Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3136362e302f32342d3234203d3e203633313530.roa
File:                     39352e3136392e3136362e302f32342d3234203d3e203633313530.roa (raw, json)
Hash identifier:          zeOelHfLdZjMH3OkxCEQZ20Nkae1JE0nc2s+xWdEEEQ=
Subject key identifier:   A4:86:31:2D:14:55:E4:EF:58:E5:1F:17:9C:B5:2C:83:7A:FB:CB:25
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       148E6EBAEA3F78FE5920C127A482A172C010BEBA
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3136362e302f32342d3234203d3e203633313530.roa
Signing time:             Sat 11 Oct 2025 08:55:08 +0000
ROA not before:           Sat 11 Oct 2025 08:50:08 +0000
ROA not after:            Sat 10 Oct 2026 08:55:08 +0000
asID:                     63150
IP address blocks:        95.169.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:8e:6e:ba:ea:3f:78:fe:59:20:c1:27:a4:82:a1:72:c0:10:be:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: Oct 11 08:50:08 2025 GMT
            Not After : Oct 10 08:55:08 2026 GMT
        Subject: CN=A486312D1455E4EF58E51F179CB52C837AFBCB25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:1b:23:b2:85:3e:80:30:e4:0a:db:f7:15:60:
                    65:0e:88:81:a0:68:da:46:f8:8a:05:3a:fd:5d:66:
                    b6:ce:36:07:5a:f2:a4:31:08:d8:d8:33:36:c0:7e:
                    bd:86:88:cc:19:3a:fe:f3:02:71:97:1f:60:93:1e:
                    40:66:ea:b0:0e:d1:42:d5:68:18:de:d7:f0:2d:d8:
                    f8:ea:a2:21:2f:0f:54:ad:30:fb:8b:a3:c7:e1:c3:
                    0c:3a:76:f3:ad:ed:2d:e0:66:57:e2:a9:1e:99:24:
                    74:f4:4d:42:f7:2d:a8:22:fe:b5:00:5a:d2:3b:26:
                    6b:99:55:6f:6b:04:c0:d3:40:f3:d8:23:4c:71:fe:
                    4c:b1:4b:ef:e5:65:89:97:68:cc:01:88:59:53:40:
                    30:f9:77:a4:b0:df:d8:0d:f1:47:19:8b:2f:68:1e:
                    a8:1a:96:b9:27:3b:d6:26:bc:3e:6d:90:c6:28:11:
                    da:a4:32:45:ff:d0:85:6e:c2:58:3f:7e:96:05:f9:
                    85:fe:77:38:42:06:a6:6c:50:dc:64:0e:3a:2c:ac:
                    00:9d:c2:4f:7d:5c:52:b1:87:26:2e:90:92:26:2a:
                    55:2b:f5:dd:e5:51:5e:f4:4d:2c:85:ba:9c:f5:a8:
                    4f:5f:af:29:ba:1a:f9:31:db:bd:44:58:76:48:9c:
                    9a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:86:31:2D:14:55:E4:EF:58:E5:1F:17:9C:B5:2C:83:7A:FB:CB:25
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3136362e302f32342d3234203d3e203633313530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:a7:21:a4:a2:55:45:d9:99:2f:5c:19:2b:86:69:96:37:40:
         f9:a7:9a:04:a6:37:12:37:95:4f:76:50:df:0a:17:56:03:4b:
         f0:65:50:7c:46:6c:97:32:36:6a:5c:03:72:72:94:c3:24:51:
         c1:62:b9:ff:5b:77:b6:2a:bf:d3:e9:50:ec:04:a6:07:7b:b0:
         ab:cf:15:a3:89:c9:bb:2a:fa:27:b2:a7:8c:9b:73:53:ae:ec:
         12:b8:25:26:56:ab:bc:d8:32:01:5d:b4:d7:0e:6f:cf:4d:71:
         84:06:81:38:0e:6d:54:b3:26:2e:e6:7f:3f:f9:28:1f:4e:40:
         02:8f:78:ba:28:0a:1b:e0:d7:38:3e:41:ff:14:a5:61:b0:19:
         68:25:5e:af:69:67:1a:cb:27:00:aa:76:57:95:97:88:29:b9:
         25:af:31:14:22:b1:5c:82:08:79:42:6e:18:e3:5f:8e:bf:c6:
         b3:6c:62:91:24:d1:0d:63:46:89:0f:9e:b2:c1:ff:b5:60:0f:
         90:08:f6:3a:5d:87:80:f7:7a:4c:a5:c5:49:4b:8a:3d:c2:03:
         12:05:27:bf:8d:d5:32:e5:e7:7c:ba:5a:bf:11:8b:3e:c0:77:
         21:5b:6e:a4:66:a3:d7:71:24:f1:9a:15:ad:71:f0:ed:31:33:
         04:e5:21:66
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUFI5uuuo/eP5ZIMEnpIKhcsAQvrowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNTEwMTEwODUwMDhaFw0yNjEwMTAwODU1MDhaMDMxMTAvBgNV
BAMTKEE0ODYzMTJEMTQ1NUU0RUY1OEU1MUYxNzlDQjUyQzgzN0FGQkNCMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1GyOyhT6AMOQK2/cVYGUOiIGg
aNpG+IoFOv1dZrbONgda8qQxCNjYMzbAfr2GiMwZOv7zAnGXH2CTHkBm6rAO0ULV
aBje1/At2PjqoiEvD1StMPuLo8fhwww6dvOt7S3gZlfiqR6ZJHT0TUL3Lagi/rUA
WtI7JmuZVW9rBMDTQPPYI0xx/kyxS+/lZYmXaMwBiFlTQDD5d6Sw39gN8UcZiy9o
HqgalrknO9YmvD5tkMYoEdqkMkX/0IVuwlg/fpYF+YX+dzhCBqZsUNxkDjosrACd
wk99XFKxhyYukJImKlUr9d3lUV70TSyFupz1qE9frym6Gvkx271EWHZInJrZAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUpIYxLRRV5O9Y5R8XnLUsg3r7yyUwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzkzNTJlMzEzNjM5MmUzMTM2
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzEzNTMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
X6mmMA0GCSqGSIb3DQEBCwUAA4IBAQCopyGkolVF2ZkvXBkrhmmWN0D5p5oEpjcS
N5VPdlDfChdWA0vwZVB8RmyXMjZqXANycpTDJFHBYrn/W3e2Kr/T6VDsBKYHe7Cr
zxWjicm7KvonsqeMm3NTruwSuCUmVqu82DIBXbTXDm/PTXGEBoE4Dm1UsyYu5n8/
+SgfTkACj3i6KAob4Nc4PkH/FKVhsBloJV6vaWcayycAqnZXlZeIKbklrzEUIrFc
ggh5Qm4Y41+Ov8azbGKRJNENY0aJD56ywf+1YA+QCPY6XYeA93pMpcVJS4o9wgMS
BSe/jdUy5ed8ulq/EYs+wHchW26kZqPXcSTxmhWtcfDtMTME5SFm
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:26:05 2025 by rpki-client