Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32342d3234203d3e20383334.roa
File:                     39332e39352e3131322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          VBESJfIooHy0zJiO9Ixvdk9UfFM21Teo3XpQGIbWXdo=
Subject key identifier:   D4:4B:3C:40:7E:6F:98:AD:B6:28:55:2F:DD:7C:EA:B6:E9:1E:16:C8
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       48500A6807287B5CEC2D68AE8DF15108E7F247FE
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32342d3234203d3e20383334.roa
Signing time:             Tue 04 Nov 2025 00:12:06 +0000
ROA not before:           Tue 04 Nov 2025 00:07:06 +0000
ROA not after:            Tue 03 Nov 2026 00:12:06 +0000
asID:                     834
IP address blocks:        93.95.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:50:0a:68:07:28:7b:5c:ec:2d:68:ae:8d:f1:51:08:e7:f2:47:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Nov  4 00:07:06 2025 GMT
            Not After : Nov  3 00:12:06 2026 GMT
        Subject: CN=D44B3C407E6F98ADB628552FDD7CEAB6E91E16C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:f8:ee:13:b5:92:78:db:b1:8b:c0:db:da:1d:
                    9c:b9:b6:5c:3f:d5:78:8c:12:bb:c3:8c:2d:00:d6:
                    aa:4f:e1:75:32:2b:ea:78:b1:43:fe:f1:a8:01:72:
                    d9:f8:c4:72:04:b1:de:11:52:b0:de:8d:3f:36:26:
                    44:e7:df:83:54:9b:48:a5:1f:f6:02:4d:95:c2:63:
                    26:6d:fb:ad:78:aa:8d:9b:22:c1:2a:c2:72:70:af:
                    a1:2f:69:7b:38:0c:62:07:da:68:c4:e9:ef:b1:25:
                    59:5f:bc:2b:13:23:96:7c:77:b3:bf:5c:ec:eb:14:
                    01:62:b9:2d:60:e7:49:a6:0e:80:4d:29:8d:91:94:
                    6b:e7:37:ea:c6:93:bf:e7:37:4d:59:08:d1:32:bf:
                    b0:ec:24:32:e7:88:ab:c9:f0:60:01:aa:5d:38:dd:
                    e8:b8:50:45:e9:e0:37:ce:84:65:33:cc:20:c3:91:
                    28:e9:b2:b0:a6:05:ed:54:ff:1a:f7:0f:09:87:e6:
                    07:22:cf:e7:ba:b8:50:0a:ec:c5:ed:5c:87:7a:3a:
                    2f:04:79:55:23:a9:6c:80:16:ad:23:21:13:db:ca:
                    c9:e7:c7:13:df:5e:c4:15:dc:d4:c0:26:b5:26:60:
                    98:f7:33:ad:5c:8a:54:a3:16:79:51:f6:ab:25:cd:
                    b0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:4B:3C:40:7E:6F:98:AD:B6:28:55:2F:DD:7C:EA:B6:E9:1E:16:C8
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:a5:cc:48:96:ff:70:00:79:78:34:26:88:b2:fb:44:87:f6:
         fe:03:91:00:fc:69:d7:b0:06:56:86:16:bb:3c:84:83:3b:5e:
         c9:d0:02:56:89:47:db:74:ea:62:20:c9:06:5b:a3:97:ce:60:
         ef:69:1f:14:39:65:cd:4a:dd:7f:4e:fa:f2:c1:4f:6c:63:d8:
         33:29:21:12:0e:4e:89:d1:a3:4c:06:bb:2a:11:84:8c:e0:07:
         48:71:08:c8:70:2b:e3:40:ac:26:e3:0f:b8:5b:b7:7c:54:ff:
         b0:cc:98:be:0d:66:79:49:7b:dd:47:08:5d:c7:77:48:06:b9:
         31:2c:f1:e0:c6:cf:33:42:e0:1e:f4:f9:a3:b0:0c:7b:f1:a5:
         9a:49:7b:a2:d3:83:19:a4:f2:12:7c:c1:d0:f0:11:64:0f:f1:
         01:37:4c:93:d6:fb:7e:07:a4:d3:c2:10:bb:b0:e8:21:2d:da:
         b5:80:dd:00:cf:6e:1e:a3:13:9c:98:63:0b:47:21:df:2e:3d:
         5e:b0:a9:36:22:66:ac:13:c4:e4:9b:7e:bc:61:97:9e:12:f8:
         cc:dd:40:36:42:cd:28:4a:20:1c:d3:bf:01:b8:ad:ea:12:5a:
         0b:82:83:c6:c2:7d:f4:ec:83:10:af:fd:e0:4d:0e:f8:86:12:
         2c:9e:33:42
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSFAKaAcoe1zsLWiujfFRCOfyR/4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNTExMDQwMDA3MDZaFw0yNjExMDMwMDEyMDZaMDMxMTAvBgNV
BAMTKEQ0NEIzQzQwN0U2Rjk4QURCNjI4NTUyRkREN0NFQUI2RTkxRTE2QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDk+O4TtZJ427GLwNvaHZy5tlw/
1XiMErvDjC0A1qpP4XUyK+p4sUP+8agBctn4xHIEsd4RUrDejT82JkTn34NUm0il
H/YCTZXCYyZt+614qo2bIsEqwnJwr6EvaXs4DGIH2mjE6e+xJVlfvCsTI5Z8d7O/
XOzrFAFiuS1g50mmDoBNKY2RlGvnN+rGk7/nN01ZCNEyv7DsJDLniKvJ8GABql04
3ei4UEXp4DfOhGUzzCDDkSjpsrCmBe1U/xr3DwmH5gciz+e6uFAK7MXtXId6Oi8E
eVUjqWyAFq0jIRPbysnnxxPfXsQV3NTAJrUmYJj3M61cilSjFnlR9qslzbBNAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU1Es8QH5vmK22KFUv3XzqtukeFsgwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV9wMA0G
CSqGSIb3DQEBCwUAA4IBAQCepcxIlv9wAHl4NCaIsvtEh/b+A5EA/GnXsAZWhha7
PISDO17J0AJWiUfbdOpiIMkGW6OXzmDvaR8UOWXNSt1/TvrywU9sY9gzKSESDk6J
0aNMBrsqEYSM4AdIcQjIcCvjQKwm4w+4W7d8VP+wzJi+DWZ5SXvdRwhdx3dIBrkx
LPHgxs8zQuAe9PmjsAx78aWaSXui04MZpPISfMHQ8BFkD/EBN0yT1vt+B6TTwhC7
sOghLdq1gN0Az24eoxOcmGMLRyHfLj1esKk2ImasE8Tkm368YZeeEvjM3UA2Qs0o
SiAc078BuK3qEloLgoPGwn307IMQr/3gTQ74hhIsnjNC
-----END CERTIFICATE-----