Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e20383334.roa
File:                     39332e39352e3131342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          9slNHWe/rU70bOx5vd9mZUqmB1nBl1QE+Gk0eZLBnt8=
Subject key identifier:   DF:C0:72:8A:82:85:BA:47:39:52:A9:1D:8B:48:9C:1D:E9:DB:CF:74
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       4A35C9F12DD1F6A238279BDCE8B0454CDA6DCAF9
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e20383334.roa
Signing time:             Tue 04 Nov 2025 00:12:06 +0000
ROA not before:           Tue 04 Nov 2025 00:07:06 +0000
ROA not after:            Tue 03 Nov 2026 00:12:06 +0000
asID:                     834
IP address blocks:        93.95.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:35:c9:f1:2d:d1:f6:a2:38:27:9b:dc:e8:b0:45:4c:da:6d:ca:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Nov  4 00:07:06 2025 GMT
            Not After : Nov  3 00:12:06 2026 GMT
        Subject: CN=DFC0728A8285BA473952A91D8B489C1DE9DBCF74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:09:a5:cf:7c:3b:76:07:ae:96:9c:73:97:47:
                    87:01:78:ea:40:35:32:31:5c:e5:c0:df:50:23:cb:
                    99:70:ef:04:fc:8e:65:f3:bf:48:33:88:a6:b9:eb:
                    6f:3c:46:01:d2:e8:bb:c2:62:93:a2:43:d7:b0:ae:
                    d5:aa:96:87:fd:b4:cb:0b:a5:4e:7f:6e:db:e0:bd:
                    5b:fc:61:47:fc:52:cf:5b:2c:01:66:ee:af:f6:ce:
                    3a:a2:83:d3:ad:9a:67:66:3d:b0:aa:00:a2:3c:e4:
                    f2:29:d5:f2:d0:20:c3:d3:ff:eb:a5:ae:0c:95:b6:
                    6e:ff:cc:7b:c0:a9:6f:46:a8:a5:a0:1c:cc:6f:ac:
                    97:e5:e2:d8:cd:1f:72:71:31:94:aa:c3:df:27:fa:
                    45:d9:a9:4a:91:69:91:56:2f:04:e5:5c:af:12:83:
                    2c:d5:f1:25:73:d7:19:0c:93:3c:c2:d3:4d:e5:af:
                    2e:39:02:01:59:97:9b:31:25:63:79:d2:a1:b5:dc:
                    8e:0a:87:5e:47:24:48:35:e3:03:06:57:d7:66:3c:
                    bb:3d:e8:36:c9:2f:ff:3c:41:77:d7:2c:ab:64:df:
                    95:30:52:d3:27:5f:92:b8:58:0f:18:c0:b9:f2:6d:
                    32:41:c5:88:39:23:f7:dd:6e:09:b5:5a:a5:66:35:
                    d4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C0:72:8A:82:85:BA:47:39:52:A9:1D:8B:48:9C:1D:E9:DB:CF:74
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:67:af:8f:b2:31:c7:da:c3:45:b8:05:aa:fe:27:1e:99:38:
         06:2c:70:62:bf:24:19:48:b1:20:84:58:9e:a4:0a:9a:16:ab:
         65:af:ef:8e:f9:4e:dd:e7:53:d0:43:cb:f9:81:d8:12:eb:48:
         3a:fc:5a:66:ad:e9:9d:f8:0a:9b:cc:6b:dc:80:26:19:a4:c2:
         49:48:5d:e3:29:9d:2b:f9:1a:55:1e:1d:c2:ea:9a:3f:e0:a1:
         be:04:e8:ae:a0:3f:17:03:84:57:93:6d:3f:b7:cb:28:f2:df:
         9b:35:9d:10:2d:82:a9:00:ba:51:5d:37:d7:4b:40:32:cd:e0:
         df:cf:2a:ed:71:c8:27:05:94:ee:c0:f4:4a:d9:5a:07:26:08:
         36:3f:fb:17:43:fd:0b:9d:41:b4:b4:55:74:64:60:19:b0:c7:
         fa:0d:3e:65:a8:43:17:d1:68:51:ca:b1:01:34:eb:92:75:3e:
         87:95:40:79:2e:d4:12:17:04:c7:9d:28:36:e6:c0:d4:72:ab:
         40:14:e2:6c:f7:a6:a0:ae:db:ac:12:a6:17:b3:e5:5e:7f:1e:
         45:bc:a8:d7:8a:46:2b:b7:85:11:94:2b:08:c7:f7:03:08:52:
         ab:9a:77:eb:a0:3e:4e:b1:52:15:25:c4:af:fd:fc:a4:50:82:
         cc:0b:40:bc
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSjXJ8S3R9qI4J5vc6LBFTNptyvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNTExMDQwMDA3MDZaFw0yNjExMDMwMDEyMDZaMDMxMTAvBgNV
BAMTKERGQzA3MjhBODI4NUJBNDczOTUyQTkxRDhCNDg5QzFERTlEQkNGNzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmCaXPfDt2B66WnHOXR4cBeOpA
NTIxXOXA31Ajy5lw7wT8jmXzv0gziKa56288RgHS6LvCYpOiQ9ewrtWqlof9tMsL
pU5/btvgvVv8YUf8Us9bLAFm7q/2zjqig9OtmmdmPbCqAKI85PIp1fLQIMPT/+ul
rgyVtm7/zHvAqW9GqKWgHMxvrJfl4tjNH3JxMZSqw98n+kXZqUqRaZFWLwTlXK8S
gyzV8SVz1xkMkzzC003lry45AgFZl5sxJWN50qG13I4Kh15HJEg14wMGV9dmPLs9
6DbJL/88QXfXLKtk35UwUtMnX5K4WA8YwLnybTJBxYg5I/fdbgm1WqVmNdSTAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU38ByioKFukc5Uqkdi0icHenbz3QwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV9yMA0G
CSqGSIb3DQEBCwUAA4IBAQDCZ6+PsjHH2sNFuAWq/icemTgGLHBivyQZSLEghFie
pAqaFqtlr++O+U7d51PQQ8v5gdgS60g6/Fpmremd+AqbzGvcgCYZpMJJSF3jKZ0r
+RpVHh3C6po/4KG+BOiuoD8XA4RXk20/t8so8t+bNZ0QLYKpALpRXTfXS0AyzeDf
zyrtccgnBZTuwPRK2VoHJgg2P/sXQ/0LnUG0tFV0ZGAZsMf6DT5lqEMX0WhRyrEB
NOuSdT6HlUB5LtQSFwTHnSg25sDUcqtAFOJs96agrtusEqYXs+Vefx5FvKjXikYr
t4URlCsIx/cDCFKrmnfroD5OsVIVJcSv/fykUILMC0C8
-----END CERTIFICATE-----