Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e2035303635.roa
File:                     39332e39352e3131342e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          1SASXyExgQ4b5WPRHANM/0yVmAfZqeVHh1az/LQOJxE=
Subject key identifier:   9F:B1:7E:8C:56:CB:92:C2:1F:F5:D5:04:43:8C:61:53:A8:3B:43:82
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       1F0F7AC9A9D75315ED1AD81DD27355EE5CD07093
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e2035303635.roa
Signing time:             Sun 07 Apr 2024 12:53:01 +0000
ROA not before:           Sun 07 Apr 2024 12:48:01 +0000
ROA not after:            Sun 06 Apr 2025 12:53:01 +0000
asID:                     5065
IP address blocks:        93.95.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:0f:7a:c9:a9:d7:53:15:ed:1a:d8:1d:d2:73:55:ee:5c:d0:70:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Apr  7 12:48:01 2024 GMT
            Not After : Apr  6 12:53:01 2025 GMT
        Subject: CN=9FB17E8C56CB92C21FF5D504438C6153A83B4382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d6:f1:df:59:2b:0c:4e:a7:31:54:6a:1e:1a:
                    e8:9e:db:70:be:42:df:3d:7f:21:f3:f3:75:11:3e:
                    ba:98:a9:9c:e8:13:86:1c:30:27:f9:a3:43:7e:c8:
                    68:e3:0a:70:cc:eb:52:88:3b:f5:72:a3:cb:ce:e9:
                    35:fb:93:ca:a6:8f:31:6c:57:7e:15:dc:ed:fd:e0:
                    43:e4:79:37:6a:80:29:f4:50:e2:0e:82:23:11:89:
                    d6:c3:2a:45:52:eb:60:7c:62:01:3f:16:90:e4:e0:
                    87:61:65:f8:55:88:08:2b:b8:07:9a:9b:ca:8e:50:
                    df:83:f7:d8:26:2c:04:40:e7:fa:93:cd:9f:b2:5f:
                    ba:89:9c:d7:8f:ed:5a:62:58:17:8e:42:91:15:d4:
                    e8:9c:a4:9c:2d:e0:07:74:52:ec:38:8b:80:af:58:
                    a7:99:b4:60:5f:6c:6c:e3:cb:01:1b:0b:00:67:48:
                    37:a8:e7:ec:74:7e:38:4c:81:3f:e1:a3:c2:d7:b3:
                    c3:c0:72:1d:03:54:e3:6e:68:17:95:4b:b0:50:96:
                    05:b1:cc:9c:51:67:b3:7e:f6:b2:0d:29:93:02:79:
                    45:fe:15:cf:18:6e:d2:8f:52:44:84:20:d6:f3:fe:
                    b0:9e:ef:04:08:48:63:07:c2:42:1f:a8:d9:d3:03:
                    10:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:B1:7E:8C:56:CB:92:C2:1F:F5:D5:04:43:8C:61:53:A8:3B:43:82
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131342e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:35:bd:5a:7f:6a:55:76:b5:ea:5c:68:68:7d:f2:e9:a6:5a:
         9f:15:49:14:7a:e0:35:ad:71:07:60:8f:aa:87:f7:04:d5:9b:
         0a:ff:8c:1e:23:7c:10:05:4b:ce:72:8b:c6:46:b5:fb:ca:19:
         ad:42:f0:f5:49:4e:1c:39:18:3c:a9:1b:cc:79:d9:35:a6:60:
         f1:8b:c5:ca:17:76:8f:9c:5a:82:01:2e:96:9f:88:b9:33:b3:
         76:55:92:05:e4:65:f2:cb:f2:af:95:96:3f:4b:a5:fb:fb:38:
         c3:d2:eb:0a:50:a8:28:40:db:b4:58:75:9c:26:73:9c:fc:64:
         ab:02:04:1d:94:90:1b:d2:af:17:4d:19:a8:cf:6e:7b:45:c0:
         b4:3a:f7:00:fc:2a:dd:f2:db:31:c1:82:ed:d4:d1:84:d2:7e:
         1e:8d:61:12:0d:28:8d:f4:85:79:1e:d5:bf:85:75:24:c1:a6:
         1a:b2:aa:a9:6e:0b:e5:f2:bc:77:29:e5:cb:60:3c:e5:e6:52:
         18:d3:d7:cb:95:f4:e7:04:9c:cb:57:25:9b:f0:7b:de:9c:f5:
         c6:a9:ed:e5:0e:46:a6:bb:af:aa:4d:ae:60:af:b3:88:c1:07:
         50:e4:f9:5e:81:88:91:9e:28:76:d2:23:8f:f3:15:da:a6:a2:
         93:86:77:25
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHw96yanXUxXtGtgd0nNV7lzQcJMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNDA0MDcxMjQ4MDFaFw0yNTA0MDYxMjUzMDFaMDMxMTAvBgNV
BAMTKDlGQjE3RThDNTZDQjkyQzIxRkY1RDUwNDQzOEM2MTUzQTgzQjQzODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC01vHfWSsMTqcxVGoeGuie23C+
Qt89fyHz83URPrqYqZzoE4YcMCf5o0N+yGjjCnDM61KIO/Vyo8vO6TX7k8qmjzFs
V34V3O394EPkeTdqgCn0UOIOgiMRidbDKkVS62B8YgE/FpDk4IdhZfhViAgruAea
m8qOUN+D99gmLARA5/qTzZ+yX7qJnNeP7VpiWBeOQpEV1OicpJwt4Ad0Uuw4i4Cv
WKeZtGBfbGzjywEbCwBnSDeo5+x0fjhMgT/ho8LXs8PAch0DVONuaBeVS7BQlgWx
zJxRZ7N+9rINKZMCeUX+Fc8YbtKPUkSEINbz/rCe7wQISGMHwkIfqNnTAxB5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUn7F+jFbLksIf9dUEQ4xhU6g7Q4IwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABdX3Iw
DQYJKoZIhvcNAQELBQADggEBAHQ1vVp/alV2tepcaGh98ummWp8VSRR64DWtcQdg
j6qH9wTVmwr/jB4jfBAFS85yi8ZGtfvKGa1C8PVJThw5GDypG8x52TWmYPGLxcoX
do+cWoIBLpafiLkzs3ZVkgXkZfLL8q+Vlj9Lpfv7OMPS6wpQqChA27RYdZwmc5z8
ZKsCBB2UkBvSrxdNGajPbntFwLQ69wD8Kt3y2zHBgu3U0YTSfh6NYRINKI30hXke
1b+FdSTBphqyqqluC+XyvHcp5ctgPOXmUhjT18uV9OcEnMtXJZvwe96c9cap7eUO
Rqa7r6pNrmCvs4jBB1Dk+V6BiJGeKHbSI4/zFdqmopOGdyU=
-----END CERTIFICATE-----
Generated at Thu Nov 21 16:18:00 2024 by rpki-client on console-fra.rpki-client.org