Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131362e302f32342d3234203d3e203630373831.roa
File:                     39332e39352e3131362e302f32342d3234203d3e203630373831.roa (raw, json)
Hash identifier:          RemJBJ6qV5Azy9X+rQ6w+aIEaM9WgYev/YWHahVSpmQ=
Subject key identifier:   1A:F5:F3:3F:4A:DB:CA:6B:44:BF:0A:61:E9:5E:11:7A:69:43:6D:68
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       238C8AEBAB9B4B4788D38D542035CBE2A9E02B90
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131362e302f32342d3234203d3e203630373831.roa
Signing time:             Tue 28 Nov 2023 13:34:06 +0000
ROA not before:           Tue 28 Nov 2023 13:29:06 +0000
ROA not after:            Tue 26 Nov 2024 13:34:06 +0000
asID:                     60781
IP address blocks:        93.95.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:8c:8a:eb:ab:9b:4b:47:88:d3:8d:54:20:35:cb:e2:a9:e0:2b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Nov 28 13:29:06 2023 GMT
            Not After : Nov 26 13:34:06 2024 GMT
        Subject: CN=1AF5F33F4ADBCA6B44BF0A61E95E117A69436D68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d2:7d:3f:41:e9:c3:57:aa:77:53:3a:60:91:
                    df:1c:a1:07:04:d4:7d:60:89:cb:a1:00:04:5b:8c:
                    11:fe:67:9d:dc:61:47:d8:d8:28:f4:41:51:8d:e0:
                    1e:10:56:ca:81:c4:6d:7d:70:7a:4b:08:82:8d:0b:
                    38:f0:63:78:fd:14:a1:e0:71:43:28:ea:1c:4e:73:
                    b0:7b:66:87:19:5c:d1:3f:6b:d1:a2:d3:b3:e0:95:
                    5d:e8:b4:20:0b:96:bb:c9:a4:66:a7:d9:16:2b:bf:
                    cc:78:cf:85:38:8f:73:3e:c1:c2:3a:1d:ca:67:0e:
                    14:e7:d9:f2:ce:11:58:62:eb:90:d5:34:3e:9e:63:
                    9b:25:39:cf:58:69:9a:09:39:ed:ed:4c:94:19:57:
                    6b:98:8d:14:37:3d:19:6f:b6:84:ed:25:0e:9a:3c:
                    98:36:56:d5:4c:10:3b:81:a3:43:ec:cb:8a:e8:a9:
                    d8:7a:12:3d:0a:d7:d3:43:44:21:3d:09:00:3d:d3:
                    de:49:01:07:25:ca:0f:24:e2:6a:1d:09:82:aa:3b:
                    70:a1:62:05:f1:7b:67:69:52:c5:1b:ef:00:eb:5f:
                    d0:93:d0:f9:d7:af:2a:48:fc:9a:4c:9b:0b:07:9f:
                    30:f2:52:a0:31:d6:96:54:98:e1:2b:63:4d:b6:e3:
                    e1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F5:F3:3F:4A:DB:CA:6B:44:BF:0A:61:E9:5E:11:7A:69:43:6D:68
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131362e302f32342d3234203d3e203630373831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:22:f6:af:7d:a4:f1:61:7f:df:81:43:4c:41:45:5d:06:2f:
         47:9f:cb:af:1b:64:db:e9:1a:12:30:f0:39:64:ef:e3:f0:a7:
         38:2f:8a:ae:30:bc:6c:c5:8a:a3:e6:ae:e0:08:55:de:97:40:
         9c:e1:e4:63:3c:43:c2:b8:d3:2f:bf:06:aa:87:c1:ac:47:36:
         48:48:b1:26:fc:15:64:8d:6a:97:97:4e:9f:a8:33:8f:18:20:
         fb:4d:c2:62:4f:cf:42:1e:2b:34:92:1b:0f:8b:87:94:73:80:
         c1:11:88:a5:18:bf:00:25:6e:2f:bf:7d:16:0f:f7:64:b1:7b:
         1d:f4:f8:91:9a:64:33:79:a9:14:59:a5:06:a4:ec:5c:77:7f:
         94:c0:15:b2:2f:3e:61:d9:8f:e2:81:70:0d:9d:9a:8a:95:2d:
         87:04:f5:c1:4c:df:4e:ac:d1:c7:0d:83:48:52:9b:ca:bc:ad:
         72:7d:56:06:f2:6d:aa:32:10:9b:a8:aa:de:be:c3:ac:44:d0:
         47:79:b5:ea:f7:37:a1:7c:6f:3b:1e:a0:ff:6c:93:03:04:49:
         92:85:3f:47:71:59:d8:0c:c6:a1:13:32:b5:12:70:f3:75:dc:
         18:e7:96:12:eb:3a:19:ac:c7:05:9c:03:9f:e0:f9:00:e3:f9:
         b4:9a:84:d1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUI4yK66ubS0eI041UIDXL4qngK5AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yMzExMjgxMzI5MDZaFw0yNDExMjYxMzM0MDZaMDMxMTAvBgNV
BAMTKDFBRjVGMzNGNEFEQkNBNkI0NEJGMEE2MUU5NUUxMTdBNjk0MzZENjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX0n0/QenDV6p3Uzpgkd8coQcE
1H1gicuhAARbjBH+Z53cYUfY2Cj0QVGN4B4QVsqBxG19cHpLCIKNCzjwY3j9FKHg
cUMo6hxOc7B7ZocZXNE/a9Gi07PglV3otCALlrvJpGan2RYrv8x4z4U4j3M+wcI6
HcpnDhTn2fLOEVhi65DVND6eY5slOc9YaZoJOe3tTJQZV2uYjRQ3PRlvtoTtJQ6a
PJg2VtVMEDuBo0Psy4roqdh6Ej0K19NDRCE9CQA9095JAQclyg8k4modCYKqO3Ch
YgXxe2dpUsUb7wDrX9CT0PnXrypI/JpMmwsHnzDyUqAx1pZUmOErY0224+EnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGvXzP0rbymtEvwph6V4RemlDbWgwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1f
dDANBgkqhkiG9w0BAQsFAAOCAQEAYSL2r32k8WF/34FDTEFFXQYvR5/Lrxtk2+ka
EjDwOWTv4/CnOC+KrjC8bMWKo+au4AhV3pdAnOHkYzxDwrjTL78GqofBrEc2SEix
JvwVZI1ql5dOn6gzjxgg+03CYk/PQh4rNJIbD4uHlHOAwRGIpRi/ACVuL799Fg/3
ZLF7HfT4kZpkM3mpFFmlBqTsXHd/lMAVsi8+YdmP4oFwDZ2aipUthwT1wUzfTqzR
xw2DSFKbyrytcn1WBvJtqjIQm6iq3r7DrETQR3m16vc3oXxvOx6g/2yTAwRJkoU/
R3FZ2AzGoRMytRJw83XcGOeWEus6GazHBZwDn+D5AOP5tJqE0Q==
-----END CERTIFICATE-----