Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136352e302f32342d3234203d3e20383334.roa
File:                     36322e38342e3136352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          GywSgkpnCd15MovIBespFwhMorP2XNM2QhnTzxMaqVk=
Subject key identifier:   B4:2A:CD:E5:4C:44:6F:97:F7:58:F8:80:BA:00:33:14:C3:38:46:05
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1DA9E20B4F3590077B0B9D753F869FF6243CB23D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136352e302f32342d3234203d3e20383334.roa
Signing time:             Fri 01 May 2026 15:50:15 +0000
ROA not before:           Fri 01 May 2026 15:45:15 +0000
ROA not after:            Fri 30 Apr 2027 15:50:15 +0000
asID:                     834
IP address blocks:        62.84.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:a9:e2:0b:4f:35:90:07:7b:0b:9d:75:3f:86:9f:f6:24:3c:b2:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May  1 15:45:15 2026 GMT
            Not After : Apr 30 15:50:15 2027 GMT
        Subject: CN=B42ACDE54C446F97F758F880BA003314C3384605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:43:88:21:d5:bb:ff:fb:54:1a:61:19:4a:1b:
                    86:9e:36:42:04:0b:85:85:1c:4d:7b:d8:c4:83:b3:
                    f2:a4:10:73:bb:67:cf:3f:4a:24:2c:07:c0:e7:06:
                    d9:33:b9:e6:01:f6:06:b0:39:5e:09:39:2d:37:ae:
                    46:f7:24:e9:33:72:e2:25:bc:34:75:45:96:ed:8f:
                    d0:66:06:d9:f8:4b:54:9f:c1:3a:81:dd:2d:d2:c0:
                    8c:2f:ce:bc:ee:2e:21:6e:c2:e5:53:a8:c5:92:7f:
                    b6:7a:40:01:6e:5f:40:ce:53:36:ac:16:d8:06:8f:
                    44:bc:90:b4:8c:e1:5f:0b:04:ca:15:dd:f2:93:1d:
                    5d:56:a3:61:4d:72:0d:8b:63:85:37:d0:a0:f5:a5:
                    11:e7:95:3d:86:04:33:34:b2:dd:2a:bf:89:4c:9e:
                    9b:a9:e3:6c:e1:95:e2:e5:b8:3a:d3:89:b9:4a:a3:
                    54:97:4f:27:67:07:12:1d:9d:fc:b9:37:e1:00:ea:
                    54:8b:6a:75:dd:69:00:07:2f:69:7f:96:53:c6:65:
                    e3:62:ba:37:cf:d5:b1:c6:18:4c:d1:27:31:ab:a8:
                    9d:ae:af:04:77:a4:e0:1f:12:ac:3c:8c:08:e0:4a:
                    c2:68:d7:c8:7c:16:dc:77:bc:b1:68:0f:45:c7:56:
                    7d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:2A:CD:E5:4C:44:6F:97:F7:58:F8:80:BA:00:33:14:C3:38:46:05
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3136352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ff:ea:91:bc:86:4a:fe:5e:a5:76:a8:a1:a3:3f:3c:25:8d:
         7a:63:51:db:6c:91:00:96:e4:23:15:16:ab:d6:59:38:db:68:
         7d:a4:06:86:53:24:b6:6b:64:f4:f5:7e:c2:f8:0d:68:f0:6f:
         e4:6f:0d:6a:de:cf:09:43:85:3d:dd:ab:8f:21:a1:e7:af:18:
         cd:32:e1:8c:45:de:2e:8c:50:86:d1:41:4a:51:e1:f8:e0:1c:
         17:e4:d7:a6:c2:12:de:91:60:8a:e4:c6:37:99:ba:35:b9:6a:
         45:82:25:29:bb:ee:3b:12:a2:6e:2b:ff:2c:d6:fe:f6:cd:6d:
         cb:3c:0b:aa:65:0a:36:61:aa:1f:ca:59:6b:e8:f4:4b:ec:69:
         1c:d1:cc:75:2d:c4:0a:e7:23:b4:31:6f:2e:9b:6d:11:f6:c5:
         98:62:86:35:bb:3e:1b:8b:14:93:4b:01:0b:f5:c6:ff:7b:a8:
         01:e1:14:12:0e:77:17:ff:9a:fd:1c:14:88:6d:65:21:82:e5:
         00:7f:36:d4:a6:a1:6c:a3:45:87:fd:d9:01:63:6f:df:71:1d:
         bd:e6:e5:03:c3:7a:9b:2b:a7:7e:57:e3:ee:c1:60:0d:dd:5f:
         cc:09:28:57:77:e6:2c:f3:ae:8b:13:90:aa:ef:92:d5:6c:69:
         a3:de:4a:d3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUHaniC081kAd7C511P4af9iQ8sj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MDExNTQ1MTVaFw0yNzA0MzAxNTUwMTVaMDMxMTAvBgNV
BAMTKEI0MkFDREU1NEM0NDZGOTdGNzU4Rjg4MEJBMDAzMzE0QzMzODQ2MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQ4gh1bv/+1QaYRlKG4aeNkIE
C4WFHE172MSDs/KkEHO7Z88/SiQsB8DnBtkzueYB9gawOV4JOS03rkb3JOkzcuIl
vDR1RZbtj9BmBtn4S1SfwTqB3S3SwIwvzrzuLiFuwuVTqMWSf7Z6QAFuX0DOUzas
FtgGj0S8kLSM4V8LBMoV3fKTHV1Wo2FNcg2LY4U30KD1pRHnlT2GBDM0st0qv4lM
npup42zhleLluDrTiblKo1SXTydnBxIdnfy5N+EA6lSLanXdaQAHL2l/llPGZeNi
ujfP1bHGGEzRJzGrqJ2urwR3pOAfEqw8jAjgSsJo18h8Ftx3vLFoD0XHVn0jAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtCrN5UxEb5f3WPiAugAzFMM4RgUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNjM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlSlMA0G
CSqGSIb3DQEBCwUAA4IBAQCY/+qRvIZK/l6ldqihoz88JY16Y1HbbJEAluQjFRar
1lk422h9pAaGUyS2a2T09X7C+A1o8G/kbw1q3s8JQ4U93auPIaHnrxjNMuGMRd4u
jFCG0UFKUeH44BwX5NemwhLekWCK5MY3mbo1uWpFgiUpu+47EqJuK/8s1v72zW3L
PAuqZQo2Yaofyllr6PRL7Gkc0cx1LcQK5yO0MW8um20R9sWYYoY1uz4bixSTSwEL
9cb/e6gB4RQSDncX/5r9HBSIbWUhguUAfzbUpqFso0WH/dkBY2/fcR295uUDw3qb
K6d+V+PuwWAN3V/MCShXd+Ys866LE5Cq75LVbGmj3krT
-----END CERTIFICATE-----