Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa
File:                     AS32181.roa (raw, json)
Hash identifier:          w5BMYAMb923AkIWWrmCvrgsvH9MRTBCSrUkTmTEL2VU=
Subject key identifier:   03:3B:34:CB:27:39:B9:AC:C2:50:A9:7E:EA:72:22:50:FF:94:F0:F0
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7C030329975E73EC126C504682E5B4B3C8CE3172
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa
Signing time:             Mon 14 Jul 2025 10:54:13 +0000
ROA not before:           Mon 14 Jul 2025 10:49:13 +0000
ROA not after:            Mon 13 Jul 2026 10:54:13 +0000
asID:                     32181
IP address blocks:        195.20.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:03:03:29:97:5e:73:ec:12:6c:50:46:82:e5:b4:b3:c8:ce:31:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 14 10:49:13 2025 GMT
            Not After : Jul 13 10:54:13 2026 GMT
        Subject: CN=033B34CB2739B9ACC250A97EEA722250FF94F0F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1e:09:82:ef:f5:13:84:55:9f:10:72:8f:fc:
                    c7:fa:6c:95:a5:3b:8f:b7:4d:c5:78:2e:0e:bf:52:
                    3a:ec:6a:22:ad:6a:25:fc:7d:d2:0f:25:46:42:de:
                    18:fb:64:eb:42:89:66:df:b8:77:1f:7a:67:c7:ac:
                    a9:47:82:3e:d5:e3:cc:dc:a9:51:0d:5d:ed:f6:d4:
                    f5:2f:fe:a2:81:aa:59:2d:d0:9b:02:28:42:36:e8:
                    b8:66:16:69:7f:25:4f:78:75:b1:ab:0e:f4:65:db:
                    68:cd:b0:50:a6:63:31:be:8d:6f:5d:fe:d8:45:7b:
                    c1:d8:4c:5a:a8:6a:3a:de:92:7d:05:0b:07:4f:51:
                    75:57:b4:11:5d:d1:b2:bc:b7:6a:eb:d2:04:fc:d3:
                    01:88:02:a3:cb:21:a0:80:a9:a7:10:5e:dc:93:e2:
                    7b:64:54:12:fd:75:fb:82:c0:45:e2:07:c3:1b:22:
                    f1:f2:27:a3:ba:47:5b:9e:1c:10:e2:33:4c:ce:96:
                    a1:db:3e:df:aa:23:63:7c:fc:e7:f8:ff:35:d6:c4:
                    4d:37:91:38:2c:73:5f:2c:bd:f9:c5:49:f5:64:b8:
                    49:31:46:3b:96:4c:73:27:da:b8:d2:de:22:76:f3:
                    5a:48:ae:d4:24:6d:79:24:02:4e:cf:08:88:51:92:
                    6b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:3B:34:CB:27:39:B9:AC:C2:50:A9:7E:EA:72:22:50:FF:94:F0:F0
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ba:ce:13:59:00:79:2f:94:9b:ec:d4:bb:19:dc:06:98:59:
         3a:c1:7d:ca:07:f0:26:f4:75:6e:01:6c:f0:9c:56:0f:6c:75:
         cc:81:62:24:50:91:d2:d8:f4:0f:3f:d9:d7:39:e7:15:2c:3f:
         9e:4b:aa:37:47:04:a1:5c:01:1d:50:54:fe:b7:b2:1a:80:32:
         a7:29:32:66:7f:54:54:e3:46:6d:18:52:83:c7:3a:25:e2:2b:
         11:45:b5:f7:12:c6:48:84:5a:2e:16:a7:fb:53:ed:67:47:9c:
         0f:93:36:0f:b1:99:0a:53:01:37:14:df:e3:bb:bf:54:0f:9d:
         10:83:50:75:63:72:ef:36:95:cd:1b:9e:e0:bb:dc:ef:d9:f9:
         1b:7d:90:e2:1c:c5:55:93:8b:0b:8f:30:f9:11:15:f4:64:0d:
         4f:46:4b:a9:92:bd:b7:91:4a:f4:19:fe:ab:48:51:4a:a0:f1:
         d2:cb:c6:c6:27:66:d4:81:6f:93:a7:28:2f:28:24:f3:80:1a:
         e5:65:7b:e9:6e:62:f0:be:27:8e:ef:78:84:ab:89:1a:79:22:
         cb:ef:3c:a5:89:19:4b:a3:bd:23:23:3e:7c:4a:10:21:f3:67:
         b1:5e:82:a0:ee:cc:5c:11:d5:99:d0:75:e9:8c:ce:5f:f4:5a:
         1e:27:66:dd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfAMDKZdec+wSbFBGguW0s8jOMXIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA3MTQxMDQ5MTNaFw0yNjA3MTMxMDU0MTNaMDMxMTAvBgNV
BAMTKDAzM0IzNENCMjczOUI5QUNDMjUwQTk3RUVBNzIyMjUwRkY5NEYwRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxHgmC7/UThFWfEHKP/Mf6bJWl
O4+3TcV4Lg6/UjrsaiKtaiX8fdIPJUZC3hj7ZOtCiWbfuHcfemfHrKlHgj7V48zc
qVENXe321PUv/qKBqlkt0JsCKEI26LhmFml/JU94dbGrDvRl22jNsFCmYzG+jW9d
/thFe8HYTFqoajrekn0FCwdPUXVXtBFd0bK8t2rr0gT80wGIAqPLIaCAqacQXtyT
4ntkVBL9dfuCwEXiB8MbIvHyJ6O6R1ueHBDiM0zOlqHbPt+qI2N8/Of4/zXWxE03
kTgsc18svfnFSfVkuEkxRjuWTHMn2rjS3iJ281pIrtQkbXkkAk7PCIhRkmvzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUAzs0yyc5uazCUKl+6nIiUP+U8PAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzIxODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDFGMw
DQYJKoZIhvcNAQELBQADggEBAAO6zhNZAHkvlJvs1LsZ3AaYWTrBfcoH8Cb0dW4B
bPCcVg9sdcyBYiRQkdLY9A8/2dc55xUsP55LqjdHBKFcAR1QVP63shqAMqcpMmZ/
VFTjRm0YUoPHOiXiKxFFtfcSxkiEWi4Wp/tT7WdHnA+TNg+xmQpTATcU3+O7v1QP
nRCDUHVjcu82lc0bnuC73O/Z+Rt9kOIcxVWTiwuPMPkRFfRkDU9GS6mSvbeRSvQZ
/qtIUUqg8dLLxsYnZtSBb5OnKC8oJPOAGuVle+luYvC+J47veISriRp5IsvvPKWJ
GUujvSMjPnxKECHzZ7FegqDuzFwR1ZnQdemMzl/0Wh4nZt0=
-----END CERTIFICATE-----