Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136312e302f32342d3234203d3e20383334.roa
File:                     36322e38342e3136312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          DUPKm+jIfgKKTCF6MpGaKOvlN20PSK0SQdSy6ZTlJOE=
Subject key identifier:   05:5D:34:E6:D2:1D:E9:44:3A:CA:37:46:BB:94:B0:9A:20:B6:E5:3E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6E99E0417397F4DD4FCFBC8E503DBAD63A0C009A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 20 Apr 2026 08:09:04 +0000
ROA not before:           Mon 20 Apr 2026 08:04:04 +0000
ROA not after:            Mon 19 Apr 2027 08:09:04 +0000
asID:                     834
IP address blocks:        62.84.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:99:e0:41:73:97:f4:dd:4f:cf:bc:8e:50:3d:ba:d6:3a:0c:00:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 20 08:04:04 2026 GMT
            Not After : Apr 19 08:09:04 2027 GMT
        Subject: CN=055D34E6D21DE9443ACA3746BB94B09A20B6E53E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:70:02:bd:4b:b2:9d:83:b9:8d:62:c4:5f:fc:
                    a6:61:20:2f:39:0f:1e:99:07:99:8d:3c:05:6a:96:
                    4e:1b:64:5d:0c:f0:12:9a:3b:92:b1:ae:f6:32:5a:
                    57:0a:1b:79:c8:7d:14:af:76:6b:b1:65:e4:f5:9b:
                    8a:0e:e2:77:ec:a8:b5:55:43:09:e1:9b:d3:08:af:
                    05:64:b5:f3:7e:3e:9f:5a:6d:45:d6:f0:fc:9c:b6:
                    82:17:3a:7f:14:25:41:18:80:af:3e:b2:41:5e:bf:
                    e5:ad:cb:d9:da:f9:13:30:33:bf:8d:3d:6e:dc:1f:
                    f5:c0:98:1e:d6:9c:03:e4:18:d4:98:43:e1:b7:61:
                    5f:09:38:c1:19:32:77:bd:d6:7b:ec:59:1f:9d:90:
                    d5:80:5c:51:1b:8f:3b:b4:16:29:0e:2f:fc:79:5e:
                    31:55:ea:43:dd:c9:d3:3b:9f:8a:d3:8d:09:bf:4e:
                    57:6d:a0:76:c8:d9:34:cf:25:fe:06:39:ad:67:51:
                    df:ef:a8:ab:96:5b:ff:5a:b9:de:79:65:01:8b:01:
                    ca:05:53:75:8f:ff:0d:d0:19:89:13:2f:10:00:a8:
                    c0:df:10:fb:b5:02:d8:1d:b8:3b:c1:b3:94:21:00:
                    e5:d2:cc:8e:37:f7:ef:0a:bb:a3:ff:f8:98:95:32:
                    05:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:5D:34:E6:D2:1D:E9:44:3A:CA:37:46:BB:94:B0:9A:20:B6:E5:3E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:fa:3b:6b:be:42:1b:63:cc:96:13:b6:ca:e6:b8:9a:b0:81:
         75:f1:d6:ec:b2:a7:6c:f9:fa:65:2b:0f:de:60:0a:38:80:22:
         f1:ac:de:29:c5:9b:c7:6a:8f:40:7b:df:a7:1e:25:46:8a:f6:
         74:8c:0c:a6:11:96:71:7f:be:ed:79:12:8d:eb:a2:ce:13:06:
         1b:06:df:f2:5c:ff:22:f2:a3:cc:db:71:78:a4:bf:73:6b:9e:
         73:38:c5:4b:32:e3:6e:85:55:01:c0:c6:3a:2e:ee:fb:85:fc:
         71:4e:53:b1:a2:43:25:02:eb:60:8e:11:fc:21:88:c6:55:f1:
         c5:f0:9a:b3:fc:aa:ce:9e:7e:16:10:28:22:da:d1:2c:f3:64:
         31:2f:68:e9:14:79:7c:9a:da:bb:15:01:72:b4:d4:7a:13:4c:
         c0:12:eb:53:b3:dc:ff:44:d3:9c:ee:a0:fd:2f:3c:09:6c:e9:
         45:13:04:d3:54:9e:5c:54:39:93:29:a5:ab:c1:28:06:a9:83:
         4f:2e:b4:70:0f:e3:69:d5:11:34:14:a3:bb:24:8c:3f:5c:7b:
         1e:cd:73:29:93:96:0f:fe:be:05:2d:0b:61:b3:0d:e4:5a:a8:
         21:7f:2e:1a:66:1a:65:f5:73:64:a4:84:75:99:3f:24:d1:80:
         59:ff:4b:af
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUbpngQXOX9N1Pz7yOUD261joMAJowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjAwODA0MDRaFw0yNzA0MTkwODA5MDRaMDMxMTAvBgNV
BAMTKDA1NUQzNEU2RDIxREU5NDQzQUNBMzc0NkJCOTRCMDlBMjBCNkU1M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDcAK9S7Kdg7mNYsRf/KZhIC85
Dx6ZB5mNPAVqlk4bZF0M8BKaO5KxrvYyWlcKG3nIfRSvdmuxZeT1m4oO4nfsqLVV
Qwnhm9MIrwVktfN+Pp9abUXW8PyctoIXOn8UJUEYgK8+skFev+Wty9na+RMwM7+N
PW7cH/XAmB7WnAPkGNSYQ+G3YV8JOMEZMne91nvsWR+dkNWAXFEbjzu0FikOL/x5
XjFV6kPdydM7n4rTjQm/TldtoHbI2TTPJf4GOa1nUd/vqKuWW/9aud55ZQGLAcoF
U3WP/w3QGYkTLxAAqMDfEPu1AtgduDvBs5QhAOXSzI439+8Ku6P/+JiVMgX5AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUBV005tId6UQ6yjdGu5SwmiC25T4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlShMA0G
CSqGSIb3DQEBCwUAA4IBAQBz+jtrvkIbY8yWE7bK5riasIF18dbssqds+fplKw/e
YAo4gCLxrN4pxZvHao9Ae9+nHiVGivZ0jAymEZZxf77teRKN66LOEwYbBt/yXP8i
8qPM23F4pL9za55zOMVLMuNuhVUBwMY6Lu77hfxxTlOxokMlAutgjhH8IYjGVfHF
8Jqz/KrOnn4WECgi2tEs82QxL2jpFHl8mtq7FQFytNR6E0zAEutTs9z/RNOc7qD9
LzwJbOlFEwTTVJ5cVDmTKaWrwSgGqYNPLrRwD+Np1RE0FKO7JIw/XHsezXMpk5YP
/r4FLQthsw3kWqghfy4aZhpl9XNkpIR1mT8k0YBZ/0uv
-----END CERTIFICATE-----