Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23532.roa
File:                     AS23532.roa (raw, json)
Hash identifier:          FCe0D+10rv8xo7CMU3DcTMlsg8FUhURgDdXns3dJmbk=
Subject key identifier:   83:4E:7C:6A:E4:90:92:6B:FB:40:12:5B:A9:41:D6:97:1B:B4:EE:B4
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0743F641AB45D95958E586B49F5764E2E2D5F97D
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23532.roa
Signing time:             Thu 25 Sep 2025 17:02:24 +0000
ROA not before:           Thu 25 Sep 2025 16:57:24 +0000
ROA not after:            Thu 24 Sep 2026 17:02:24 +0000
asID:                     23532
IP address blocks:        95.135.188.0/24 maxlen: 24
                          178.95.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Oct 2025 06:16:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:43:f6:41:ab:45:d9:59:58:e5:86:b4:9f:57:64:e2:e2:d5:f9:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 25 16:57:24 2025 GMT
            Not After : Sep 24 17:02:24 2026 GMT
        Subject: CN=834E7C6AE490926BFB40125BA941D6971BB4EEB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:7c:bd:0c:a5:a3:f3:59:35:88:87:be:b9:22:
                    8a:09:1e:d0:3c:73:2f:2d:7b:9c:38:c1:90:58:92:
                    56:b8:fe:39:fd:d2:27:32:12:21:9d:cf:52:99:4d:
                    c7:d6:f6:f3:e0:49:41:9f:ac:f4:94:93:fb:71:39:
                    38:40:07:b0:c8:24:ec:df:13:08:93:e7:cc:05:93:
                    ee:c8:10:8f:c4:78:54:a7:9a:5f:fe:b1:9e:68:5d:
                    45:aa:70:c1:45:55:4c:e0:a6:c7:ea:fb:e2:06:d1:
                    ed:35:b7:98:4c:12:54:ad:53:35:f1:f9:c3:e0:53:
                    df:53:1f:0f:44:f5:ce:ed:a4:04:fb:93:bb:b7:a2:
                    89:ab:73:30:cb:db:92:e7:4f:ce:6c:a0:7e:2c:4b:
                    87:cf:ee:0c:a7:0d:08:20:1d:67:f7:38:64:19:49:
                    1c:bf:33:c5:f1:59:11:e6:99:a0:1c:fe:eb:24:b2:
                    9e:f9:d5:a3:a6:da:27:4c:94:86:7c:7e:06:d6:27:
                    c8:b8:84:e2:ba:03:c7:55:f2:74:33:27:6e:16:4f:
                    9f:58:fa:6a:77:47:6e:37:a1:e4:9f:8a:c4:5c:91:
                    2c:30:55:fe:e0:1b:11:62:4b:89:6e:e3:f1:1b:52:
                    8b:a2:ab:1f:18:9e:1f:95:7a:39:74:f3:78:ca:c3:
                    3f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:4E:7C:6A:E4:90:92:6B:FB:40:12:5B:A9:41:D6:97:1B:B4:EE:B4
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.188.0/24
                  178.95.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:49:18:dc:6a:28:39:64:70:79:b9:ba:a3:dc:35:5a:c4:96:
         c9:f3:b3:d3:15:f5:c5:c2:6f:57:65:1f:7f:3d:d1:f4:df:ef:
         d9:a9:f8:b3:4a:2b:a3:5a:78:d2:20:b6:d5:ad:07:b8:fa:e1:
         da:df:d7:05:e7:82:7d:01:bb:bf:1a:74:5e:b8:82:ca:a5:1e:
         36:98:a2:91:a2:74:af:d7:3f:24:bb:88:01:5e:10:26:ee:44:
         2b:08:0d:29:ef:c6:c3:d9:fb:6e:e0:a8:6e:fd:74:88:3d:ad:
         1a:03:f6:01:e7:aa:95:75:55:ad:4e:00:8c:e4:e2:83:8f:7f:
         ef:a7:04:cb:02:92:71:3b:2e:ce:4c:4a:27:53:22:9c:7b:0c:
         37:9f:13:f9:30:7f:5c:6b:50:c2:36:76:23:01:25:ed:a3:b5:
         80:48:9d:e2:60:a9:b8:b1:56:10:db:26:5c:78:5c:86:5d:00:
         72:ad:7b:57:69:b7:e4:0b:f5:e5:3c:70:3d:c9:ad:43:cb:98:
         f2:b9:dd:69:2a:a1:a5:43:a9:dd:25:f8:94:21:33:fb:20:a4:
         fe:ec:1a:1f:f8:92:1f:e9:22:62:1e:08:58:0e:06:31:12:94:
         f2:e7:ea:25:b4:30:60:c0:48:d1:90:93:de:7b:72:6d:c0:fc:
         85:75:54:74
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUB0P2QatF2VlY5Ya0n1dk4uLV+X0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MjUxNjU3MjRaFw0yNjA5MjQxNzAyMjRaMDMxMTAvBgNV
BAMTKDgzNEU3QzZBRTQ5MDkyNkJGQjQwMTI1QkE5NDFENjk3MUJCNEVFQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzfL0MpaPzWTWIh765IooJHtA8
cy8te5w4wZBYkla4/jn90icyEiGdz1KZTcfW9vPgSUGfrPSUk/txOThAB7DIJOzf
EwiT58wFk+7IEI/EeFSnml/+sZ5oXUWqcMFFVUzgpsfq++IG0e01t5hMElStUzXx
+cPgU99THw9E9c7tpAT7k7u3oomrczDL25LnT85soH4sS4fP7gynDQggHWf3OGQZ
SRy/M8XxWRHmmaAc/usksp751aOm2idMlIZ8fgbWJ8i4hOK6A8dV8nQzJ24WT59Y
+mp3R243oeSfisRckSwwVf7gGxFiS4lu4/EbUouiqx8Ynh+Vejl083jKwz/pAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUg058auSQkmv7QBJbqUHWlxu07rQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjM1MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABfh7wD
BACyX6YwDQYJKoZIhvcNAQELBQADggEBAGZJGNxqKDlkcHm5uqPcNVrElsnzs9MV
9cXCb1dlH3890fTf79mp+LNKK6NaeNIgttWtB7j64drf1wXngn0Bu78adF64gsql
HjaYopGidK/XPyS7iAFeECbuRCsIDSnvxsPZ+27gqG79dIg9rRoD9gHnqpV1Va1O
AIzk4oOPf++nBMsCknE7Ls5MSidTIpx7DDefE/kwf1xrUMI2diMBJe2jtYBIneJg
qbixVhDbJlx4XIZdAHKte1dpt+QL9eU8cD3JrUPLmPK53WkqoaVDqd0l+JQhM/sg
pP7sGh/4kh/pImIeCFgOBjESlPLn6iW0MGDASNGQk957cm3A/IV1VHQ=
-----END CERTIFICATE-----