Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131372e302f32342d3234203d3e20383334.roa
File:                     39332e39352e3131372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Da7MtNXfaGWtyWuJ4Cd8jiGYaRUpEsydY/C/EgOvrtk=
Subject key identifier:   8B:0C:42:12:73:C4:3E:48:7E:97:B1:3D:62:8C:D3:EA:CA:4A:C8:A6
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       7C9B64FB241C13E20F838F260961401D60134FB1
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131372e302f32342d3234203d3e20383334.roa
Signing time:             Sat 01 Jun 2024 10:07:47 +0000
ROA not before:           Sat 01 Jun 2024 10:02:47 +0000
ROA not after:            Sat 31 May 2025 10:07:47 +0000
asID:                     834
IP address blocks:        93.95.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:9b:64:fb:24:1c:13:e2:0f:83:8f:26:09:61:40:1d:60:13:4f:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Jun  1 10:02:47 2024 GMT
            Not After : May 31 10:07:47 2025 GMT
        Subject: CN=8B0C421273C43E487E97B13D628CD3EACA4AC8A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c3:3c:7d:8a:76:33:09:a6:ff:c4:b4:e8:8f:
                    eb:0e:40:be:5e:f3:8d:3f:ba:a7:4e:6c:73:c3:90:
                    5a:5e:ea:b3:0c:01:5e:a5:3e:42:00:7c:20:36:1f:
                    a9:ab:19:e3:b1:89:a7:bb:98:95:cb:53:d5:b6:56:
                    a7:73:a1:21:22:c8:59:a5:60:d6:a5:0d:e2:2e:0f:
                    0d:5f:65:6a:80:5b:91:82:46:ef:0f:d8:6d:fa:b2:
                    9b:a7:02:f4:1a:d7:30:eb:39:01:ff:a6:21:0b:ca:
                    0d:5a:55:ab:c9:3d:90:88:5a:2f:1d:44:3e:0e:1a:
                    68:85:d3:92:ff:b7:33:c4:65:da:74:76:02:ee:4e:
                    36:e3:97:45:69:69:d7:17:ad:49:ed:ea:d1:88:40:
                    22:77:0f:1d:1c:f9:79:f0:06:d4:65:5a:7b:05:3b:
                    ca:ee:c9:90:7a:a5:d5:20:f3:b0:2b:54:f9:22:81:
                    3a:62:77:5f:35:c3:95:cf:90:f7:8b:15:c9:35:b8:
                    eb:74:7e:25:7f:65:5c:98:02:6f:0a:0b:09:0e:0b:
                    8d:18:80:7c:99:e1:ef:46:b9:24:85:ef:23:46:d5:
                    c4:d1:18:00:03:77:b1:19:3a:cb:f4:e2:0f:ad:7e:
                    cf:0a:27:f7:fb:9d:dc:8a:1a:2d:7c:79:b0:ad:87:
                    b6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0C:42:12:73:C4:3E:48:7E:97:B1:3D:62:8C:D3:EA:CA:4A:C8:A6
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:1b:fc:40:95:cf:f3:af:57:22:ef:4e:77:d0:62:8b:8b:25:
         32:ce:8d:53:e7:59:8d:1d:d5:57:88:4f:2d:58:ad:96:d2:14:
         4c:d9:8f:1a:c9:2d:af:3e:d4:84:6f:1c:67:dc:67:5d:de:ae:
         b7:5c:44:01:78:0c:5a:ed:14:c3:43:10:3d:69:89:30:dc:70:
         83:4a:d4:3c:6c:df:94:3e:f7:1e:3c:a3:a3:08:4b:3b:42:47:
         1a:65:6e:ed:b2:c3:7f:df:26:34:76:06:84:38:9a:a3:33:7d:
         12:6e:89:50:4b:33:73:74:b9:8f:c6:73:f7:6b:50:1f:53:a3:
         cf:03:c3:03:14:aa:27:41:b5:cd:7b:40:e8:5e:ad:77:93:ca:
         d5:29:e1:a3:40:a6:be:91:92:af:dc:b5:c6:4a:d4:43:cb:a1:
         46:d8:ff:3c:1b:bd:d0:3b:26:8f:0f:3e:e2:19:86:8f:6e:6b:
         25:b3:eb:bc:b1:5b:93:c9:16:80:fa:65:e0:ab:ef:b6:8c:41:
         84:17:21:fd:99:3a:af:79:5e:e4:01:eb:f5:c6:dd:a4:a7:ba:
         06:fd:42:88:64:88:d7:76:18:b8:c5:04:8a:08:8e:81:57:b7:
         7a:e2:86:d9:43:6e:40:19:41:ee:fe:84:07:a4:98:41:a9:0a:
         21:d0:c1:8f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUfJtk+yQcE+IPg48mCWFAHWATT7EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNDA2MDExMDAyNDdaFw0yNTA1MzExMDA3NDdaMDMxMTAvBgNV
BAMTKDhCMEM0MjEyNzNDNDNFNDg3RTk3QjEzRDYyOENEM0VBQ0E0QUM4QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvwzx9inYzCab/xLToj+sOQL5e
840/uqdObHPDkFpe6rMMAV6lPkIAfCA2H6mrGeOxiae7mJXLU9W2VqdzoSEiyFml
YNalDeIuDw1fZWqAW5GCRu8P2G36spunAvQa1zDrOQH/piELyg1aVavJPZCIWi8d
RD4OGmiF05L/tzPEZdp0dgLuTjbjl0VpadcXrUnt6tGIQCJ3Dx0c+XnwBtRlWnsF
O8ruyZB6pdUg87ArVPkigTpid181w5XPkPeLFck1uOt0fiV/ZVyYAm8KCwkOC40Y
gHyZ4e9GuSSF7yNG1cTRGAADd7EZOsv04g+tfs8KJ/f7ndyKGi18ebCth7ZtAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUiwxCEnPEPkh+l7E9YozT6spKyKYwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV91MA0G
CSqGSIb3DQEBCwUAA4IBAQAUG/xAlc/zr1ci70530GKLiyUyzo1T51mNHdVXiE8t
WK2W0hRM2Y8ayS2vPtSEbxxn3Gdd3q63XEQBeAxa7RTDQxA9aYkw3HCDStQ8bN+U
PvcePKOjCEs7QkcaZW7tssN/3yY0dgaEOJqjM30SbolQSzNzdLmPxnP3a1AfU6PP
A8MDFKonQbXNe0DoXq13k8rVKeGjQKa+kZKv3LXGStRDy6FG2P88G73QOyaPDz7i
GYaPbmsls+u8sVuTyRaA+mXgq++2jEGEFyH9mTqveV7kAev1xt2kp7oG/UKIZIjX
dhi4xQSKCI6BV7d64obZQ25AGUHu/oQHpJhBqQoh0MGP
-----END CERTIFICATE-----