Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/36322e3131322e3134342e302f32302d3230203d3e20313734.roa
File:                     36322e3131322e3134342e302f32302d3230203d3e20313734.roa (raw, json)
Hash identifier:          J2/lofmMncXQORl24ezDIUdcUuekO85jv8NmK3P2fLk=
Subject key identifier:   98:5F:4D:9F:FF:57:F4:0F:34:92:59:A7:33:47:57:4D:5E:C7:63:20
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       2E7F78398BFF7FF358A91446F248386823FB8C0A
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/36322e3131322e3134342e302f32302d3230203d3e20313734.roa
Signing time:             Mon 21 Apr 2025 11:54:03 +0000
ROA not before:           Mon 21 Apr 2025 11:49:03 +0000
ROA not after:            Mon 20 Apr 2026 11:54:03 +0000
asID:                     174
IP address blocks:        62.112.144.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 00:24:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:7f:78:39:8b:ff:7f:f3:58:a9:14:46:f2:48:38:68:23:fb:8c:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Apr 21 11:49:03 2025 GMT
            Not After : Apr 20 11:54:03 2026 GMT
        Subject: CN=985F4D9FFF57F40F349259A73347574D5EC76320
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b8:34:57:34:15:32:37:f3:f0:55:c3:1a:10:
                    93:7c:d6:77:47:7a:2d:69:34:7a:48:b4:0f:5f:80:
                    51:ed:2b:86:81:18:ab:96:69:9c:f3:10:93:00:8b:
                    73:d5:51:b3:96:3d:4c:dc:17:c1:c3:df:12:86:53:
                    3d:eb:26:02:11:8d:f2:65:a2:8d:e9:ef:86:7b:48:
                    a8:41:59:cf:33:0a:bc:ff:95:93:76:4d:64:f6:d4:
                    e2:2b:10:98:21:83:e3:c5:58:e4:5e:9a:a9:57:d6:
                    fb:ed:96:b5:24:6e:b8:48:b3:d6:12:7a:de:72:5c:
                    5f:78:f0:04:e6:ef:3c:6f:eb:f1:37:c8:29:fb:ef:
                    3e:40:fe:a5:c8:55:10:a2:a8:83:1b:56:f6:1b:0f:
                    0b:17:6d:6b:81:e9:40:ee:ec:71:fe:39:bc:72:c1:
                    65:1a:ad:07:c7:df:ec:ac:97:e4:2f:e5:f8:b1:f6:
                    bf:48:5f:a3:9f:30:a6:9c:dd:b6:a9:38:51:a8:47:
                    ce:71:ef:dc:13:65:90:e8:41:06:6c:17:2e:4c:31:
                    da:cd:04:54:a8:b9:50:0a:de:18:fe:b3:9b:7f:71:
                    7f:2c:25:74:d5:fd:01:b2:7a:0e:d0:3d:b1:0d:96:
                    e6:f3:c8:e4:2b:e5:13:ee:d0:38:4b:b6:01:fe:f2:
                    40:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5F:4D:9F:FF:57:F4:0F:34:92:59:A7:33:47:57:4D:5E:C7:63:20
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/36322e3131322e3134342e302f32302d3230203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1d:4b:e3:f7:d6:61:fc:96:8d:6c:49:92:e3:01:b7:cf:e0:ae:
         3c:d9:a5:09:27:f4:c1:f8:0c:85:66:ed:d3:2b:c2:20:12:07:
         de:c2:76:c2:25:2a:ff:b1:0c:a1:61:36:34:eb:59:a8:e5:ae:
         95:98:29:56:b0:69:50:d7:f1:bc:0d:f2:89:7c:3f:22:07:b9:
         0f:3a:e5:e2:ea:6e:d7:90:e9:1e:c5:01:05:2d:55:b0:f2:24:
         a5:e4:25:8b:1b:6e:63:21:55:eb:39:b3:dc:5a:20:12:f2:3e:
         b2:5d:78:e5:fe:dd:37:e0:22:14:55:85:bd:20:8b:a8:49:e7:
         04:a0:19:d5:64:73:88:0d:c6:7a:4e:b2:d7:a5:9e:56:c1:3b:
         5a:76:f8:48:c6:4d:7b:cf:8f:8d:91:71:2b:1a:0f:64:08:40:
         e9:89:77:0f:88:67:04:6d:24:bc:e2:26:a4:07:b9:d7:a9:02:
         51:58:33:8b:7d:61:6c:5c:e1:fa:e6:f1:7f:d2:81:5e:9f:60:
         f2:e8:c1:69:e7:88:63:64:1a:77:07:c4:72:a0:9a:af:b0:6f:
         a9:24:65:c2:6b:1e:17:df:f5:9b:bf:00:e0:03:c1:a4:f3:47:
         db:a8:f2:ad:28:3c:5b:79:29:6e:af:8b:d7:d0:c2:a3:96:8a:
         57:c0:a1:d3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIULn94OYv/f/NYqRRG8kg4aCP7jAowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNTA0MjExMTQ5MDNaFw0yNjA0MjAxMTU0MDNaMDMxMTAvBgNV
BAMTKDk4NUY0RDlGRkY1N0Y0MEYzNDkyNTlBNzMzNDc1NzRENUVDNzYzMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbuDRXNBUyN/PwVcMaEJN81ndH
ei1pNHpItA9fgFHtK4aBGKuWaZzzEJMAi3PVUbOWPUzcF8HD3xKGUz3rJgIRjfJl
oo3p74Z7SKhBWc8zCrz/lZN2TWT21OIrEJghg+PFWORemqlX1vvtlrUkbrhIs9YS
et5yXF948ATm7zxv6/E3yCn77z5A/qXIVRCiqIMbVvYbDwsXbWuB6UDu7HH+Obxy
wWUarQfH3+ysl+Qv5fix9r9IX6OfMKac3bapOFGoR85x79wTZZDoQQZsFy5MMdrN
BFSouVAK3hj+s5t/cX8sJXTV/QGyeg7QPbENlubzyOQr5RPu0DhLtgH+8kDZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmF9Nn/9X9A80klmnM0dXTV7HYyAwHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzYzMjJlMzEzMTMyMmUzMTM0
MzQyZTMwMmYzMjMwMmQzMjMwMjAzZDNlMjAzMTM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAQ+cJAw
DQYJKoZIhvcNAQELBQADggEBAB1L4/fWYfyWjWxJkuMBt8/grjzZpQkn9MH4DIVm
7dMrwiASB97CdsIlKv+xDKFhNjTrWajlrpWYKVawaVDX8bwN8ol8PyIHuQ865eLq
bteQ6R7FAQUtVbDyJKXkJYsbbmMhVes5s9xaIBLyPrJdeOX+3TfgIhRVhb0gi6hJ
5wSgGdVkc4gNxnpOstelnlbBO1p2+EjGTXvPj42RcSsaD2QIQOmJdw+IZwRtJLzi
JqQHudepAlFYM4t9YWxc4frm8X/SgV6fYPLowWnniGNkGncHxHKgmq+wb6kkZcJr
Hhff9Zu/AOADwaTzR9uo8q0oPFt5KW6vi9fQwqOWilfAodM=
-----END CERTIFICATE-----