Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32332d3234203d3e20383334.roa
File:                     39332e39352e3131322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          mqV1sF7cWGJdrP961M/eNACONo/bNa4sYRWJONeJWi0=
Subject key identifier:   63:CE:EE:EB:82:24:A1:A6:D5:9E:28:57:4B:C9:4F:1F:1C:F5:94:DE
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       680561ED5133D20BCA905ADEE8787E6DCA9DFB3F
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32332d3234203d3e20383334.roa
Signing time:             Fri 08 May 2026 20:00:44 +0000
ROA not before:           Fri 08 May 2026 19:55:44 +0000
ROA not after:            Fri 07 May 2027 20:00:44 +0000
asID:                     834
IP address blocks:        93.95.112.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:05:61:ed:51:33:d2:0b:ca:90:5a:de:e8:78:7e:6d:ca:9d:fb:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: May  8 19:55:44 2026 GMT
            Not After : May  7 20:00:44 2027 GMT
        Subject: CN=63CEEEEB8224A1A6D59E28574BC94F1F1CF594DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:37:11:9d:b8:0b:c0:c0:29:27:7f:1e:cf:8c:
                    f7:71:26:78:a2:5f:a8:63:3f:68:d0:27:cd:2a:5d:
                    d6:ea:4a:18:5d:06:f9:b9:be:6a:c4:05:4d:bf:80:
                    bb:ed:b2:4a:ec:a3:2c:95:17:ba:1b:67:ec:2e:2b:
                    f8:1b:d9:1e:a9:f6:32:4f:9f:6a:db:1f:3f:c4:f5:
                    d6:51:51:60:0b:f5:03:24:ee:84:c1:42:c7:f2:4e:
                    62:c2:2b:8e:79:00:e4:4a:a8:c8:f3:69:d1:34:6c:
                    cf:01:d6:bf:27:0f:78:97:a6:f3:f4:8f:26:39:3c:
                    64:ab:d7:68:08:91:64:d4:c8:db:ee:61:59:36:b8:
                    fe:d3:de:93:0a:b2:1b:6b:11:63:38:e8:8e:67:66:
                    8b:56:31:a8:f9:02:53:3f:a9:0e:a4:f9:2a:c2:00:
                    56:a7:e5:8f:62:cc:88:d6:b3:b0:30:af:db:7c:d6:
                    24:33:6f:05:66:f5:75:52:f9:66:0d:9e:fe:fc:72:
                    aa:b4:ec:fb:d7:75:68:d5:7a:62:9a:28:b2:29:a9:
                    02:1d:44:4a:73:71:d5:6c:82:2c:66:ce:47:c1:76:
                    14:60:0e:9f:ba:69:07:ad:21:92:2a:22:ca:fe:4e:
                    8a:60:b6:de:0b:4d:37:cf:b2:39:0d:1e:9a:7b:90:
                    df:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:CE:EE:EB:82:24:A1:A6:D5:9E:28:57:4B:C9:4F:1F:1C:F5:94:DE
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:a1:38:c6:a7:7b:d7:48:82:33:b3:98:21:18:a1:37:4d:ee:
         93:c1:ed:2a:4d:f2:6b:cc:34:92:f7:f5:ad:70:2c:9a:b3:7e:
         46:e3:83:9b:59:9e:f0:aa:5b:89:29:20:a3:c6:17:2a:34:62:
         d1:f6:7a:34:11:4a:b5:80:7c:9b:d7:fc:5b:5e:34:20:1e:64:
         d4:02:1d:ee:c5:ca:ed:e3:6e:e8:ba:cf:c8:da:af:50:78:3c:
         ab:73:2c:ad:cf:7c:bd:63:50:1a:61:75:47:7c:94:d3:a0:f6:
         1d:53:5f:a2:65:db:97:10:21:4f:c1:6f:b7:95:d8:2f:bb:04:
         60:3f:5c:1e:d4:c5:3a:3a:3b:54:f6:4a:0f:1b:bb:42:41:45:
         c9:30:9f:4e:be:90:70:99:39:9c:aa:b2:e8:0a:83:5a:b1:90:
         0a:1a:ac:bd:e3:6a:90:c7:af:43:a7:9b:e1:db:12:20:f7:87:
         87:65:1b:f6:57:10:39:71:84:69:d1:81:9a:3c:c5:eb:81:de:
         23:79:40:b9:79:97:96:b4:a3:b8:21:48:74:6f:72:83:34:7f:
         ed:bb:e3:29:5e:cf:71:d5:06:cb:cd:5b:33:1c:03:9a:30:b2:
         95:0b:e4:16:0b:9b:43:67:b8:54:c5:5f:68:96:1e:ba:fe:6a:
         6f:06:9f:9b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUaAVh7VEz0gvKkFre6Hh+bcqd+z8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNjA1MDgxOTU1NDRaFw0yNzA1MDcyMDAwNDRaMDMxMTAvBgNV
BAMTKDYzQ0VFRUVCODIyNEExQTZENTlFMjg1NzRCQzk0RjFGMUNGNTk0REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmNxGduAvAwCknfx7PjPdxJnii
X6hjP2jQJ80qXdbqShhdBvm5vmrEBU2/gLvtskrsoyyVF7obZ+wuK/gb2R6p9jJP
n2rbHz/E9dZRUWAL9QMk7oTBQsfyTmLCK455AORKqMjzadE0bM8B1r8nD3iXpvP0
jyY5PGSr12gIkWTUyNvuYVk2uP7T3pMKshtrEWM46I5nZotWMaj5AlM/qQ6k+SrC
AFan5Y9izIjWs7Awr9t81iQzbwVm9XVS+WYNnv78cqq07PvXdWjVemKaKLIpqQId
REpzcdVsgixmzkfBdhRgDp+6aQetIZIqIsr+Topgtt4LTTfPsjkNHpp7kN9vAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUY87u64IkoabVnihXS8lPHxz1lN4wHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXV9wMA0G
CSqGSIb3DQEBCwUAA4IBAQC6oTjGp3vXSIIzs5ghGKE3Te6Twe0qTfJrzDSS9/Wt
cCyas35G44ObWZ7wqluJKSCjxhcqNGLR9no0EUq1gHyb1/xbXjQgHmTUAh3uxcrt
427ous/I2q9QeDyrcyytz3y9Y1AaYXVHfJTToPYdU1+iZduXECFPwW+3ldgvuwRg
P1we1MU6OjtU9koPG7tCQUXJMJ9OvpBwmTmcqrLoCoNasZAKGqy942qQx69Dp5vh
2xIg94eHZRv2VxA5cYRp0YGaPMXrgd4jeUC5eZeWtKO4IUh0b3KDNH/tu+MpXs9x
1QbLzVszHAOaMLKVC+QWC5tDZ7hUxV9olh66/mpvBp+b
-----END CERTIFICATE-----