Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/36322e332e32302e302f32342d3234203d3e2039333034.roa
File:                     36322e332e32302e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          753vkBqDOJEpN/a5gmm4zhX9VKR3lQ+josL1BYJMcL8=
Subject key identifier:   F6:8E:2C:88:FF:88:55:E1:34:8C:6D:67:50:C7:6A:D8:1A:8D:E0:C0
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       52E63F5B69AB68FC5829A5353C73D536A64DFB09
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/36322e332e32302e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 17 Jun 2025 10:59:24 +0000
ROA not before:           Tue 17 Jun 2025 10:54:24 +0000
ROA not after:            Tue 16 Jun 2026 10:59:24 +0000
asID:                     9304
IP address blocks:        62.3.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:e6:3f:5b:69:ab:68:fc:58:29:a5:35:3c:73:d5:36:a6:4d:fb:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun 17 10:54:24 2025 GMT
            Not After : Jun 16 10:59:24 2026 GMT
        Subject: CN=F68E2C88FF8855E1348C6D6750C76AD81A8DE0C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fe:25:eb:d4:ab:67:c3:13:2c:70:79:86:b6:
                    87:2c:38:e1:0d:3c:63:eb:61:10:e8:d7:32:32:23:
                    44:21:02:05:95:4f:52:b5:5d:04:5e:ce:72:36:4a:
                    98:aa:14:a6:b3:e8:39:11:b6:93:fb:cd:51:19:a7:
                    f7:99:7f:99:41:af:5c:31:ee:32:a1:c9:f5:67:98:
                    ea:6f:9a:61:04:36:46:3d:b4:82:01:d2:cc:a6:f3:
                    cf:23:83:a4:82:bd:37:8e:cb:bb:00:74:35:0e:f3:
                    9b:96:37:a8:fe:0a:f6:e1:e3:9d:2a:06:f2:9b:88:
                    02:b7:fc:38:f4:1f:09:5c:67:b1:63:e2:0b:52:5f:
                    4a:35:3e:f2:b2:11:ab:8f:d5:8a:38:e2:df:d0:30:
                    46:50:95:d4:03:c1:3e:70:4d:c7:87:b2:39:2c:d3:
                    0a:b6:70:4c:9a:a2:41:ec:d5:f6:4f:bc:ac:5b:1f:
                    11:e8:34:41:20:f4:56:cc:55:f7:3d:fc:54:2e:bc:
                    aa:7e:4f:d7:13:02:4f:c9:82:84:12:a1:eb:0e:d0:
                    70:c9:13:74:5e:dc:4f:5f:f4:6f:3d:1b:93:1d:3b:
                    fb:9f:02:14:4b:2e:b6:85:01:59:d5:47:9b:2c:c8:
                    38:67:6e:6f:b9:94:5f:20:07:c5:bd:a7:c6:ea:22:
                    5f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:8E:2C:88:FF:88:55:E1:34:8C:6D:67:50:C7:6A:D8:1A:8D:E0:C0
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/36322e332e32302e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:1d:a6:7c:0f:b7:e7:5e:26:d2:47:72:68:d3:f8:46:2c:27:
         62:03:77:01:87:93:43:e4:20:e9:c7:bc:ad:3f:51:1f:2d:4a:
         af:09:be:9a:d5:03:1d:65:24:f3:48:76:38:00:fb:1c:12:61:
         bb:ec:27:88:42:ba:ee:c5:ac:1a:e2:4f:95:8b:e7:60:44:85:
         9e:84:d4:01:13:1d:f7:34:96:41:34:97:bf:2e:ed:8b:a2:df:
         af:3e:6e:cd:d2:2e:2c:f3:9a:51:3f:15:c4:00:7b:49:b4:5c:
         b4:81:3d:d2:3c:5f:2a:d2:e5:c3:b7:69:01:66:5b:1f:cb:8a:
         7f:a5:28:f3:62:0b:5e:17:36:f9:ca:e1:96:c7:57:e0:5a:39:
         50:31:d2:e2:5a:11:75:19:a6:94:59:ff:4d:7f:5e:1a:5b:ae:
         06:e9:7f:a0:e7:5a:45:f1:fc:ec:3c:2c:62:41:58:1d:48:c0:
         c6:15:e0:21:94:95:a0:62:79:ba:68:50:dd:00:83:00:5b:06:
         95:64:7f:b1:ec:e3:e4:0b:6b:67:1f:63:eb:db:88:b0:7a:b1:
         33:36:4d:bc:f8:12:d4:fa:cd:81:32:ae:3d:71:ef:90:0f:3d:
         e3:4c:cc:7d:c0:03:cd:7b:35:72:7a:cd:e0:61:a2:01:ab:43:
         c9:8f:3b:35
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUUuY/W2mraPxYKaU1PHPVNqZN+wkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA2MTcxMDU0MjRaFw0yNjA2MTYxMDU5MjRaMDMxMTAvBgNV
BAMTKEY2OEUyQzg4RkY4ODU1RTEzNDhDNkQ2NzUwQzc2QUQ4MUE4REUwQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL/iXr1KtnwxMscHmGtocsOOEN
PGPrYRDo1zIyI0QhAgWVT1K1XQReznI2SpiqFKaz6DkRtpP7zVEZp/eZf5lBr1wx
7jKhyfVnmOpvmmEENkY9tIIB0sym888jg6SCvTeOy7sAdDUO85uWN6j+Cvbh450q
BvKbiAK3/Dj0HwlcZ7Fj4gtSX0o1PvKyEauP1Yo44t/QMEZQldQDwT5wTceHsjks
0wq2cEyaokHs1fZPvKxbHxHoNEEg9FbMVfc9/FQuvKp+T9cTAk/JgoQSoesO0HDJ
E3Re3E9f9G89G5MdO/ufAhRLLraFAVnVR5ssyDhnbm+5lF8gB8W9p8bqIl/XAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQU9o4siP+IVeE0jG1nUMdq2BqN4MAwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzYzMjJlMzMyZTMyMzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD4DFDANBgkq
hkiG9w0BAQsFAAOCAQEAwh2mfA+3514m0kdyaNP4RiwnYgN3AYeTQ+Qg6ce8rT9R
Hy1Krwm+mtUDHWUk80h2OAD7HBJhu+wniEK67sWsGuJPlYvnYESFnoTUARMd9zSW
QTSXvy7ti6Lfrz5uzdIuLPOaUT8VxAB7SbRctIE90jxfKtLlw7dpAWZbH8uKf6Uo
82ILXhc2+crhlsdX4Fo5UDHS4loRdRmmlFn/TX9eGluuBul/oOdaRfH87DwsYkFY
HUjAxhXgIZSVoGJ5umhQ3QCDAFsGlWR/sezj5AtrZx9j69uIsHqxMzZNvPgS1PrN
gTKuPXHvkA8940zMfcADzXs1cnrN4GGiAatDyY87NQ==
-----END CERTIFICATE-----