Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/36322e332e34362e302f32342d3234203d3e20323031333431.roa
File:                     36322e332e34362e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          z7O8JDew7SpuPF53CMWTdbvxAAtas7pxRvTby2YZXIc=
Subject key identifier:   76:26:53:F8:71:4B:F7:26:5C:55:75:99:EE:30:3D:D0:4C:A7:55:2D
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       1C0FC14240D7B823A1F0B1F200BC40AAAD029FAD
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/36322e332e34362e302f32342d3234203d3e20323031333431.roa
Signing time:             Thu 14 Dec 2023 17:13:06 +0000
ROA not before:           Thu 14 Dec 2023 17:08:06 +0000
ROA not after:            Thu 12 Dec 2024 17:13:06 +0000
asID:                     201341
IP address blocks:        62.3.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:0f:c1:42:40:d7:b8:23:a1:f0:b1:f2:00:bc:40:aa:ad:02:9f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Dec 14 17:08:06 2023 GMT
            Not After : Dec 12 17:13:06 2024 GMT
        Subject: CN=762653F8714BF7265C557599EE303DD04CA7552D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c9:ef:68:7a:2c:f4:67:79:89:94:f5:c3:68:
                    52:10:65:ac:b5:f9:0f:dd:15:30:07:ce:f8:ad:fb:
                    ff:d6:f4:e7:ed:e5:8e:23:14:c1:4a:b2:b0:61:a3:
                    8b:c3:f9:14:71:e6:26:3a:47:82:37:c5:07:d1:d0:
                    76:3a:84:7b:1c:5e:9a:dd:f2:94:ac:4d:27:13:71:
                    33:59:61:dd:1a:ca:39:eb:a6:65:6b:21:3e:77:c9:
                    65:81:48:47:ed:82:40:cd:bd:02:e4:42:18:ee:5b:
                    96:34:0a:52:3d:85:87:b4:56:7e:30:95:17:65:67:
                    38:86:2f:80:37:6c:4e:21:37:67:44:bd:2b:f0:f7:
                    7c:d1:aa:53:b9:85:94:e8:18:b8:1b:81:3c:63:62:
                    9d:b0:d0:46:c3:34:ee:73:7c:e6:1c:7d:69:d7:37:
                    4a:5c:5f:c5:a6:fd:ec:38:19:88:e4:ce:55:ce:a4:
                    47:3c:fd:1d:0e:78:39:34:2b:92:18:27:2f:5f:a3:
                    ef:11:a0:fb:83:04:e5:98:08:3b:24:58:bc:e8:6e:
                    dc:29:ea:68:ff:5f:77:24:f1:b7:f9:80:c5:31:53:
                    52:d9:b4:55:7e:98:a5:63:2b:f5:c1:47:fa:2e:6b:
                    a9:a2:6f:66:55:33:d2:7f:98:9f:1c:62:dc:47:32:
                    ae:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:26:53:F8:71:4B:F7:26:5C:55:75:99:EE:30:3D:D0:4C:A7:55:2D
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/36322e332e34362e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:07:0e:cf:6e:59:d9:87:a1:58:5a:ed:33:e2:ba:61:4a:d8:
         9b:83:b4:0b:e5:13:01:1d:10:2f:b1:6f:be:4c:9f:ba:da:0d:
         c8:91:1d:6f:f8:d2:e3:c9:b0:77:40:d8:28:a2:a0:cb:42:b7:
         50:a4:c9:f1:a3:18:d4:39:3f:b3:d0:bd:da:43:cb:a9:78:45:
         57:31:35:f6:89:fd:d3:85:83:cb:25:31:4f:1e:ae:ae:56:51:
         5f:b9:8e:4e:cf:d9:b0:3c:ab:19:9a:a0:f6:2e:ae:b9:f8:c8:
         0d:8b:eb:af:28:55:6d:0c:1c:d9:4d:43:c4:4f:06:67:ab:85:
         1f:98:78:0c:f9:9e:fc:c1:2a:64:2e:42:ce:f2:42:93:4c:bb:
         26:c2:08:2f:98:7a:c1:1d:86:62:2c:15:69:9a:f3:27:25:e3:
         8e:1a:83:33:2e:98:ca:3b:46:a1:12:ac:6f:58:6d:05:05:31:
         60:34:8b:78:df:5d:f2:b2:55:fa:dc:f0:19:e0:ec:64:2a:d1:
         e5:85:16:e4:70:0b:4c:63:05:28:c6:1c:b8:6b:d0:88:97:65:
         02:3c:ad:b0:23:82:e0:1e:e0:62:92:67:65:17:35:ee:db:88:
         cb:1f:8a:61:b9:57:c5:f3:22:a8:4c:59:5b:05:f9:96:03:b0:
         95:c4:b8:e9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHA/BQkDXuCOh8LHyALxAqq0Cn60wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yMzEyMTQxNzA4MDZaFw0yNDEyMTIxNzEzMDZaMDMxMTAvBgNV
BAMTKDc2MjY1M0Y4NzE0QkY3MjY1QzU1NzU5OUVFMzAzREQwNENBNzU1MkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEye9oeiz0Z3mJlPXDaFIQZay1
+Q/dFTAHzvit+//W9Oft5Y4jFMFKsrBho4vD+RRx5iY6R4I3xQfR0HY6hHscXprd
8pSsTScTcTNZYd0ayjnrpmVrIT53yWWBSEftgkDNvQLkQhjuW5Y0ClI9hYe0Vn4w
lRdlZziGL4A3bE4hN2dEvSvw93zRqlO5hZToGLgbgTxjYp2w0EbDNO5zfOYcfWnX
N0pcX8Wm/ew4GYjkzlXOpEc8/R0OeDk0K5IYJy9fo+8RoPuDBOWYCDskWLzobtwp
6mj/X3ck8bf5gMUxU1LZtFV+mKVjK/XBR/oua6mib2ZVM9J/mJ8cYtxHMq6tAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUdiZT+HFL9yZcVXWZ7jA90EynVS0wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzYzMjJlMzMyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+Ay4w
DQYJKoZIhvcNAQELBQADggEBADMHDs9uWdmHoVha7TPiumFK2JuDtAvlEwEdEC+x
b75Mn7raDciRHW/40uPJsHdA2CiioMtCt1CkyfGjGNQ5P7PQvdpDy6l4RVcxNfaJ
/dOFg8slMU8erq5WUV+5jk7P2bA8qxmaoPYurrn4yA2L668oVW0MHNlNQ8RPBmer
hR+YeAz5nvzBKmQuQs7yQpNMuybCCC+YesEdhmIsFWma8ycl444agzMumMo7RqES
rG9YbQUFMWA0i3jfXfKyVfrc8Bng7GQq0eWFFuRwC0xjBSjGHLhr0IiXZQI8rbAj
guAe4GKSZ2UXNe7biMsfimG5V8XzIqhMWVsF+ZYDsJXEuOk=
-----END CERTIFICATE-----