Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3138342e302f32312d3231203d3e2036373632.roa
File:                     36322e38342e3138342e302f32312d3231203d3e2036373632.roa (raw, json)
Hash identifier:          tHvZtZz7xCTK2c9x9iRQw7sAQywtiHaAG/z3Qx1C2i8=
Subject key identifier:   62:35:AC:F2:F2:ED:E8:43:65:18:FB:C1:D4:87:95:85:65:15:2F:40
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       53AD32F3A363C528C8BC2E757B6FD4D0D6CA5ADD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3138342e302f32312d3231203d3e2036373632.roa
Signing time:             Wed 28 Feb 2024 14:28:07 +0000
ROA not before:           Wed 28 Feb 2024 14:23:07 +0000
ROA not after:            Wed 26 Feb 2025 14:28:07 +0000
asID:                     6762
IP address blocks:        62.84.184.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ad:32:f3:a3:63:c5:28:c8:bc:2e:75:7b:6f:d4:d0:d6:ca:5a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 28 14:23:07 2024 GMT
            Not After : Feb 26 14:28:07 2025 GMT
        Subject: CN=6235ACF2F2EDE8436518FBC1D487958565152F40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:91:59:2c:a5:79:b1:bc:ad:92:22:d3:d9:68:
                    47:c9:ec:15:a4:87:a8:f9:f0:95:23:0c:bd:d5:87:
                    04:39:04:07:8c:d7:d1:75:12:d0:e0:ca:e6:7e:5d:
                    cc:ee:b8:9f:33:28:29:e0:af:3b:cc:23:c1:8d:33:
                    e5:a1:4d:79:ae:9b:b8:cb:7a:1b:29:23:46:c3:91:
                    c7:39:80:43:fc:52:db:ad:f3:79:02:ce:10:41:01:
                    bc:49:55:88:a3:f8:e9:d3:e8:33:58:e4:de:c0:03:
                    72:76:eb:a7:47:35:38:72:54:1d:da:5e:d2:c0:03:
                    49:e4:2f:13:77:78:36:0e:11:43:f1:b2:bc:17:3f:
                    cb:17:3c:76:54:29:ff:eb:c6:d9:9b:c9:41:2f:9e:
                    32:8f:ef:d6:aa:ba:30:ce:94:d0:6f:9b:e6:14:94:
                    ea:cc:9f:bd:43:58:23:30:4d:b8:78:57:1e:90:79:
                    27:41:b4:c4:8d:9b:a1:59:9c:b5:50:a3:50:32:0f:
                    76:1b:ed:cf:94:85:a5:03:9a:4c:33:90:ec:b3:01:
                    5a:62:32:b9:ba:56:cc:dd:36:b6:e3:35:c4:f6:d3:
                    a5:f1:7b:22:bc:71:53:bd:14:c0:96:e8:59:a8:8a:
                    67:06:da:20:3b:73:95:29:d2:94:fd:22:7e:90:8d:
                    11:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:35:AC:F2:F2:ED:E8:43:65:18:FB:C1:D4:87:95:85:65:15:2F:40
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3138342e302f32312d3231203d3e2036373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         53:90:75:c6:0a:22:d8:e2:74:62:5d:11:48:a5:39:59:08:af:
         00:bd:98:46:ab:df:93:57:80:23:53:00:28:8c:66:26:c7:c2:
         85:e8:0d:41:40:6d:d1:2e:8a:ed:e8:28:8b:68:ca:ab:3d:78:
         98:c5:be:df:27:c4:be:42:d3:96:06:63:15:86:97:31:f5:a7:
         aa:4d:66:31:3a:35:45:a8:34:ce:f3:b4:eb:a4:52:2d:72:74:
         81:e8:df:82:92:ee:fd:f8:59:b1:18:f0:01:04:85:70:75:ea:
         ce:5b:30:44:8d:01:58:72:b3:4e:a2:f4:a8:1e:c6:95:de:2c:
         69:a4:5e:56:c1:cc:31:aa:f2:cd:65:d2:c9:f1:88:24:fb:b4:
         cd:15:84:51:a5:57:f7:49:ca:2b:91:8b:9c:f2:9b:91:59:0a:
         c2:2d:96:3c:6b:9a:ef:9c:64:b9:b2:69:e6:53:28:74:e6:aa:
         3f:a5:61:a7:4e:6f:9b:b7:cd:7e:39:6f:a5:e0:ab:da:91:e1:
         63:06:8e:ec:52:d3:4a:49:9a:5f:7d:f2:37:90:96:4a:e0:1a:
         f4:34:71:f8:15:58:20:49:52:bf:ca:ff:82:4e:89:b9:4c:60:
         0b:78:01:ee:50:1f:66:07:c0:40:f5:ee:89:4d:83:50:0e:83:
         81:bc:9c:f5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUU60y86NjxSjIvC51e2/U0NbKWt0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjgxNDIzMDdaFw0yNTAyMjYxNDI4MDdaMDMxMTAvBgNV
BAMTKDYyMzVBQ0YyRjJFREU4NDM2NTE4RkJDMUQ0ODc5NTg1NjUxNTJGNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCukVkspXmxvK2SItPZaEfJ7BWk
h6j58JUjDL3VhwQ5BAeM19F1EtDgyuZ+XczuuJ8zKCngrzvMI8GNM+WhTXmum7jL
ehspI0bDkcc5gEP8Utut83kCzhBBAbxJVYij+OnT6DNY5N7AA3J266dHNThyVB3a
XtLAA0nkLxN3eDYOEUPxsrwXP8sXPHZUKf/rxtmbyUEvnjKP79aqujDOlNBvm+YU
lOrMn71DWCMwTbh4Vx6QeSdBtMSNm6FZnLVQo1AyD3Yb7c+UhaUDmkwzkOyzAVpi
Mrm6VszdNrbjNcT206XxeyK8cVO9FMCW6FmoimcG2iA7c5Up0pT9In6QjRFPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUYjWs8vLt6ENlGPvB1IeVhWUVL0AwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzODM0
MmUzMDJmMzIzMTJkMzIzMTIwM2QzZTIwMzYzNzM2MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAM+VLgw
DQYJKoZIhvcNAQELBQADggEBAFOQdcYKItjidGJdEUilOVkIrwC9mEar35NXgCNT
ACiMZibHwoXoDUFAbdEuiu3oKItoyqs9eJjFvt8nxL5C05YGYxWGlzH1p6pNZjE6
NUWoNM7ztOukUi1ydIHo34KS7v34WbEY8AEEhXB16s5bMESNAVhys06i9KgexpXe
LGmkXlbBzDGq8s1l0snxiCT7tM0VhFGlV/dJyiuRi5zym5FZCsItljxrmu+cZLmy
aeZTKHTmqj+lYadOb5u3zX45b6Xgq9qR4WMGjuxS00pJml998jeQlkrgGvQ0cfgV
WCBJUr/K/4JOiblMYAt4Ae5QH2YHwED17olNg1AOg4G8nPU=
-----END CERTIFICATE-----