Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131382e302f32342d3234203d3e203631313132.roa
File:                     39332e39352e3131382e302f32342d3234203d3e203631313132.roa (raw, json)
Hash identifier:          hkeLXPavFD7WfStThhYLTFHTYlms8I7H60Fz+4Z95to=
Subject key identifier:   0B:56:52:FF:E2:66:F4:B5:FB:32:A6:02:73:D3:61:5D:D5:8F:5F:A9
Certificate issuer:       /CN=b172548fa3c460e26cb519ee524361bca6c7132e
Certificate serial:       174F5377D0E88E1827285428AD4A02DB8F06971C
Authority key identifier: B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131382e302f32342d3234203d3e203631313132.roa
Signing time:             Sun 28 Apr 2024 19:19:24 +0000
ROA not before:           Sun 28 Apr 2024 19:14:24 +0000
ROA not after:            Sun 27 Apr 2025 19:19:24 +0000
asID:                     61112
IP address blocks:        93.95.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:4f:53:77:d0:e8:8e:18:27:28:54:28:ad:4a:02:db:8f:06:97:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172548fa3c460e26cb519ee524361bca6c7132e
        Validity
            Not Before: Apr 28 19:14:24 2024 GMT
            Not After : Apr 27 19:19:24 2025 GMT
        Subject: CN=0B5652FFE266F4B5FB32A60273D3615DD58F5FA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:36:ee:59:5a:aa:4b:b2:ea:be:6e:53:3c:cb:
                    69:1f:3c:a3:76:a8:5c:64:33:cf:c9:03:95:15:fa:
                    50:86:24:35:8b:e5:75:35:e1:55:b3:82:5e:cf:72:
                    b3:87:1d:52:4e:7b:30:c4:96:1c:d1:f5:aa:04:14:
                    80:a0:d5:66:77:66:c1:2a:01:b4:a3:1d:7f:f4:bc:
                    93:ed:af:21:92:92:a9:58:65:21:f1:62:a4:9e:fb:
                    8a:bb:29:e6:6f:97:90:c8:46:26:30:40:ce:b6:0d:
                    91:5c:65:46:19:cd:49:2d:65:34:ed:09:1d:71:55:
                    12:98:89:0d:8f:48:e0:6e:60:08:81:13:1e:48:14:
                    01:31:b5:e2:94:28:1a:9b:48:d3:37:0e:ef:5a:58:
                    16:cf:02:48:33:61:b7:80:47:32:19:ab:21:fc:7e:
                    41:9d:13:3b:6c:88:b7:1d:18:d6:66:6f:ad:96:c8:
                    a3:e6:ac:49:45:c0:10:6b:99:6c:d4:9c:98:5b:82:
                    28:62:96:59:26:0c:50:55:a5:f4:13:8a:e0:a9:97:
                    66:9f:42:6c:f6:01:33:64:6f:fe:32:0b:3c:25:75:
                    48:63:ab:9c:4d:d9:c5:be:e1:25:b9:3e:87:c8:cb:
                    c0:fc:28:5e:38:35:83:f9:70:9e:60:07:d9:2c:b1:
                    a2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:56:52:FF:E2:66:F4:B5:FB:32:A6:02:73:D3:61:5D:D5:8F:5F:A9
            X509v3 Authority Key Identifier:
                keyid:B1:72:54:8F:A3:C4:60:E2:6C:B5:19:EE:52:43:61:BC:A6:C7:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/B172548FA3C460E26CB519EE524361BCA6C7132E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXJUj6PEYOJstRnuUkNhvKbHEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96573e88-daba-4ac7-a2ed-321c8277d25e/0/39332e39352e3131382e302f32342d3234203d3e203631313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:a2:2a:72:35:3e:47:9f:c4:ee:09:16:30:8b:f5:27:95:a1:
         37:c9:13:64:c9:b1:25:c6:71:79:05:3f:78:ed:7c:79:4b:f5:
         a9:39:4d:4f:00:95:61:29:93:c6:d5:c7:74:b0:e6:18:5c:0e:
         b5:34:76:7e:49:d0:96:e6:0c:20:4d:b9:e1:4d:d4:c4:4d:c1:
         1b:3c:50:28:9e:5d:93:07:cf:33:3f:69:6e:5e:55:94:6d:4b:
         5e:32:bd:52:d4:ae:b9:ab:04:93:ce:4c:69:c7:98:30:07:cc:
         d2:33:e7:c7:bc:81:df:c4:0e:76:37:11:6a:fc:0c:aa:9f:63:
         92:e6:78:4f:14:82:a9:75:ee:9a:1c:02:f4:0c:0f:f5:0d:c3:
         2b:d9:01:65:c8:05:83:af:cb:13:7d:15:0c:ec:e8:ad:52:2a:
         4c:fe:ba:22:bd:11:12:e3:cc:71:1f:c3:50:9d:e5:12:75:7a:
         7b:60:85:f9:e6:c3:0a:ec:6a:02:f2:c5:00:8c:a5:a6:23:c1:
         1d:30:a2:81:af:70:d6:fd:08:f1:f3:29:29:ce:d1:b7:1e:d4:
         7d:05:32:0f:a5:eb:fe:97:be:50:92:a5:ce:d3:7b:85:1e:48:
         9b:43:66:1c:17:a4:7b:22:42:f8:a9:18:e5:a9:e0:f0:4b:62:
         09:ff:a8:36
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUF09Td9DojhgnKFQorUoC248GlxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjE3MjU0OGZhM2M0NjBlMjZjYjUxOWVlNTI0MzYxYmNh
NmM3MTMyZTAeFw0yNDA0MjgxOTE0MjRaFw0yNTA0MjcxOTE5MjRaMDMxMTAvBgNV
BAMTKDBCNTY1MkZGRTI2NkY0QjVGQjMyQTYwMjczRDM2MTVERDU4RjVGQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYNu5ZWqpLsuq+blM8y2kfPKN2
qFxkM8/JA5UV+lCGJDWL5XU14VWzgl7PcrOHHVJOezDElhzR9aoEFICg1WZ3ZsEq
AbSjHX/0vJPtryGSkqlYZSHxYqSe+4q7KeZvl5DIRiYwQM62DZFcZUYZzUktZTTt
CR1xVRKYiQ2PSOBuYAiBEx5IFAExteKUKBqbSNM3Du9aWBbPAkgzYbeARzIZqyH8
fkGdEztsiLcdGNZmb62WyKPmrElFwBBrmWzUnJhbgihillkmDFBVpfQTiuCpl2af
Qmz2ATNkb/4yCzwldUhjq5xN2cW+4SW5PofIy8D8KF44NYP5cJ5gB9kssaLXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUC1ZS/+Jm9LX7MqYCc9NhXdWPX6kwHwYDVR0j
BBgwFoAUsXJUj6PEYOJstRnuUkNhvKbHEy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTY1NzNlODgtZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdk
MjVlLzAvQjE3MjU0OEZBM0M0NjBFMjZDQjUxOUVFNTI0MzYxQkNBNkM3MTMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NYSlVqNlBFWU9Kc3RSbnVVa05odkti
SEV5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTY1NzNlODgt
ZGFiYS00YWM3LWEyZWQtMzIxYzgyNzdkMjVlLzAvMzkzMzJlMzkzNTJlMzEzMTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMxMzEzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1f
djANBgkqhkiG9w0BAQsFAAOCAQEAW6IqcjU+R5/E7gkWMIv1J5WhN8kTZMmxJcZx
eQU/eO18eUv1qTlNTwCVYSmTxtXHdLDmGFwOtTR2fknQluYMIE254U3UxE3BGzxQ
KJ5dkwfPMz9pbl5VlG1LXjK9UtSuuasEk85MaceYMAfM0jPnx7yB38QOdjcRavwM
qp9jkuZ4TxSCqXXumhwC9AwP9Q3DK9kBZcgFg6/LE30VDOzorVIqTP66Ir0REuPM
cR/DUJ3lEnV6e2CF+ebDCuxqAvLFAIylpiPBHTCiga9w1v0I8fMpKc7Rtx7UfQUy
D6Xr/pe+UJKlztN7hR5Im0NmHBekeyJC+KkY5ang8EtiCf+oNg==
-----END CERTIFICATE-----