Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa
File:                     39332e39322e32322e302f32332d3234203d3e203534333339.roa (raw, json)
Hash identifier:          88A6WN8qi/A8Ut9i/zPgFdBiGIl+iAKvU5wxlPcUnB8=
Subject key identifier:   33:C6:52:D0:F1:C3:D9:AF:A9:63:64:7B:D0:30:C8:83:E5:76:63:CB
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       40449342DA7FDEF7A68B07D3B3994BCBFBD8A3AB
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa
Signing time:             Fri 17 Oct 2025 12:55:09 +0000
ROA not before:           Fri 17 Oct 2025 12:50:09 +0000
ROA not after:            Fri 16 Oct 2026 12:55:09 +0000
asID:                     54339
IP address blocks:        93.92.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:44:93:42:da:7f:de:f7:a6:8b:07:d3:b3:99:4b:cb:fb:d8:a3:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Oct 17 12:50:09 2025 GMT
            Not After : Oct 16 12:55:09 2026 GMT
        Subject: CN=33C652D0F1C3D9AFA963647BD030C883E57663CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ad:4d:e0:28:47:cd:25:1b:5d:e8:5c:b5:bb:
                    24:dc:54:e2:06:2a:7a:c9:bf:92:7e:57:a7:27:1a:
                    0b:da:fe:a9:88:54:0f:e9:e8:4e:b7:42:7e:b6:24:
                    8d:cb:ff:eb:80:7b:97:6f:84:b9:8b:3b:6f:4f:43:
                    90:a9:08:5a:e5:a2:bd:c2:54:74:e6:b3:9d:2b:4f:
                    d4:1f:8f:08:0f:5a:43:55:e7:ff:26:b6:32:3e:f7:
                    16:a3:e3:f0:6c:e0:41:6e:85:0d:fc:71:07:c8:8c:
                    25:23:ab:73:f1:be:2f:59:86:33:1f:07:4b:63:5d:
                    8b:16:e4:74:ba:9b:0d:b9:52:73:d2:dc:51:c2:4a:
                    06:d2:91:de:e8:98:44:f7:6c:d8:cd:1c:02:df:13:
                    60:09:c0:d7:c7:1b:7d:fd:11:68:97:22:b9:2d:8b:
                    0e:a1:88:1b:ad:19:10:de:f8:ba:c6:4a:53:2f:c6:
                    27:8c:f0:a8:37:55:27:77:15:52:97:2b:b3:61:8e:
                    37:a4:9c:0e:f1:56:c6:6b:b7:c6:a4:8e:27:05:a1:
                    59:91:8a:0f:3d:58:f4:54:4f:34:d7:b7:ce:da:ff:
                    d2:19:05:8d:39:54:91:92:7c:81:15:d4:e9:d3:b4:
                    cb:d4:a3:0e:66:1c:38:36:13:19:01:f6:bb:c4:6b:
                    65:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:C6:52:D0:F1:C3:D9:AF:A9:63:64:7B:D0:30:C8:83:E5:76:63:CB
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:29:be:52:ea:43:8a:ce:1e:26:6b:c7:a9:ed:f0:9f:1c:b0:
         05:b2:2e:95:40:db:4f:f2:ed:62:b2:07:68:a2:67:b0:85:6c:
         57:7c:b5:7c:94:1f:82:0d:be:64:d9:03:44:b9:76:e7:fb:b6:
         79:06:df:60:cc:c2:4f:fc:4f:5a:7f:2a:13:30:99:8d:6a:df:
         96:d7:f8:2d:fe:27:3a:27:59:ad:fb:77:72:c1:70:c2:4c:7c:
         9e:8a:39:9b:91:4c:bf:3c:99:6a:ce:33:fe:47:64:a7:ce:be:
         d8:d3:da:aa:ba:e0:43:28:6a:67:44:28:23:dc:c7:91:0c:c1:
         aa:56:19:6b:fd:70:5d:91:fd:bd:48:14:ad:dd:2e:94:16:33:
         61:b3:97:77:0b:7d:c7:7b:c0:99:95:63:08:87:28:5a:67:9f:
         ea:77:c0:04:df:c8:f2:ce:83:c9:7f:e3:3c:bd:76:92:a3:53:
         a3:32:b8:22:aa:b5:d9:dd:37:4b:b5:e1:07:fd:e6:ff:92:40:
         a8:ca:33:83:0a:82:a1:97:14:54:31:ff:e9:11:6b:a3:77:bf:
         d6:05:19:cc:d6:52:63:1e:76:7a:55:17:1d:a6:d6:aa:70:67:
         5b:5e:f3:b5:9f:c3:58:01:93:1e:b4:09:1d:d5:e8:bf:a2:d4:
         c0:09:d1:29
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQESTQtp/3vemiwfTs5lLy/vYo6swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTEwMTcxMjUwMDlaFw0yNjEwMTYxMjU1MDlaMDMxMTAvBgNV
BAMTKDMzQzY1MkQwRjFDM0Q5QUZBOTYzNjQ3QkQwMzBDODgzRTU3NjYzQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUrU3gKEfNJRtd6Fy1uyTcVOIG
KnrJv5J+V6cnGgva/qmIVA/p6E63Qn62JI3L/+uAe5dvhLmLO29PQ5CpCFrlor3C
VHTms50rT9QfjwgPWkNV5/8mtjI+9xaj4/Bs4EFuhQ38cQfIjCUjq3Pxvi9ZhjMf
B0tjXYsW5HS6mw25UnPS3FHCSgbSkd7omET3bNjNHALfE2AJwNfHG339EWiXIrkt
iw6hiButGRDe+LrGSlMvxieM8Kg3VSd3FVKXK7NhjjeknA7xVsZrt8akjicFoVmR
ig89WPRUTzTXt87a/9IZBY05VJGSfIEV1OnTtMvUow5mHDg2ExkB9rvEa2UpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUM8ZS0PHD2a+pY2R70DDIg+V2Y8swHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzkzMzJlMzkzMjJlMzIzMjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM1MzQzMzMzMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFdXBYw
DQYJKoZIhvcNAQELBQADggEBAHcpvlLqQ4rOHiZrx6nt8J8csAWyLpVA20/y7WKy
B2iiZ7CFbFd8tXyUH4INvmTZA0S5duf7tnkG32DMwk/8T1p/KhMwmY1q35bX+C3+
JzonWa37d3LBcMJMfJ6KOZuRTL88mWrOM/5HZKfOvtjT2qq64EMoamdEKCPcx5EM
wapWGWv9cF2R/b1IFK3dLpQWM2Gzl3cLfcd7wJmVYwiHKFpnn+p3wATfyPLOg8l/
4zy9dpKjU6MyuCKqtdndN0u14Qf95v+SQKjKM4MKgqGXFFQx/+kRa6N3v9YFGczW
UmMednpVFx2m1qpwZ1te87Wfw1gBkx60CR3V6L+i1MAJ0Sk=
-----END CERTIFICATE-----