Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137352e302f32342d3234203d3e20383334.roa
File:                     36322e3139322e3137352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CXFu2Cq4l1Pt5CpsrjXvO3i0tuOhdICytPNG5W/Eh0Q=
Subject key identifier:   A4:59:A3:33:58:80:FC:EB:A4:15:67:F2:DD:44:6E:DE:16:07:6D:D1
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       412AB94A7C4E9161FF73A94BFE2C33A1011207DD
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137352e302f32342d3234203d3e20383334.roa
Signing time:             Wed 25 Mar 2026 00:04:06 +0000
ROA not before:           Tue 24 Mar 2026 23:59:06 +0000
ROA not after:            Wed 24 Mar 2027 00:04:06 +0000
asID:                     834
IP address blocks:        62.192.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:2a:b9:4a:7c:4e:91:61:ff:73:a9:4b:fe:2c:33:a1:01:12:07:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Mar 24 23:59:06 2026 GMT
            Not After : Mar 24 00:04:06 2027 GMT
        Subject: CN=A459A3335880FCEBA41567F2DD446EDE16076DD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:42:fa:aa:7e:f3:c0:c6:68:33:c9:ff:35:8d:
                    da:f8:32:ec:b3:4d:29:c2:b5:63:36:38:e7:fb:68:
                    0f:c0:1c:63:04:86:13:09:d4:41:e7:59:77:c5:25:
                    a3:e7:1c:3b:44:d6:9d:e8:d8:be:6e:5a:16:eb:da:
                    c5:a6:c5:c5:de:e1:66:ad:33:a8:a5:f4:7a:f0:33:
                    22:8d:7e:f8:a1:d7:60:b9:27:94:f9:e2:9f:2b:98:
                    ec:be:37:38:58:b4:3f:e9:34:cd:7e:05:29:fa:59:
                    3d:c3:61:a0:ef:81:2d:78:88:61:d1:0c:e4:9f:23:
                    be:09:f9:14:15:51:46:ee:ff:ec:4a:06:1f:76:cd:
                    a4:cc:87:82:59:b0:ce:6d:5f:8e:54:29:c5:5d:90:
                    cd:bb:e1:7e:89:47:e3:e1:0c:27:2a:31:ec:9e:e3:
                    b0:5d:b0:c6:1a:00:5c:a7:0b:d1:52:1c:02:9d:52:
                    97:7c:d2:a7:18:89:eb:21:9b:e6:3b:75:ee:10:d6:
                    4a:0d:51:67:1e:7a:aa:41:11:9b:7a:20:53:e6:be:
                    15:58:aa:fd:4a:b6:58:c4:e4:c6:06:5f:f3:0f:55:
                    be:59:00:9d:dc:a3:19:82:0d:a7:b9:23:b7:07:9d:
                    e0:cf:53:13:c8:b3:d2:f2:d6:cd:60:ea:64:07:55:
                    38:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:59:A3:33:58:80:FC:EB:A4:15:67:F2:DD:44:6E:DE:16:07:6D:D1
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:bb:be:b2:9e:60:0c:18:06:ec:77:44:df:de:44:fe:54:59:
         c9:4b:0a:66:8b:60:5c:d7:0e:98:a7:18:de:4e:93:da:9a:6a:
         51:90:dd:42:a1:3d:0e:89:eb:76:5a:c2:34:61:10:a1:6f:6b:
         0d:d7:41:e1:7f:a0:b0:78:b3:2b:48:9b:5c:ea:99:9a:6a:e3:
         77:49:8c:e4:ac:7e:ca:8e:20:20:d1:a2:63:68:4e:ee:9b:16:
         71:4b:4c:94:e1:48:e0:4a:9b:46:6f:8e:bf:d9:63:dd:c5:85:
         2a:da:44:bc:d2:e0:e2:5e:38:96:78:b3:06:e7:94:f3:95:cf:
         73:1c:3e:09:91:2d:43:5f:4d:12:70:58:74:89:08:56:a1:8e:
         11:84:0d:b4:89:19:f4:4b:53:e9:77:d0:36:4c:d4:a3:d7:ed:
         25:dc:79:26:b4:dc:dd:84:f8:53:ee:09:0d:18:88:99:34:e3:
         31:7c:fb:30:a9:0d:0b:dd:26:b8:de:05:f8:a0:a1:53:7c:89:
         48:e1:40:57:d0:14:88:69:47:35:45:1a:40:f4:ff:72:da:f3:
         01:15:d5:af:9f:d0:30:60:f4:f5:3a:d0:ca:b7:5c:23:ed:9c:
         89:5f:8f:2b:c7:e4:c6:fc:62:c1:34:4d:41:75:e7:fd:9b:6d:
         58:12:f7:b1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQSq5SnxOkWH/c6lL/iwzoQESB90wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNjAzMjQyMzU5MDZaFw0yNzAzMjQwMDA0MDZaMDMxMTAvBgNV
BAMTKEE0NTlBMzMzNTg4MEZDRUJBNDE1NjdGMkRENDQ2RURFMTYwNzZERDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNQvqqfvPAxmgzyf81jdr4Muyz
TSnCtWM2OOf7aA/AHGMEhhMJ1EHnWXfFJaPnHDtE1p3o2L5uWhbr2sWmxcXe4Wat
M6il9HrwMyKNfvih12C5J5T54p8rmOy+NzhYtD/pNM1+BSn6WT3DYaDvgS14iGHR
DOSfI74J+RQVUUbu/+xKBh92zaTMh4JZsM5tX45UKcVdkM274X6JR+PhDCcqMeye
47BdsMYaAFynC9FSHAKdUpd80qcYieshm+Y7de4Q1koNUWceeqpBEZt6IFPmvhVY
qv1KtljE5MYGX/MPVb5ZAJ3coxmCDae5I7cHneDPUxPIs9Ly1s1g6mQHVTh9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUpFmjM1iA/OukFWfy3URu3hYHbdEwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzYzMjJlMzEzOTMyMmUzMTM3
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+wK8w
DQYJKoZIhvcNAQELBQADggEBAIq7vrKeYAwYBux3RN/eRP5UWclLCmaLYFzXDpin
GN5Ok9qaalGQ3UKhPQ6J63ZawjRhEKFvaw3XQeF/oLB4sytIm1zqmZpq43dJjOSs
fsqOICDRomNoTu6bFnFLTJThSOBKm0Zvjr/ZY93FhSraRLzS4OJeOJZ4swbnlPOV
z3McPgmRLUNfTRJwWHSJCFahjhGEDbSJGfRLU+l30DZM1KPX7SXceSa03N2E+FPu
CQ0YiJk04zF8+zCpDQvdJrjeBfigoVN8iUjhQFfQFIhpRzVFGkD0/3La8wEV1a+f
0DBg9PU60Mq3XCPtnIlfjyvH5Mb8YsE0TUF15/2bbVgS97E=
-----END CERTIFICATE-----