Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e20383334.roa
File:                     39332e39352e3131342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          4lOTuSgWqAmrfILSuLn7dSenYEngEl5ae3tNRsBed14=
Subject key identifier:   1A:C5:F7:DB:07:A3:80:D7:B5:A4:BF:4C:FE:2C:BB:4B:C6:54:BB:B6
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       58C280BB05922F082CA9C7FEF240EA751EE826B1
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e20383334.roa
Signing time:             Mon 08 Jun 2026 16:37:20 +0000
ROA not before:           Mon 08 Jun 2026 16:32:20 +0000
ROA not after:            Mon 07 Jun 2027 16:37:20 +0000
asID:                     834
IP address blocks:        93.95.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:49:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:c2:80:bb:05:92:2f:08:2c:a9:c7:fe:f2:40:ea:75:1e:e8:26:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Jun  8 16:32:20 2026 GMT
            Not After : Jun  7 16:37:20 2027 GMT
        Subject: CN=1AC5F7DB07A380D7B5A4BF4CFE2CBB4BC654BBB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3b:9a:24:71:cc:cb:b3:89:eb:54:ad:b3:a8:
                    49:4b:6e:e5:db:c4:22:22:d2:d4:2f:6f:f8:d4:b9:
                    5d:e4:d1:a8:39:fb:a0:44:bf:31:cb:8e:26:02:13:
                    83:98:de:b7:bc:81:b1:ee:2f:04:47:f6:c1:3f:c0:
                    e8:e5:08:da:96:f6:b6:54:db:d1:54:ae:3d:5a:d8:
                    11:84:6b:e5:ce:18:07:fd:2f:44:4a:e5:12:75:59:
                    86:1a:97:75:b9:f8:12:48:86:06:b8:fd:eb:34:29:
                    f0:32:a0:e8:45:47:fd:0d:10:6b:01:a0:b4:15:5b:
                    a3:78:e0:fe:24:39:4e:fb:2d:57:bc:8e:71:65:b7:
                    d5:16:77:f8:85:e5:b4:4b:23:95:43:5e:91:39:ce:
                    29:17:27:09:51:f0:c9:a4:65:58:a2:d0:20:c4:44:
                    7e:f9:fa:2d:bf:db:9a:b5:a5:a2:38:85:d1:cd:8d:
                    0a:2e:58:e1:17:19:3a:13:2a:fd:84:d4:74:d7:85:
                    3e:23:e5:f1:0b:9d:4c:c6:b1:bd:8e:04:38:73:52:
                    39:f5:78:42:70:3f:8e:3f:e1:b8:e2:45:2d:d7:e7:
                    f8:ed:f4:8c:72:d8:b6:f8:40:b2:19:c8:ad:be:64:
                    dd:e8:ae:93:1f:c2:d5:4b:c2:b4:2b:55:c0:62:56:
                    48:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C5:F7:DB:07:A3:80:D7:B5:A4:BF:4C:FE:2C:BB:4B:C6:54:BB:B6
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:50:72:55:3b:48:05:55:46:a9:c3:ba:68:19:89:a1:f5:ad:
         90:c2:67:71:d3:46:db:d0:1e:f0:df:a0:27:b4:b0:5e:ec:38:
         67:ea:01:33:39:34:16:77:6d:bb:86:10:5c:99:35:d4:8c:34:
         8c:11:2c:63:3f:e7:9e:d8:b3:b8:0f:29:47:ca:ec:35:20:cd:
         85:ba:31:87:e7:d0:28:8b:16:02:1e:59:a5:ec:2e:09:47:19:
         10:54:03:3d:c0:62:f1:a0:73:f1:d4:82:71:d2:d2:43:6f:e0:
         55:70:35:0e:ae:92:f4:ae:77:c4:79:5f:ab:0d:f5:13:14:e8:
         45:e4:35:9f:6d:ab:fe:46:04:69:92:df:7b:44:78:58:7c:64:
         12:90:11:16:76:4a:45:a5:9a:bc:f4:11:ad:a0:6d:9f:62:26:
         dd:b4:f7:aa:53:21:3b:73:97:cc:7b:55:83:ca:89:52:13:33:
         35:de:7e:c3:80:b8:97:66:41:e0:bc:c6:25:7a:54:93:7d:d8:
         e8:3f:c9:a6:ba:12:4c:8d:77:61:65:07:b2:8a:d1:30:d3:d3:
         54:16:45:61:72:13:7e:19:61:c1:0e:d1:20:a5:34:cb:af:43:
         93:e7:f8:79:a5:d4:33:aa:46:ed:e4:42:86:34:86:b0:16:c9:
         26:74:a0:1e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUWMKAuwWSLwgsqcf+8kDqdR7oJrEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNjA2MDgxNjMyMjBaFw0yNzA2MDcxNjM3MjBaMDMxMTAvBgNV
BAMTKDFBQzVGN0RCMDdBMzgwRDdCNUE0QkY0Q0ZFMkNCQjRCQzY1NEJCQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFO5okcczLs4nrVK2zqElLbuXb
xCIi0tQvb/jUuV3k0ag5+6BEvzHLjiYCE4OY3re8gbHuLwRH9sE/wOjlCNqW9rZU
29FUrj1a2BGEa+XOGAf9L0RK5RJ1WYYal3W5+BJIhga4/es0KfAyoOhFR/0NEGsB
oLQVW6N44P4kOU77LVe8jnFlt9UWd/iF5bRLI5VDXpE5zikXJwlR8MmkZVii0CDE
RH75+i2/25q1paI4hdHNjQouWOEXGToTKv2E1HTXhT4j5fELnUzGsb2OBDhzUjn1
eEJwP44/4bjiRS3X5/jt9Ixy2Lb4QLIZyK2+ZN3orpMfwtVLwrQrVcBiVkgPAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUGsX32wejgNe1pL9M/iy7S8ZUu7YwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV9yMA0G
CSqGSIb3DQEBCwUAA4IBAQBLUHJVO0gFVUapw7poGYmh9a2Qwmdx00bb0B7w36An
tLBe7Dhn6gEzOTQWd227hhBcmTXUjDSMESxjP+ee2LO4DylHyuw1IM2FujGH59Ao
ixYCHlml7C4JRxkQVAM9wGLxoHPx1IJx0tJDb+BVcDUOrpL0rnfEeV+rDfUTFOhF
5DWfbav+RgRpkt97RHhYfGQSkBEWdkpFpZq89BGtoG2fYibdtPeqUyE7c5fMe1WD
yolSEzM13n7DgLiXZkHgvMYlelSTfdjoP8mmuhJMjXdhZQeyitEw09NUFkVhchN+
GWHBDtEgpTTLr0OT5/h5pdQzqkbt5EKGNIawFskmdKAe
-----END CERTIFICATE-----