Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/36322e332e34362e302f32342d3234203d3e20323034313730.roa
File:                     36322e332e34362e302f32342d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          NMEHjdhIHuIROd8hArxmU9+Sh2kpzYbegJj+WcabC8Y=
Subject key identifier:   1A:A1:98:85:CA:2B:23:25:7F:6C:41:8D:A0:9F:53:AD:FB:68:D7:8D
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       2378E99FFCF055F94089E008E90EE6EAA9F794B1
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/36322e332e34362e302f32342d3234203d3e20323034313730.roa
Signing time:             Tue 25 Jun 2024 21:47:01 +0000
ROA not before:           Tue 25 Jun 2024 21:42:01 +0000
ROA not after:            Tue 24 Jun 2025 21:47:01 +0000
asID:                     204170
IP address blocks:        62.3.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:78:e9:9f:fc:f0:55:f9:40:89:e0:08:e9:0e:e6:ea:a9:f7:94:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Jun 25 21:42:01 2024 GMT
            Not After : Jun 24 21:47:01 2025 GMT
        Subject: CN=1AA19885CA2B23257F6C418DA09F53ADFB68D78D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:dc:8f:72:97:67:5d:64:dc:3b:20:b5:d5:ba:
                    31:9b:51:f7:98:80:12:52:14:5b:d1:c0:26:1c:54:
                    67:d3:ec:a0:62:49:0b:0b:47:6f:d4:3b:cc:ef:bd:
                    1f:28:44:e2:8e:31:e8:84:fb:cb:01:2a:5b:af:5a:
                    f2:51:ce:76:9d:fa:5f:a0:66:be:61:7a:7b:c4:a6:
                    b4:5a:63:b7:d2:0e:75:6a:7c:eb:f1:30:8b:55:77:
                    34:8f:ab:4c:11:a1:64:df:66:1d:43:27:54:40:92:
                    40:ee:53:d8:70:ef:bf:1e:a4:86:b8:32:59:fa:0c:
                    62:01:fd:5f:8a:76:35:82:2a:80:df:01:59:8e:99:
                    af:41:de:d5:df:0b:0f:9f:0a:a8:5b:3f:a5:6c:6d:
                    c9:79:db:82:ef:45:ea:54:3b:23:9a:ce:10:24:3c:
                    ad:9c:c6:28:c8:c6:d0:e6:61:19:94:04:fb:da:93:
                    3b:d8:b4:10:80:e0:0d:fe:0e:45:c9:77:fb:1c:4d:
                    06:88:18:2a:f2:94:5c:06:16:92:e5:ff:ad:e5:37:
                    ec:a4:2b:a3:37:d1:72:2a:17:ff:00:8c:8c:07:df:
                    eb:4f:95:cf:9a:95:f3:1e:eb:1c:4c:ff:3e:77:90:
                    43:84:63:81:97:b2:e5:83:67:15:60:85:d3:bb:fa:
                    e8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A1:98:85:CA:2B:23:25:7F:6C:41:8D:A0:9F:53:AD:FB:68:D7:8D
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/36322e332e34362e302f32342d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:84:3b:8f:47:b6:d7:e5:46:60:8c:70:7f:9e:78:0b:ae:f1:
         c9:bb:a4:de:76:87:3c:e2:5d:f3:77:88:12:a6:45:0b:ef:f6:
         43:d0:27:65:7a:94:34:d7:74:fc:d2:14:a6:12:a8:9b:85:9d:
         78:8a:f1:a9:b1:dc:65:56:86:b5:1d:c2:9c:f8:93:9c:5d:33:
         25:b1:86:74:06:46:14:c6:ea:9b:ae:a1:5e:82:fd:0c:b3:c2:
         81:2d:ff:e1:f8:fe:d5:5d:11:64:74:d6:db:97:c3:13:4e:11:
         8f:5c:a9:bd:40:a2:e3:7e:31:d1:11:a5:1d:a4:29:81:f6:ef:
         1e:c1:97:92:1b:8e:f6:10:f2:74:6c:d2:ce:36:1f:9f:cf:25:
         73:79:b3:3f:00:10:37:3f:43:7d:82:4e:f0:79:f9:67:d2:5c:
         39:0c:da:02:8c:52:46:27:c8:96:7a:06:f5:c4:3e:6b:73:2c:
         36:14:1f:c3:47:26:23:10:e7:04:42:11:fd:16:d8:06:d0:2f:
         4f:02:fb:ba:cf:f3:98:2f:67:56:44:9e:8e:f6:6a:38:f9:01:
         51:a3:48:11:59:20:d0:9d:a8:d6:4f:e5:29:96:b0:4e:db:d3:
         57:6a:b4:4f:ed:cc:ce:6e:3e:3f:90:53:ce:ae:1b:e0:a6:06:
         c5:db:18:83
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUI3jpn/zwVflAieAI6Q7m6qn3lLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDA2MjUyMTQyMDFaFw0yNTA2MjQyMTQ3MDFaMDMxMTAvBgNV
BAMTKDFBQTE5ODg1Q0EyQjIzMjU3RjZDNDE4REEwOUY1M0FERkI2OEQ3OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt3I9yl2ddZNw7ILXVujGbUfeY
gBJSFFvRwCYcVGfT7KBiSQsLR2/UO8zvvR8oROKOMeiE+8sBKluvWvJRznad+l+g
Zr5henvEprRaY7fSDnVqfOvxMItVdzSPq0wRoWTfZh1DJ1RAkkDuU9hw778epIa4
Mln6DGIB/V+KdjWCKoDfAVmOma9B3tXfCw+fCqhbP6Vsbcl524LvRepUOyOazhAk
PK2cxijIxtDmYRmUBPvakzvYtBCA4A3+DkXJd/scTQaIGCrylFwGFpLl/63lN+yk
K6M30XIqF/8AjIwH3+tPlc+alfMe6xxM/z53kEOEY4GXsuWDZxVghdO7+ug5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUGqGYhcorIyV/bEGNoJ9Trfto140wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzYzMjJlMzMyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzQzMTM3MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+Ay4w
DQYJKoZIhvcNAQELBQADggEBADeEO49HttflRmCMcH+eeAuu8cm7pN52hzziXfN3
iBKmRQvv9kPQJ2V6lDTXdPzSFKYSqJuFnXiK8amx3GVWhrUdwpz4k5xdMyWxhnQG
RhTG6puuoV6C/QyzwoEt/+H4/tVdEWR01tuXwxNOEY9cqb1AouN+MdERpR2kKYH2
7x7Bl5IbjvYQ8nRs0s42H5/PJXN5sz8AEDc/Q32CTvB5+WfSXDkM2gKMUkYnyJZ6
BvXEPmtzLDYUH8NHJiMQ5wRCEf0W2AbQL08C+7rP85gvZ1ZEno72ajj5AVGjSBFZ
INCdqNZP5SmWsE7b01dqtE/tzM5uPj+QU86uG+CmBsXbGIM=
-----END CERTIFICATE-----