Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131372e302f32342d3234203d3e203633313939.roa
File:                     39332e39352e3131372e302f32342d3234203d3e203633313939.roa (raw, json)
Hash identifier:          2o2IrH+YjFOXIYA8yjafAYSAeGOyzAWksmoKHkdif/U=
Subject key identifier:   07:4B:C9:28:DD:54:D0:25:5B:37:AA:54:A8:97:C7:95:E6:F9:52:75
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       080CDFD8BFA7AD305339C8EFEFB3E76FAF8AD46A
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131372e302f32342d3234203d3e203633313939.roa
Signing time:             Mon 15 Jun 2026 12:09:31 +0000
ROA not before:           Mon 15 Jun 2026 12:04:31 +0000
ROA not after:            Mon 14 Jun 2027 12:09:31 +0000
asID:                     63199
IP address blocks:        93.95.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:0c:df:d8:bf:a7:ad:30:53:39:c8:ef:ef:b3:e7:6f:af:8a:d4:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Jun 15 12:04:31 2026 GMT
            Not After : Jun 14 12:09:31 2027 GMT
        Subject: CN=074BC928DD54D0255B37AA54A897C795E6F95275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:93:7b:5d:77:d6:86:e7:07:19:89:5d:80:87:
                    ae:49:fc:8f:63:e3:55:94:26:db:22:73:4f:d7:db:
                    dd:d9:7d:e7:40:e3:55:0f:e0:94:55:37:c6:70:e1:
                    fa:9d:6b:15:4a:d5:5a:60:17:c0:a3:85:49:ce:1c:
                    72:8c:37:66:f8:63:9b:1c:c5:b3:ba:9f:13:b0:16:
                    4a:8e:57:1d:52:9e:4e:13:26:f1:72:2d:2a:d7:96:
                    4a:61:e5:8a:74:42:ed:fb:e8:06:13:b6:6a:11:cf:
                    a1:7f:03:d4:c2:5f:db:22:71:39:a7:25:64:5e:b0:
                    cd:57:52:08:a4:9c:d9:3a:8d:99:87:51:7b:6b:f3:
                    05:16:1c:2c:66:4e:16:82:9d:0c:ed:86:e6:f0:0a:
                    6b:5e:c7:b3:1d:08:13:b7:7c:f6:b4:56:ea:a6:6a:
                    0b:c6:46:31:72:7b:1d:09:ec:5c:fe:1e:7e:38:8e:
                    e8:95:c3:a6:84:71:f3:5c:54:d9:21:6d:09:8f:57:
                    b2:3f:dc:d5:07:f7:27:f4:7b:00:8e:c4:53:05:5d:
                    39:de:13:7c:45:6e:96:15:73:33:5b:78:b8:b9:78:
                    f9:da:08:53:8c:b6:a4:fb:74:43:ff:0f:b1:b2:ee:
                    8d:b3:35:65:36:ec:7e:aa:9f:f1:ec:54:8c:e4:e7:
                    0e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:4B:C9:28:DD:54:D0:25:5B:37:AA:54:A8:97:C7:95:E6:F9:52:75
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131372e302f32342d3234203d3e203633313939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:bc:41:12:b1:92:ca:49:30:5b:8d:50:5c:e5:cd:3c:a7:d8:
         ad:5c:34:d3:69:a4:d1:cb:db:43:09:c6:4d:de:8b:49:3d:d5:
         cd:c0:dc:ab:e5:1d:59:6d:4b:85:0a:5b:62:8b:60:35:9f:78:
         41:c0:b0:e1:8f:59:b0:72:1d:20:1f:92:6b:23:77:fc:f2:54:
         91:e8:6b:1f:eb:cb:35:cb:8c:65:ad:e0:fa:ee:21:0d:ec:03:
         4e:6c:a7:01:88:46:0e:0f:7d:18:0b:cf:53:43:cb:25:e9:ce:
         be:76:f0:fb:0e:b9:d4:43:d8:80:71:ca:8c:77:8c:33:13:62:
         e6:8c:63:68:57:c2:23:3a:60:9d:8d:ab:4d:50:c8:4b:e2:7b:
         de:42:7f:9b:9f:c2:d2:f7:2f:c7:ad:11:8f:95:ac:42:8b:4f:
         a5:04:1c:86:a2:ae:b0:d1:69:b9:28:df:cc:99:a3:1d:19:a1:
         48:0e:27:7c:8c:de:55:20:bb:b8:12:df:09:b1:f7:1a:e7:2b:
         9c:34:09:a3:5b:f0:5e:db:d1:c3:17:d2:b0:d5:c7:88:6b:5e:
         91:98:88:c0:1f:12:38:58:99:86:56:fe:68:ff:08:03:a5:eb:
         e6:a6:7a:d1:7e:b4:8f:0f:5c:ca:0c:30:6a:52:e4:51:46:9a:
         80:05:98:cc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCAzf2L+nrTBTOcjv77Pnb6+K1GowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNjA2MTUxMjA0MzFaFw0yNzA2MTQxMjA5MzFaMDMxMTAvBgNV
BAMTKDA3NEJDOTI4REQ1NEQwMjU1QjM3QUE1NEE4OTdDNzk1RTZGOTUyNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXk3tdd9aG5wcZiV2Ah65J/I9j
41WUJtsic0/X293ZfedA41UP4JRVN8Zw4fqdaxVK1VpgF8CjhUnOHHKMN2b4Y5sc
xbO6nxOwFkqOVx1Snk4TJvFyLSrXlkph5Yp0Qu376AYTtmoRz6F/A9TCX9sicTmn
JWResM1XUgiknNk6jZmHUXtr8wUWHCxmThaCnQzthubwCmtex7MdCBO3fPa0Vuqm
agvGRjFyex0J7Fz+Hn44juiVw6aEcfNcVNkhbQmPV7I/3NUH9yf0ewCOxFMFXTne
E3xFbpYVczNbeLi5ePnaCFOMtqT7dEP/D7Gy7o2zNWU27H6qn/HsVIzk5w7xAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUB0vJKN1U0CVbN6pUqJfHleb5UnUwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzMxMzkzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1f
dTANBgkqhkiG9w0BAQsFAAOCAQEAHLxBErGSykkwW41QXOXNPKfYrVw002mk0cvb
QwnGTd6LST3VzcDcq+UdWW1LhQpbYotgNZ94QcCw4Y9ZsHIdIB+SayN3/PJUkehr
H+vLNcuMZa3g+u4hDewDTmynAYhGDg99GAvPU0PLJenOvnbw+w651EPYgHHKjHeM
MxNi5oxjaFfCIzpgnY2rTVDIS+J73kJ/m5/C0vcvx60Rj5WsQotPpQQchqKusNFp
uSjfzJmjHRmhSA4nfIzeVSC7uBLfCbH3GucrnDQJo1vwXtvRwxfSsNXHiGtekZiI
wB8SOFiZhlb+aP8IA6Xr5qZ60X60jw9cygwwalLkUUaagAWYzA==
-----END CERTIFICATE-----