Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/36322e332e382e302f32342d3234203d3e20323031333431.roa
File:                     36322e332e382e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          fAXT8Ob6aN1cUiSBefrsAGMhjg7dF8Dm70101LtDWM8=
Subject key identifier:   F4:DE:22:F8:0A:A8:47:1F:7B:FB:98:C5:97:94:E4:BD:34:69:99:58
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       4DD682DF2552D74A06707152189021585D3447BD
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/36322e332e382e302f32342d3234203d3e20323031333431.roa
Signing time:             Wed 27 Dec 2023 14:45:53 +0000
ROA not before:           Wed 27 Dec 2023 14:40:53 +0000
ROA not after:            Wed 25 Dec 2024 14:45:53 +0000
asID:                     201341
IP address blocks:        62.3.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d6:82:df:25:52:d7:4a:06:70:71:52:18:90:21:58:5d:34:47:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Dec 27 14:40:53 2023 GMT
            Not After : Dec 25 14:45:53 2024 GMT
        Subject: CN=F4DE22F80AA8471F7BFB98C59794E4BD34699958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:80:d9:2e:2d:23:66:ee:f2:50:85:fe:31:54:
                    e0:98:76:aa:14:aa:f3:6f:cd:51:3e:44:fb:7a:5b:
                    ee:ad:96:a6:27:95:9b:e0:d0:47:7e:44:a9:15:bf:
                    80:d8:c9:04:5d:95:5e:d1:62:1b:69:b6:64:1d:26:
                    5a:e4:b9:a2:48:2f:e4:f0:56:4b:2e:71:48:34:17:
                    27:59:b1:f7:9b:08:e8:a1:c6:3e:87:be:04:94:94:
                    b0:60:b5:2d:01:aa:a7:d3:6e:0d:c1:4f:65:39:08:
                    89:6b:2b:99:32:41:82:1a:8f:5d:8b:a7:cf:38:cb:
                    7a:87:52:d7:06:52:56:62:44:8c:87:36:e8:1c:94:
                    81:57:ab:8f:8c:75:88:76:17:fb:1c:86:bd:4e:b3:
                    8c:3d:1d:36:a1:67:2a:ad:6b:ce:27:32:08:1f:e3:
                    59:f3:05:5d:49:15:2b:e2:2f:ae:bd:c3:f8:fb:9e:
                    08:64:c2:75:ec:79:bb:c9:e3:c8:a1:a9:b3:61:8a:
                    28:77:7c:8c:aa:86:96:fa:e0:c0:39:8b:14:fd:9c:
                    ed:e3:8f:5e:31:8f:00:d2:f3:59:d1:27:0a:7f:47:
                    33:bf:14:01:f2:c7:be:51:c7:31:94:68:db:a2:a3:
                    50:f6:e6:46:61:bc:32:c9:3e:dc:fd:9f:fd:a6:ab:
                    22:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DE:22:F8:0A:A8:47:1F:7B:FB:98:C5:97:94:E4:BD:34:69:99:58
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/36322e332e382e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:36:cd:49:72:35:9a:46:d5:f8:1e:93:3a:af:30:5b:a0:ba:
         b0:f9:38:c6:43:36:a2:82:e2:7f:4f:4e:8a:0c:43:21:7c:71:
         f8:c4:b6:da:32:3c:4b:44:29:9a:a3:92:19:dd:d5:c2:0e:19:
         5a:e8:79:34:53:b3:10:0d:6e:de:ca:e0:eb:17:ca:e1:ea:f0:
         df:77:ff:72:61:00:63:98:cc:55:50:eb:6e:9f:7c:16:31:94:
         b1:d5:92:60:ea:d1:22:2f:cc:85:f8:55:13:81:83:81:8b:0a:
         8c:78:32:22:38:96:78:07:01:f4:94:7b:8d:85:90:7f:f6:b1:
         51:7e:3e:0c:b0:a6:cf:a7:11:a4:72:10:56:3e:3f:05:ed:f4:
         c7:57:76:9d:25:07:2f:01:d8:63:b6:95:67:64:e5:50:15:0e:
         8f:46:a8:d1:ec:d0:64:cc:75:25:b9:51:74:88:a2:a6:7c:c9:
         f1:5c:e0:db:08:2b:24:59:01:05:c3:a5:19:4f:25:44:b9:44:
         16:dd:08:a2:0b:a4:8b:25:51:54:0c:fb:1e:67:a1:7e:d4:1a:
         f0:3c:4b:d2:e0:19:47:c4:04:f1:cc:4b:78:3f:c3:72:55:74:
         7b:91:9b:54:cb:7e:17:e6:b1:12:a4:cd:55:60:ca:5b:cc:44:
         ba:71:a4:a8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUTdaC3yVS10oGcHFSGJAhWF00R70wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yMzEyMjcxNDQwNTNaFw0yNDEyMjUxNDQ1NTNaMDMxMTAvBgNV
BAMTKEY0REUyMkY4MEFBODQ3MUY3QkZCOThDNTk3OTRFNEJEMzQ2OTk5NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBgNkuLSNm7vJQhf4xVOCYdqoU
qvNvzVE+RPt6W+6tlqYnlZvg0Ed+RKkVv4DYyQRdlV7RYhtptmQdJlrkuaJIL+Tw
VksucUg0FydZsfebCOihxj6HvgSUlLBgtS0BqqfTbg3BT2U5CIlrK5kyQYIaj12L
p884y3qHUtcGUlZiRIyHNugclIFXq4+MdYh2F/schr1Os4w9HTahZyqta84nMggf
41nzBV1JFSviL669w/j7nghkwnXsebvJ48ihqbNhiih3fIyqhpb64MA5ixT9nO3j
j14xjwDS81nRJwp/RzO/FAHyx75RxzGUaNuio1D25kZhvDLJPtz9n/2mqyJtAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU9N4i+AqoRx97+5jFl5TkvTRpmVgwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzYzMjJlMzMyZTM4MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMDMxMzMzNDMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMIMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Ns1JcjWaRtX4HpM6rzBboLqw+TjGQzaiguJ/T06K
DEMhfHH4xLbaMjxLRCmao5IZ3dXCDhla6Hk0U7MQDW7eyuDrF8rh6vDfd/9yYQBj
mMxVUOtun3wWMZSx1ZJg6tEiL8yF+FUTgYOBiwqMeDIiOJZ4BwH0lHuNhZB/9rFR
fj4MsKbPpxGkchBWPj8F7fTHV3adJQcvAdhjtpVnZOVQFQ6PRqjR7NBkzHUluVF0
iKKmfMnxXODbCCskWQEFw6UZTyVEuUQW3QiiC6SLJVFUDPseZ6F+1BrwPEvS4BlH
xATxzEt4P8NyVXR7kZtUy34X5rESpM1VYMpbzES6caSo
-----END CERTIFICATE-----