Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131362e302f32342d3234203d3e203630373831.roa
File:                     39332e39352e3131362e302f32342d3234203d3e203630373831.roa (raw, json)
Hash identifier:          bvqtExc4o5GUJzraVc9CM0CC2GO3x6c+ohx4q9G/dgk=
Subject key identifier:   9E:99:07:9B:D4:4D:69:63:B1:6C:7A:59:58:14:8A:39:67:18:67:87
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       76CCA99EA8D374A6C96A6EE1883B98EDA216DBC6
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131362e302f32342d3234203d3e203630373831.roa
Signing time:             Tue 29 Oct 2024 13:43:25 +0000
ROA not before:           Tue 29 Oct 2024 13:38:25 +0000
ROA not after:            Tue 28 Oct 2025 13:43:25 +0000
asID:                     60781
IP address blocks:        93.95.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:cc:a9:9e:a8:d3:74:a6:c9:6a:6e:e1:88:3b:98:ed:a2:16:db:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Oct 29 13:38:25 2024 GMT
            Not After : Oct 28 13:43:25 2025 GMT
        Subject: CN=9E99079BD44D6963B16C7A5958148A3967186787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6e:3e:a4:c5:06:97:db:22:e8:83:ec:3e:28:
                    a7:fb:ec:07:cb:65:ed:c0:f7:30:67:18:bc:66:f8:
                    6b:f6:08:a5:34:55:fc:9e:bd:8f:0a:6c:fd:92:9f:
                    8d:e2:71:e9:1b:35:87:cb:4c:db:69:dc:c6:8f:34:
                    73:a3:0a:8d:6e:b1:bc:e3:c3:cd:20:c7:6d:43:69:
                    32:f6:f7:8e:a8:3c:88:2d:de:c0:b0:a3:0f:d7:03:
                    08:c6:79:a6:da:69:be:1a:dd:d3:62:26:a4:7a:2e:
                    25:3e:82:29:e5:68:08:ef:29:fe:aa:f3:db:e4:82:
                    87:ce:9b:e3:14:74:20:ee:a9:21:ee:8e:ef:1a:9f:
                    e1:13:d1:63:70:4e:03:5e:ed:b3:e4:a0:78:4f:ca:
                    24:5f:fc:d4:71:b3:3a:39:93:a9:9a:4e:68:3c:9a:
                    7d:93:ce:3b:9f:b2:b2:82:ac:cf:44:8b:39:6e:45:
                    d3:0d:fa:b9:9f:bf:13:1a:19:4d:ac:11:97:e2:4d:
                    32:76:fe:55:56:aa:ea:ba:57:70:f5:df:12:03:17:
                    4c:05:8a:1b:e0:2a:cf:f9:c6:2d:36:33:6a:5f:3c:
                    3f:b8:bd:52:57:c2:b1:4c:70:c3:c4:ca:df:ea:50:
                    53:e1:fd:2a:dc:95:ee:ca:f3:47:3c:3a:4a:47:f0:
                    de:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:99:07:9B:D4:4D:69:63:B1:6C:7A:59:58:14:8A:39:67:18:67:87
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131362e302f32342d3234203d3e203630373831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:01:18:17:6b:3f:2a:34:4a:36:88:72:23:67:cd:d9:c3:91:
         8e:c0:d5:69:3c:fb:53:45:ed:f8:76:96:47:19:5c:88:e3:3f:
         e1:de:32:88:fb:df:37:e1:b2:c9:9f:7b:e5:a9:4b:41:ab:45:
         72:4c:b2:ad:e2:37:fb:ed:f0:38:2c:b2:52:10:8c:c8:9e:75:
         bf:d5:23:5b:db:a5:a9:ba:02:74:5b:7c:63:12:8a:b1:4b:a6:
         d8:5d:6f:e7:fd:bf:a8:98:30:3f:b8:5a:a4:10:49:01:b6:4b:
         66:7e:7b:24:9f:d6:41:b7:7c:81:a6:ad:76:a5:e1:38:ab:87:
         9d:49:a4:1f:0b:85:cc:95:b1:1c:a8:c7:ab:1f:87:4f:27:e8:
         79:e2:74:d0:c2:0c:c1:f6:29:a9:69:74:bb:33:6f:5d:e0:c5:
         24:6d:ec:19:3a:02:91:d8:df:54:e5:93:09:57:f3:5c:c3:aa:
         48:e9:c1:a2:1b:34:f1:5e:2c:a0:e7:c1:3b:1f:f9:e2:dc:b3:
         03:99:a1:f3:24:9b:94:78:0b:e0:c9:01:0c:cd:ae:48:dc:0f:
         50:74:0e:8b:65:39:8a:17:6c:23:d6:2c:09:81:54:1c:10:2e:
         a9:af:fa:96:bd:ae:6b:8a:20:a8:2f:18:80:47:ec:52:08:23:
         92:a5:51:d1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdsypnqjTdKbJam7hiDuY7aIW28YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNDEwMjkxMzM4MjVaFw0yNTEwMjgxMzQzMjVaMDMxMTAvBgNV
BAMTKDlFOTkwNzlCRDQ0RDY5NjNCMTZDN0E1OTU4MTQ4QTM5NjcxODY3ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRbj6kxQaX2yLog+w+KKf77AfL
Ze3A9zBnGLxm+Gv2CKU0VfyevY8KbP2Sn43icekbNYfLTNtp3MaPNHOjCo1usbzj
w80gx21DaTL2946oPIgt3sCwow/XAwjGeabaab4a3dNiJqR6LiU+ginlaAjvKf6q
89vkgofOm+MUdCDuqSHuju8an+ET0WNwTgNe7bPkoHhPyiRf/NRxszo5k6maTmg8
mn2TzjufsrKCrM9EizluRdMN+rmfvxMaGU2sEZfiTTJ2/lVWquq6V3D13xIDF0wF
ihvgKs/5xi02M2pfPD+4vVJXwrFMcMPEyt/qUFPh/Srcle7K80c8OkpH8N5/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnpkHm9RNaWOxbHpZWBSKOWcYZ4cwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1f
dDANBgkqhkiG9w0BAQsFAAOCAQEAcQEYF2s/KjRKNohyI2fN2cORjsDVaTz7U0Xt
+HaWRxlciOM/4d4yiPvfN+GyyZ975alLQatFckyyreI3++3wOCyyUhCMyJ51v9Uj
W9ulqboCdFt8YxKKsUum2F1v5/2/qJgwP7hapBBJAbZLZn57JJ/WQbd8gaatdqXh
OKuHnUmkHwuFzJWxHKjHqx+HTyfoeeJ00MIMwfYpqWl0uzNvXeDFJG3sGToCkdjf
VOWTCVfzXMOqSOnBohs08V4soOfBOx/54tyzA5mh8ySblHgL4MkBDM2uSNwPUHQO
i2U5ihdsI9YsCYFUHBAuqa/6lr2ua4ogqC8YgEfsUggjkqVR0Q==
-----END CERTIFICATE-----