Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131332e302f32342d3234203d3e203136323736.roa
File:                     39332e39352e3131332e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          cS6LWz+NEHJoa0EQVb5z92UR8C9jaztUFOxHHwpRPsY=
Subject key identifier:   26:B9:A3:4A:39:57:E0:15:47:DB:F8:D4:D2:C8:90:F2:AA:A3:68:06
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       03379816943911DC79FC8D555A08374B28190283
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131332e302f32342d3234203d3e203136323736.roa
Signing time:             Mon 23 Jun 2025 10:20:33 +0000
ROA not before:           Mon 23 Jun 2025 10:15:33 +0000
ROA not after:            Mon 22 Jun 2026 10:20:33 +0000
asID:                     16276
IP address blocks:        93.95.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 14:55:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:37:98:16:94:39:11:dc:79:fc:8d:55:5a:08:37:4b:28:19:02:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Jun 23 10:15:33 2025 GMT
            Not After : Jun 22 10:20:33 2026 GMT
        Subject: CN=26B9A34A3957E01547DBF8D4D2C890F2AAA36806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3b:49:13:49:ee:31:6b:13:65:a9:26:06:66:
                    cd:35:82:99:03:59:a8:0a:87:ac:39:e7:d8:68:67:
                    fb:a9:f5:5b:88:9f:b3:c0:5b:01:60:a3:3d:a8:f8:
                    55:0e:ce:70:4f:d5:bc:7f:da:0e:8a:a7:db:e3:5f:
                    c4:a0:bb:ad:09:03:17:39:4f:ad:93:22:70:62:c9:
                    4a:ec:73:a0:39:60:41:c1:cc:34:1d:e5:52:d9:c7:
                    64:19:38:34:4d:57:5a:2b:32:70:1c:d6:da:89:f2:
                    6d:5b:ab:eb:65:42:1d:9f:46:81:b2:73:2c:3e:68:
                    1b:a0:e1:0b:b0:d7:e6:11:58:91:3f:31:88:62:ea:
                    07:f5:0f:ca:b8:93:87:2d:b6:37:f4:eb:56:af:db:
                    23:25:f5:c1:59:8b:e1:02:aa:47:cd:0c:34:b5:08:
                    bb:03:6c:38:18:08:22:e5:e7:72:57:89:72:42:af:
                    36:e2:aa:cc:2b:8e:fd:cd:c4:d4:f2:51:8c:8f:b1:
                    97:14:bc:72:a5:97:c2:48:a1:c2:d2:8f:91:56:58:
                    93:d2:a7:a4:22:78:bb:13:7e:0a:4d:4d:42:c9:69:
                    d5:60:25:53:6b:f2:07:8e:9c:ad:b8:f7:4c:32:a4:
                    4d:e6:a4:ce:bf:17:19:9b:d5:3d:ec:cc:7f:f9:fe:
                    73:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:B9:A3:4A:39:57:E0:15:47:DB:F8:D4:D2:C8:90:F2:AA:A3:68:06
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131332e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:a6:b1:d8:31:f4:fa:ea:b9:ca:38:59:38:44:63:f1:c5:5a:
         f1:8c:2b:34:ae:df:d4:be:6c:07:8e:90:b3:b0:6a:74:fc:d1:
         0b:14:b8:ec:0e:85:67:e1:e0:e5:4c:94:bf:76:09:a4:e2:28:
         39:1f:6b:57:5b:2b:d5:35:8e:93:63:03:ec:97:4f:2d:27:b1:
         b7:e0:c0:b9:1c:53:57:24:31:a9:8d:a8:b1:cf:14:28:c3:fb:
         fc:aa:1a:f3:f4:0a:82:08:8f:56:26:21:57:21:ab:8b:13:1e:
         22:97:96:59:54:cd:52:84:52:81:a6:14:f5:af:79:ba:30:2a:
         dd:eb:3e:f3:4f:80:b0:c6:7f:48:73:5e:20:23:12:63:2d:bc:
         57:37:78:31:c1:62:4b:cc:e9:f4:50:b1:ef:bf:f5:b5:8c:33:
         9f:8f:db:4a:be:52:bb:eb:92:07:15:2e:d4:f9:ad:5c:59:96:
         4e:8d:87:8c:79:ae:09:b8:f3:ae:c7:b3:df:22:a2:fb:20:c4:
         64:57:50:2b:45:cc:f6:b2:b7:75:a1:a3:1c:7d:70:22:34:f6:
         3a:52:59:f3:98:3d:ac:76:09:6f:12:b1:9b:c3:2d:87:a0:22:
         25:d5:09:60:4c:9f:05:83:44:37:e7:9e:c6:54:52:20:c8:25:
         01:d4:6d:d6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAzeYFpQ5Edx5/I1VWgg3SygZAoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNTA2MjMxMDE1MzNaFw0yNjA2MjIxMDIwMzNaMDMxMTAvBgNV
BAMTKDI2QjlBMzRBMzk1N0UwMTU0N0RCRjhENEQyQzg5MEYyQUFBMzY4MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHO0kTSe4xaxNlqSYGZs01gpkD
WagKh6w559hoZ/up9VuIn7PAWwFgoz2o+FUOznBP1bx/2g6Kp9vjX8Sgu60JAxc5
T62TInBiyUrsc6A5YEHBzDQd5VLZx2QZODRNV1orMnAc1tqJ8m1bq+tlQh2fRoGy
cyw+aBug4Quw1+YRWJE/MYhi6gf1D8q4k4cttjf061av2yMl9cFZi+ECqkfNDDS1
CLsDbDgYCCLl53JXiXJCrzbiqswrjv3NxNTyUYyPsZcUvHKll8JIocLSj5FWWJPS
p6QieLsTfgpNTULJadVgJVNr8geOnK2490wypE3mpM6/Fxmb1T3szH/5/nOnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJrmjSjlX4BVH2/jU0siQ8qqjaAYwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjMyMzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1f
cTANBgkqhkiG9w0BAQsFAAOCAQEAU6ax2DH0+uq5yjhZOERj8cVa8YwrNK7f1L5s
B46Qs7BqdPzRCxS47A6FZ+Hg5UyUv3YJpOIoOR9rV1sr1TWOk2MD7JdPLSext+DA
uRxTVyQxqY2osc8UKMP7/Koa8/QKggiPViYhVyGrixMeIpeWWVTNUoRSgaYU9a95
ujAq3es+80+AsMZ/SHNeICMSYy28Vzd4McFiS8zp9FCx77/1tYwzn4/bSr5Su+uS
BxUu1PmtXFmWTo2HjHmuCbjzrsez3yKi+yDEZFdQK0XM9rK3daGjHH1wIjT2OlJZ
85g9rHYJbxKxm8Mth6AiJdUJYEyfBYNEN+eexlRSIMglAdRt1g==
-----END CERTIFICATE-----