Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131332e302f32342d3234203d3e203336353330.roa
File:                     39332e39352e3131332e302f32342d3234203d3e203336353330.roa (raw, json)
Hash identifier:          WyeMvj48S3DmhapxMcgEhguMxJ08HH/YYmlmV7bxS+g=
Subject key identifier:   55:62:A8:B2:37:81:A5:09:16:ED:9E:3B:A8:08:95:F2:75:84:AA:D0
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       51FB0FA0ACBAB5F615B5A883C8E7A85CB08B8F97
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131332e302f32342d3234203d3e203336353330.roa
Signing time:             Thu 10 Oct 2024 10:07:09 +0000
ROA not before:           Thu 10 Oct 2024 10:02:09 +0000
ROA not after:            Thu 09 Oct 2025 10:07:09 +0000
asID:                     36530
IP address blocks:        93.95.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:fb:0f:a0:ac:ba:b5:f6:15:b5:a8:83:c8:e7:a8:5c:b0:8b:8f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Oct 10 10:02:09 2024 GMT
            Not After : Oct  9 10:07:09 2025 GMT
        Subject: CN=5562A8B23781A50916ED9E3BA80895F27584AAD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:49:85:45:ba:f9:93:09:7a:d9:97:72:01:e8:
                    db:30:46:8e:b0:35:0c:7e:b5:47:55:56:35:7c:59:
                    3f:5f:e4:4b:1b:f5:d9:97:d1:9c:24:d3:b0:5a:f4:
                    63:25:df:23:dd:4d:8f:f4:88:a0:68:f4:b1:79:2e:
                    53:91:6e:d9:a6:96:5b:66:ae:38:c9:ef:18:af:34:
                    e7:f9:4e:e6:6e:d5:5e:4c:72:a5:2c:96:11:26:69:
                    97:5d:d0:bd:b7:8c:2a:4e:8c:f2:33:7e:ac:61:45:
                    f1:7a:eb:ef:b7:8b:53:83:21:a4:b3:e8:e0:29:85:
                    91:1a:4b:88:44:39:74:7e:dc:84:ed:52:7c:89:b9:
                    2a:e1:b1:d3:12:ea:25:8f:1f:54:38:a8:bc:44:00:
                    f7:f4:08:47:33:4c:89:af:79:09:31:6d:a1:b5:df:
                    75:1d:7e:2a:fb:40:c5:b3:94:14:fa:21:16:da:f0:
                    9a:0d:3f:6e:80:e9:3b:41:4a:ff:3a:f5:8e:32:d1:
                    75:8c:7a:2e:c6:84:80:66:a9:64:75:5d:49:c7:dd:
                    d7:70:92:63:3e:54:6a:ce:06:31:e7:16:26:c9:69:
                    96:e2:29:77:9e:f8:e5:c0:e3:30:59:c0:3b:24:21:
                    51:a3:90:d0:a6:2a:f2:1c:9c:af:66:42:78:fc:9f:
                    f3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:62:A8:B2:37:81:A5:09:16:ED:9E:3B:A8:08:95:F2:75:84:AA:D0
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131332e302f32342d3234203d3e203336353330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:21:89:5c:4c:a3:94:04:3f:68:98:a5:93:30:a6:e0:13:eb:
         c3:d5:e8:0a:33:eb:a4:d3:7b:32:34:d1:3c:22:d6:9c:a7:db:
         30:7c:0e:cd:14:e7:da:48:f4:6a:7d:2c:6b:60:d9:29:de:f6:
         3c:75:63:ed:89:e6:68:1a:3a:8d:c5:87:61:69:54:c1:b3:b4:
         28:79:61:77:38:42:5e:10:4c:ef:d8:f0:6a:49:ee:69:d0:c3:
         25:bd:43:61:e0:2e:3b:3c:22:a6:9a:4a:bb:ff:b1:4d:79:cd:
         84:2e:a6:e6:78:e7:cb:40:c0:8c:d0:f5:ca:23:e8:39:b4:da:
         22:c5:17:3d:3a:e6:49:50:17:81:7f:45:d9:ae:ed:e6:de:1d:
         c2:04:ed:53:a8:e4:0c:dd:f5:14:8a:29:9b:7b:1d:58:e4:6d:
         40:60:fe:e2:a5:95:0b:81:88:93:43:21:99:f3:26:5f:78:ff:
         18:55:49:fa:e7:84:dc:cd:fa:a7:90:98:ab:48:f9:a4:77:3f:
         56:c9:99:c7:2b:93:03:6d:1f:b2:85:51:64:e2:f8:25:24:8f:
         bd:12:de:c5:86:e7:3a:e6:f3:08:8f:5a:46:72:e7:d2:31:0f:
         3f:ef:21:45:0c:10:dd:da:30:7b:76:db:1a:cb:0e:5e:36:d3:
         d7:f0:ba:d6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUfsPoKy6tfYVtaiDyOeoXLCLj5cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNDEwMTAxMDAyMDlaFw0yNTEwMDkxMDA3MDlaMDMxMTAvBgNV
BAMTKDU1NjJBOEIyMzc4MUE1MDkxNkVEOUUzQkE4MDg5NUYyNzU4NEFBRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKSYVFuvmTCXrZl3IB6NswRo6w
NQx+tUdVVjV8WT9f5Esb9dmX0Zwk07Ba9GMl3yPdTY/0iKBo9LF5LlORbtmmlltm
rjjJ7xivNOf5TuZu1V5McqUslhEmaZdd0L23jCpOjPIzfqxhRfF66++3i1ODIaSz
6OAphZEaS4hEOXR+3ITtUnyJuSrhsdMS6iWPH1Q4qLxEAPf0CEczTImveQkxbaG1
33Udfir7QMWzlBT6IRba8JoNP26A6TtBSv869Y4y0XWMei7GhIBmqWR1XUnH3ddw
kmM+VGrOBjHnFibJaZbiKXee+OXA4zBZwDskIVGjkNCmKvIcnK9mQnj8n/M/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVWKosjeBpQkW7Z47qAiV8nWEqtAwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzNjM1MzMzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1f
cTANBgkqhkiG9w0BAQsFAAOCAQEATyGJXEyjlAQ/aJilkzCm4BPrw9XoCjPrpNN7
MjTRPCLWnKfbMHwOzRTn2kj0an0sa2DZKd72PHVj7YnmaBo6jcWHYWlUwbO0KHlh
dzhCXhBM79jwaknuadDDJb1DYeAuOzwipppKu/+xTXnNhC6m5njny0DAjND1yiPo
ObTaIsUXPTrmSVAXgX9F2a7t5t4dwgTtU6jkDN31FIopm3sdWORtQGD+4qWVC4GI
k0MhmfMmX3j/GFVJ+ueE3M36p5CYq0j5pHc/VsmZxyuTA20fsoVRZOL4JSSPvRLe
xYbnOubzCI9aRnLn0jEPP+8hRQwQ3dowe3bbGssOXjbT1/C61g==
-----END CERTIFICATE-----