Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32342d3234203d3e203231383539.roa
File:                     39332e39352e3131322e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          /qKqCQ76EfJncAH1+pElYqDNRcZb1xZivyKMiSpERi8=
Subject key identifier:   57:36:8F:45:69:B2:4D:7D:09:17:62:C6:CF:54:AF:DB:2E:89:D7:50
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       0E0637F7ADD73758022AC2F57F892D7E912F5175
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32342d3234203d3e203231383539.roa
Signing time:             Wed 16 Apr 2025 07:02:02 +0000
ROA not before:           Wed 16 Apr 2025 06:57:02 +0000
ROA not after:            Wed 15 Apr 2026 07:02:02 +0000
asID:                     21859
IP address blocks:        93.95.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 00:11:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:06:37:f7:ad:d7:37:58:02:2a:c2:f5:7f:89:2d:7e:91:2f:51:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Apr 16 06:57:02 2025 GMT
            Not After : Apr 15 07:02:02 2026 GMT
        Subject: CN=57368F4569B24D7D091762C6CF54AFDB2E89D750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4e:98:28:d0:c3:cb:f5:88:f3:59:12:ec:be:
                    38:d5:88:9a:c3:33:8a:9b:18:6a:5b:70:f0:e0:58:
                    04:6c:fa:f9:8f:f3:e8:ad:fa:91:3e:67:c8:c7:1d:
                    c5:e8:1f:4e:8a:76:60:f2:58:36:3f:55:93:36:0f:
                    ae:51:bb:c2:e1:65:a8:b2:ba:82:ed:e6:de:52:d9:
                    0d:2f:66:7c:2c:26:89:70:e3:d3:c6:d3:ba:a0:e7:
                    e0:29:6a:42:35:e3:ba:cf:16:fe:46:ce:41:88:49:
                    ee:db:1d:f8:47:68:6c:d7:02:c0:e8:cf:ff:66:38:
                    c9:95:ec:c0:61:ef:31:fb:c6:7c:f3:fc:48:d1:a2:
                    84:c0:15:02:9f:4a:3b:59:ca:1e:54:8c:6b:de:30:
                    c1:72:7d:b4:21:7d:28:b1:0f:91:b5:6e:99:ce:76:
                    db:9d:80:6c:d5:3c:45:3a:42:41:7a:5a:b8:15:89:
                    47:16:c1:7e:f1:b0:f1:fd:38:13:23:fd:ef:1b:2b:
                    6d:54:dd:9a:65:01:5f:a8:20:25:40:0f:9f:89:d3:
                    8d:04:84:cc:ce:7d:ee:af:07:ea:a3:c6:d3:9b:5c:
                    83:34:7f:43:89:71:fb:fc:ae:35:23:f4:48:63:88:
                    a9:ea:79:63:f5:22:c5:3d:c2:3c:0f:29:dc:fd:73:
                    94:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:36:8F:45:69:B2:4D:7D:09:17:62:C6:CF:54:AF:DB:2E:89:D7:50
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:b6:53:48:14:07:b5:de:9d:c4:85:62:0e:c2:e4:3a:46:80:
         a2:44:e2:4a:0d:45:f5:a9:1a:57:69:a0:df:4a:9f:ff:b6:91:
         f6:0d:73:94:e2:28:c7:e2:80:7e:c9:5f:04:4b:4b:4a:44:91:
         e1:aa:c6:1e:f2:89:00:63:74:ff:ea:ca:15:1a:e3:b3:e8:96:
         01:f2:22:bf:80:aa:38:c1:73:5c:97:1f:a1:da:cd:7a:3e:af:
         7e:65:a9:34:1d:ec:24:3f:37:d0:46:da:cf:6d:48:c0:17:c8:
         60:c8:fb:5b:26:72:b9:20:80:b8:dc:1f:75:6f:85:de:4e:5e:
         9a:eb:64:c5:6a:eb:e5:5e:f9:e3:e3:5d:bf:3b:59:48:a0:e8:
         bc:0d:f7:06:b4:67:cf:89:20:c6:a8:b6:57:e2:e6:78:a2:69:
         c6:72:b9:62:b7:a6:12:fc:bc:61:be:01:53:c3:be:ab:05:0a:
         6a:3a:e2:05:7b:2b:b0:f1:22:03:d0:99:01:ae:a9:53:f0:1e:
         f6:53:89:27:97:59:5f:91:bd:6f:d6:75:2e:d3:16:96:93:88:
         57:26:ec:5f:69:62:8d:9a:ee:9b:e6:21:b8:6e:98:37:ee:c2:
         59:0c:b9:3b:d4:cd:e5:d9:e7:86:76:1e:25:46:80:13:72:c3:
         2e:ad:73:d0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDgY3963XN1gCKsL1f4ktfpEvUXUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNTA0MTYwNjU3MDJaFw0yNjA0MTUwNzAyMDJaMDMxMTAvBgNV
BAMTKDU3MzY4RjQ1NjlCMjREN0QwOTE3NjJDNkNGNTRBRkRCMkU4OUQ3NTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYTpgo0MPL9YjzWRLsvjjViJrD
M4qbGGpbcPDgWARs+vmP8+it+pE+Z8jHHcXoH06KdmDyWDY/VZM2D65Ru8LhZaiy
uoLt5t5S2Q0vZnwsJolw49PG07qg5+ApakI147rPFv5GzkGISe7bHfhHaGzXAsDo
z/9mOMmV7MBh7zH7xnzz/EjRooTAFQKfSjtZyh5UjGveMMFyfbQhfSixD5G1bpnO
dtudgGzVPEU6QkF6WrgViUcWwX7xsPH9OBMj/e8bK21U3ZplAV+oICVAD5+J040E
hMzOfe6vB+qjxtObXIM0f0OJcfv8rjUj9EhjiKnqeWP1IsU9wjwPKdz9c5RFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVzaPRWmyTX0JF2LGz1Sv2y6J11AwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1f
cDANBgkqhkiG9w0BAQsFAAOCAQEAcLZTSBQHtd6dxIViDsLkOkaAokTiSg1F9aka
V2mg30qf/7aR9g1zlOIox+KAfslfBEtLSkSR4arGHvKJAGN0/+rKFRrjs+iWAfIi
v4CqOMFzXJcfodrNej6vfmWpNB3sJD830Ebaz21IwBfIYMj7WyZyuSCAuNwfdW+F
3k5emutkxWrr5V754+NdvztZSKDovA33BrRnz4kgxqi2V+LmeKJpxnK5YremEvy8
Yb4BU8O+qwUKajriBXsrsPEiA9CZAa6pU/Ae9lOJJ5dZX5G9b9Z1LtMWlpOIVybs
X2lijZrum+YhuG6YN+7CWQy5O9TN5dnnhnYeJUaAE3LDLq1z0A==
-----END CERTIFICATE-----