:37:9b:94:b1:aa:df:10:04:34:
         4b:ad:5c:3b:12:35:74:e0:49:c4:93:14:ea:a9:12:06:97:4b:
         80:6d:55:04:b7:c8:a6:e6:50:d4:a3:ac:7a:f1:29:ae:40:d8:
         c3:bf:90:cc:83:32:c4:98:90:35:b9:6a:f4:8b:04:ff:87:ee:
         4a:f8:9b:d7:03:2c:97:d7:2d:ff:6b:87:b5:db:1e:6e:d2:d3:
         e8:4a:76:e8:68:9b:8c:29:7d:2e:f5:57:01:bf:4a:bd:26:03:
         24:f8:c0:de:93:8a:2d:49:14:42:ab:f4:57:50:49:14:1a:e5:
         cf:21:61:66:d9:38:34:2a:09:37:ab:66:62:bb:eb:3a:3c:c3:
         a8:73:c4:77
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUODMlDkwQo5ZyXxNJIYTg+HLfvsgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MjcxNzE4NTZaFw0yNTA2MjYxNzIzNTZaMDMxMTAvBgNV
BAMTKDVCQUU5OTNCNzdGRTVCRjhEOUQ3Q0RFOTMyRUM2RTI3OEZCRDc5NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDecw83ldJkIIeu5CMYqB3A4ZcR
wCtZRYX0BDuqD5PfWFQHnBuSKlE9vK4s4GJD5142JTLQWss0XFKgJK2mAfDORqJo
9EsujzEzCJDHgyLlgwresvBNWcZo88awxz5wyAQUL7JLqh9QjupDChQtV5DoyXiq
so3/ieJsuLpbZFbx3unZFiUL0ciq8ew9qVjU2rqN/PmN5hX7COP1RzTN9UpLgpvW
yhLKYqh1ku1OSjo/TLdTP8lmu5HuW86dhtjenf1wW/eajqYymwc/0tl4BKo3wNar
+D2mAENXqgVllYCzjlCZ0K9bt99vuDn6DQkhDjB4/A2nT0C3kREUoa6Cr5p7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW66ZO3f+W/jZ183pMuxuJ4+9eU8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNzM2
MmUzMDJmMzIzMDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBD5U
sDANBgkqhkiG9w0BAQsFAAOCAQEAUblptBBIKxV+E1qNzV7Qvv6U3eoQiBchozNg
KKDtAbpjdasfJoKVTraNPu5oUsIZtJwgLK72mlcqIwKingZbB6YGe7y5ShXWwTdC
I/6df7Rr3rqNx+YZcsUpLj6KNNQ1jz4H9sDjTWIMhZMoqtY+0fx162FxN5uUsarf
EAQ0S61cOxI1dOBJxJMU6qkSBpdLgG1VBLfIpuZQ1KOsevEprkDYw7+QzIMyxJiQ
Nblq9IsE/4fuSvib1wMsl9ct/2uHtdsebtLT6Ep26GibjCl9LvVXAb9KvSYDJPjA
3pOKLUkUQqv0V1BJFBrlzyFhZtk4NCoJN6tmYrvrOjzDqHPEdw==
-----END CERTIFICATE-----