Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/39352e3231342e3137332e302f32342d3234203d3e20383334.roa
File:                     39352e3231342e3137332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          cirGnJyv9EspRQxNyGyC6PnLZwK1svkwcmvgRnr8Tqg=
Subject key identifier:   52:5C:A1:CD:41:1A:44:3E:17:55:53:FE:B9:36:B2:43:3A:34:28:A3
Certificate issuer:       /CN=92f49de8684f1287f4f6cb185d5cf7de80c90b94
Certificate serial:       7742AE2926755C29D019FFC1E0917A45564D7C8E
Authority key identifier: 92:F4:9D:E8:68:4F:12:87:F4:F6:CB:18:5D:5C:F7:DE:80:C9:0B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/39352e3231342e3137332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 15 Jul 2025 00:04:08 +0000
ROA not before:           Mon 14 Jul 2025 23:59:08 +0000
ROA not after:            Tue 14 Jul 2026 00:04:08 +0000
asID:                     834
IP address blocks:        95.214.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 08:27:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:42:ae:29:26:75:5c:29:d0:19:ff:c1:e0:91:7a:45:56:4d:7c:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f49de8684f1287f4f6cb185d5cf7de80c90b94
        Validity
            Not Before: Jul 14 23:59:08 2025 GMT
            Not After : Jul 14 00:04:08 2026 GMT
        Subject: CN=525CA1CD411A443E175553FEB936B2433A3428A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:37:b9:a4:7d:d1:f6:55:74:a4:51:2e:93:b7:
                    ef:39:e8:b0:72:e9:c5:f1:96:68:99:56:47:00:1c:
                    5d:c1:3b:5d:8b:67:83:13:81:34:7b:ea:a2:11:5f:
                    0c:98:8d:99:00:8d:c0:d1:45:d7:9a:f4:2c:d4:c0:
                    3f:46:05:52:53:9e:7e:d3:7c:77:47:9b:dd:06:7b:
                    f6:a2:3e:80:3e:c9:64:07:52:35:28:db:40:fa:55:
                    5c:a1:d0:20:cc:4f:73:77:9a:ca:c5:61:9d:b3:18:
                    34:67:39:44:bc:96:54:49:8c:8d:05:93:f1:83:d8:
                    9c:73:ba:0d:70:12:68:cc:bd:27:05:6c:18:8a:ad:
                    1f:23:f1:fa:41:3e:ff:69:07:7a:d9:46:54:dc:9a:
                    98:ee:4b:59:3b:06:0d:8d:32:5e:7e:94:0f:71:56:
                    af:9f:d6:01:5e:97:7f:82:ea:ea:40:56:bc:2a:9d:
                    ab:a1:29:9f:97:8e:8b:02:fb:15:b5:a8:df:47:e4:
                    23:ac:a9:51:44:ea:b2:f4:12:85:e4:6e:3b:c8:12:
                    56:7f:b9:34:cb:55:9d:31:a0:5a:ec:2a:2c:d8:ff:
                    26:f0:d5:c4:5c:5a:51:fa:d9:29:e1:60:bf:a1:65:
                    a0:8e:09:df:e2:2a:b6:d1:38:ca:f1:ea:f7:8e:d0:
                    1e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:5C:A1:CD:41:1A:44:3E:17:55:53:FE:B9:36:B2:43:3A:34:28:A3
            X509v3 Authority Key Identifier:
                keyid:92:F4:9D:E8:68:4F:12:87:F4:F6:CB:18:5D:5C:F7:DE:80:C9:0B:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/39352e3231342e3137332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:1e:fd:40:d1:a9:72:73:82:af:5b:55:01:df:25:21:00:a7:
         ea:7e:33:25:8f:d0:a1:83:54:38:bf:cc:a5:fb:9a:1a:95:c6:
         b0:d1:31:41:13:17:ac:4f:b1:be:95:fc:b4:43:99:43:93:ac:
         22:35:e1:77:39:29:b2:10:37:02:f2:d7:01:32:b4:4b:80:b4:
         b2:da:ff:cb:b2:bf:8a:ff:15:0d:aa:26:cc:b6:b0:da:72:b6:
         86:4c:12:d1:c5:62:f0:90:4a:33:94:f5:e3:5e:64:f5:9b:c0:
         4b:9f:dc:6b:b1:78:6b:f3:6a:0d:81:49:09:45:b0:d8:37:82:
         14:08:86:9a:bf:d4:fd:8b:8b:22:68:e1:12:ba:71:1e:54:e6:
         6e:c1:d2:a7:3b:f8:35:0b:7e:08:f5:0d:09:cf:00:d3:e7:5f:
         69:59:b9:cb:89:ba:d3:aa:aa:55:e5:8f:ee:3b:0b:a9:ff:82:
         cc:60:29:79:3b:f4:32:c3:16:10:35:62:99:96:03:89:86:b1:
         e3:5b:a4:cd:dc:86:17:35:47:8c:a9:49:f9:7c:8b:ce:c5:32:
         b2:65:61:30:27:03:f7:e9:9e:db:29:3e:b2:94:28:bf:16:ef:
         d3:9e:a7:ee:62:ac:68:ee:d4:e0:6e:83:04:27:1f:87:05:e6:
         72:b6:48:8f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUd0KuKSZ1XCnQGf/B4JF6RVZNfI4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTJmNDlkZTg2ODRmMTI4N2Y0ZjZjYjE4NWQ1Y2Y3ZGU4
MGM5MGI5NDAeFw0yNTA3MTQyMzU5MDhaFw0yNjA3MTQwMDA0MDhaMDMxMTAvBgNV
BAMTKDUyNUNBMUNENDExQTQ0M0UxNzU1NTNGRUI5MzZCMjQzM0EzNDI4QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkN7mkfdH2VXSkUS6Tt+856LBy
6cXxlmiZVkcAHF3BO12LZ4MTgTR76qIRXwyYjZkAjcDRRdea9CzUwD9GBVJTnn7T
fHdHm90Ge/aiPoA+yWQHUjUo20D6VVyh0CDMT3N3msrFYZ2zGDRnOUS8llRJjI0F
k/GD2Jxzug1wEmjMvScFbBiKrR8j8fpBPv9pB3rZRlTcmpjuS1k7Bg2NMl5+lA9x
Vq+f1gFel3+C6upAVrwqnauhKZ+XjosC+xW1qN9H5COsqVFE6rL0EoXkbjvIElZ/
uTTLVZ0xoFrsKizY/ybw1cRcWlH62SnhYL+hZaCOCd/iKrbROMrx6veO0B5JAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUlyhzUEaRD4XVVP+uTayQzo0KKMwHwYDVR0j
BBgwFoAUkvSd6GhPEof09ssYXVz33oDJC5QwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNjA5MjMzODktMmJkZS00M2UwLWIwZDUtZmMyNDRhNjMw
M2QwLzAvOTJGNDlERTg2ODRGMTI4N0Y0RjZDQjE4NUQ1Q0Y3REU4MEM5MEI5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2t2U2Q2R2hQRW9mMDlzc1lYVnozM29E
SkM1US5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNjA5MjMzODkt
MmJkZS00M2UwLWIwZDUtZmMyNDRhNjMwM2QwLzAvMzkzNTJlMzIzMTM0MmUzMTM3
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABf1q0w
DQYJKoZIhvcNAQELBQADggEBAIEe/UDRqXJzgq9bVQHfJSEAp+p+MyWP0KGDVDi/
zKX7mhqVxrDRMUETF6xPsb6V/LRDmUOTrCI14Xc5KbIQNwLy1wEytEuAtLLa/8uy
v4r/FQ2qJsy2sNpytoZMEtHFYvCQSjOU9eNeZPWbwEuf3GuxeGvzag2BSQlFsNg3
ghQIhpq/1P2LiyJo4RK6cR5U5m7B0qc7+DULfgj1DQnPANPnX2lZucuJutOqqlXl
j+47C6n/gsxgKXk79DLDFhA1YpmWA4mGseNbpM3chhc1R4ypSfl8i87FMrJlYTAn
A/fpntspPrKUKL8W79Oep+5irGju1OBugwQnH4cF5nK2SI8=
-----END CERTIFICATE-----