Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137362e302f32302d3332203d3e203531313637.roa
File:                     36322e38342e3137362e302f32302d3332203d3e203531313637.roa (raw, json)
Hash identifier:          SUu9l8b5qrpuEG1DEuX56E8YDx89ikcfLbHiUbI6Dhw=
Subject key identifier:   1C:96:CA:A9:35:F5:35:E9:3B:D0:51:D3:CF:55:30:7E:6E:9E:8C:78
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5CF7F2A99B39C9D46850B6ED789DB96294AC0122
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137362e302f32302d3332203d3e203531313637.roa
Signing time:             Thu 29 May 2025 17:46:34 +0000
ROA not before:           Thu 29 May 2025 17:41:34 +0000
ROA not after:            Thu 28 May 2026 17:46:34 +0000
asID:                     51167
IP address blocks:        62.84.176.0/20 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:f7:f2:a9:9b:39:c9:d4:68:50:b6:ed:78:9d:b9:62:94:ac:01:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 29 17:41:34 2025 GMT
            Not After : May 28 17:46:34 2026 GMT
        Subject: CN=1C96CAA935F535E93BD051D3CF55307E6E9E8C78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d8:60:9a:43:2c:21:aa:21:53:f7:dc:02:30:
                    c3:90:c7:9d:a9:44:b8:87:96:c7:c0:19:0f:70:8c:
                    16:42:5f:dc:40:71:4f:54:43:6e:c5:cb:4c:cc:d3:
                    c9:9a:71:35:f6:aa:18:49:24:f6:6c:ed:7f:b7:dd:
                    15:23:f4:0d:ce:c8:6b:33:ce:f8:bc:23:06:88:cf:
                    fa:cf:7f:cb:ab:29:67:8c:8b:17:9b:62:fa:99:49:
                    9f:cb:63:74:27:d2:3d:81:b8:9c:d5:6d:14:a8:79:
                    07:1c:6f:28:55:48:ad:e3:9e:f8:c7:1e:68:52:f5:
                    33:96:e6:7f:2e:7f:d2:f1:df:90:f6:7c:aa:01:21:
                    da:9c:b3:ea:a7:7a:fa:25:28:8c:71:35:5a:13:6a:
                    b7:df:a3:39:df:51:56:22:38:ba:a2:99:c6:47:36:
                    2c:e9:82:a9:44:8f:0b:49:ff:b0:4c:9b:5f:6e:e8:
                    25:fe:33:dc:df:1b:d8:e6:ec:6c:b2:c6:cb:45:3b:
                    47:48:e4:11:93:ed:45:b2:37:37:75:6e:09:36:4d:
                    c6:71:3c:97:fd:84:be:b9:98:b8:e1:9f:1a:d0:61:
                    1f:3b:ba:14:9a:2d:65:e7:24:00:b0:e2:e7:8e:29:
                    2e:24:e1:00:7f:d4:4e:9b:3c:b9:ed:1d:41:ae:f5:
                    a7:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:96:CA:A9:35:F5:35:E9:3B:D0:51:D3:CF:55:30:7E:6E:9E:8C:78
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137362e302f32302d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         59:57:d4:c1:aa:21:a8:9e:e9:66:23:15:a9:44:31:c4:60:8c:
         3d:26:4d:aa:e2:18:35:66:61:81:f7:06:c1:b2:ca:47:d1:b4:
         2f:17:30:b2:85:cd:04:cc:df:82:a3:38:e4:2c:83:33:51:35:
         cb:9d:86:48:fc:18:a5:bb:4f:67:ae:67:df:46:00:73:ea:09:
         13:bf:c6:ef:4c:3f:31:f2:73:75:2c:05:a3:81:1a:42:8c:b5:
         6e:50:e4:c3:83:13:97:4d:17:5c:86:36:8c:ea:c8:88:6e:b4:
         ed:11:26:e6:88:1a:cd:c0:b3:0a:8a:f1:ee:e7:53:38:c4:27:
         6a:4f:1d:7d:6c:72:10:30:fa:fc:16:14:15:78:cd:de:07:95:
         b0:60:9a:d5:fe:58:ae:b2:cd:91:79:69:eb:36:10:08:ae:9a:
         da:ee:0d:bd:f4:4f:1b:bf:4e:1a:a1:9a:0f:e1:33:1c:f5:ee:
         3c:78:a9:e0:53:ed:c0:59:4a:e9:77:ab:72:98:76:53:c4:d5:
         b2:ef:d4:dc:e4:78:d9:b6:84:45:9a:96:e5:13:72:16:68:31:
         85:59:8e:98:5d:10:53:00:b5:26:a9:4e:3f:85:3f:16:a3:2d:
         f7:43:a3:b4:39:90:39:07:ae:82:db:38:99:f5:a1:37:f5:b7:
         8e:5a:e8:2a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXPfyqZs5ydRoULbteJ25YpSsASIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MjkxNzQxMzRaFw0yNjA1MjgxNzQ2MzRaMDMxMTAvBgNV
BAMTKDFDOTZDQUE5MzVGNTM1RTkzQkQwNTFEM0NGNTUzMDdFNkU5RThDNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo2GCaQywhqiFT99wCMMOQx52p
RLiHlsfAGQ9wjBZCX9xAcU9UQ27Fy0zM08macTX2qhhJJPZs7X+33RUj9A3OyGsz
zvi8IwaIz/rPf8urKWeMixebYvqZSZ/LY3Qn0j2BuJzVbRSoeQccbyhVSK3jnvjH
HmhS9TOW5n8uf9Lx35D2fKoBIdqcs+qnevolKIxxNVoTarffoznfUVYiOLqimcZH
NizpgqlEjwtJ/7BMm19u6CX+M9zfG9jm7GyyxstFO0dI5BGT7UWyNzd1bgk2TcZx
PJf9hL65mLjhnxrQYR87uhSaLWXnJACw4ueOKS4k4QB/1E6bPLntHUGu9addAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHJbKqTX1Nek70FHTz1Uwfm6ejHgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNzM2
MmUzMDJmMzIzMDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBD5U
sDANBgkqhkiG9w0BAQsFAAOCAQEAWVfUwaohqJ7pZiMVqUQxxGCMPSZNquIYNWZh
gfcGwbLKR9G0LxcwsoXNBMzfgqM45CyDM1E1y52GSPwYpbtPZ65n30YAc+oJE7/G
70w/MfJzdSwFo4EaQoy1blDkw4MTl00XXIY2jOrIiG607REm5ogazcCzCorx7udT
OMQnak8dfWxyEDD6/BYUFXjN3geVsGCa1f5YrrLNkXlp6zYQCK6a2u4NvfRPG79O
GqGaD+EzHPXuPHip4FPtwFlK6Xercph2U8TVsu/U3OR42baERZqW5RNyFmgxhVmO
mF0QUwC1JqlOP4U/FqMt90OjtDmQOQeugts4mfWhN/W3jlroKg==
-----END CERTIFICATE-----