Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/yU6JH4rB4EEc2kosKwwup8e8-KI.roa
File:                     yU6JH4rB4EEc2kosKwwup8e8-KI.roa (raw, json)
Hash identifier:          +EVcvVfLPXA8AySeeHjS9TqNKkJuo2VZtoRQeGDHmu0=
Subject key identifier:   C9:4E:89:1F:8A:C1:E0:41:1C:DA:4A:2C:2B:0C:2E:A7:C7:BC:F8:A2
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       019DDE3DDDFD769C7C9FCAE6613E48364BEA
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/yU6JH4rB4EEc2kosKwwup8e8-KI.roa
Signing time:             Thu 30 Apr 2026 11:54:49 +0000
ROA not before:           Thu 30 Apr 2026 11:54:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203273
IP address blocks:        95.181.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:3d:dd:fd:76:9c:7c:9f:ca:e6:61:3e:48:36:4b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Apr 30 11:54:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c94e891f8ac1e0411cda4a2c2b0c2ea7c7bcf8a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:f4:53:ff:bb:2f:f4:84:25:7f:d2:0a:44:e9:
                    00:76:9f:18:b2:67:b7:93:6e:77:68:6a:96:e8:1c:
                    68:e1:d6:5e:75:e8:86:20:3e:41:11:c8:c5:b0:74:
                    06:bf:ac:62:19:b6:ed:fd:08:a2:47:80:b8:ea:45:
                    e7:0d:46:43:8f:75:3b:ee:92:0f:5a:60:1e:5b:b5:
                    0d:4d:73:98:f2:54:1b:63:2d:45:ae:35:f1:a9:ac:
                    7d:c7:06:2c:9a:2a:71:91:8b:21:15:a5:81:d2:c6:
                    2a:9c:ab:2b:ec:38:c0:b0:72:64:9f:4d:d4:2c:09:
                    10:07:73:af:2c:18:1e:16:c6:17:17:9e:3c:bf:98:
                    86:69:3c:e3:e7:e7:07:e9:69:d5:81:a2:9d:04:5d:
                    0e:90:9d:ed:8a:ab:05:d1:eb:ab:ec:c1:42:ed:1e:
                    d1:94:1d:55:de:79:bf:4a:49:59:93:29:1d:4d:42:
                    9f:c5:8c:82:e3:e3:81:22:86:bb:c8:c1:02:c1:47:
                    7d:c6:23:da:c8:38:0c:13:c4:31:ce:86:0a:75:70:
                    c3:38:71:a4:22:f4:fb:a5:e4:b9:a3:f1:91:42:de:
                    96:f0:25:63:6d:46:8b:12:65:8b:f1:b3:58:2a:c1:
                    47:a2:bc:18:57:db:e7:fc:4f:9c:04:64:67:de:f4:
                    f5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4E:89:1F:8A:C1:E0:41:1C:DA:4A:2C:2B:0C:2E:A7:C7:BC:F8:A2
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/yU6JH4rB4EEc2kosKwwup8e8-KI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:20:ac:2a:80:97:06:9b:95:11:8c:26:bc:e3:59:cc:49:4c:
         58:d5:a9:06:d5:ec:29:31:17:18:19:0e:d5:40:2b:8b:31:6c:
         de:22:7e:c0:bb:91:9a:a2:ec:99:a6:3e:e5:7c:95:c5:9d:53:
         55:d3:a2:a8:8b:2f:b3:00:97:f4:5e:65:81:e6:f6:94:30:0b:
         23:58:3c:ee:ab:93:01:84:67:db:fc:f2:33:af:fd:a6:b9:0a:
         41:c4:50:b9:a3:8e:3f:01:63:47:42:6d:e0:5e:6d:e0:da:d1:
         97:d0:f6:4b:ab:76:60:12:2e:73:bd:3f:fd:bc:e9:32:c5:4d:
         c0:83:90:12:6e:46:27:0e:6c:17:19:43:d8:3b:4c:d6:a2:87:
         62:fd:e2:18:c6:bf:13:24:1c:19:71:80:af:ce:49:4f:2f:e7:
         af:3c:53:60:61:e4:36:23:fe:aa:c7:96:26:e4:aa:35:bc:37:
         f6:67:6b:28:8e:df:a2:86:d0:c8:26:b1:e0:af:e9:44:62:46:
         f3:22:1f:57:35:b1:51:00:da:fe:c0:bf:aa:8c:cc:ef:2f:5c:
         ea:46:2b:29:72:1d:29:a2:a3:3e:ff:60:65:d9:65:70:bf:ca:
         e8:f1:c3:78:6e:d7:78:6f:fc:82:f5:7b:a1:b2:b9:9d:f0:89:
         df:b7:fc:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ePd39dpx8n8rmYT5INkvqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjYwNDMwMTE1NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTRlODkxZjhhYzFlMDQxMWNkYTRhMmMyYjBjMmVhN2M3YmNmOGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vRT/7sv9IQlf9IKROkAdp8Ysme3
k253aGqW6Bxo4dZedeiGID5BEcjFsHQGv6xiGbbt/QiiR4C46kXnDUZDj3U77pIP
WmAeW7UNTXOY8lQbYy1FrjXxqax9xwYsmipxkYshFaWB0sYqnKsr7DjAsHJkn03U
LAkQB3OvLBgeFsYXF548v5iGaTzj5+cH6WnVgaKdBF0OkJ3tiqsF0eur7MFC7R7R
lB1V3nm/SklZkykdTUKfxYyC4+OBIoa7yMECwUd9xiPayDgME8QxzoYKdXDDOHGk
IvT7peS5o/GRQt6W8CVjbUaLEmWL8bNYKsFHorwYV9vn/E+cBGRn3vT1rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlOiR+KweBBHNpKLCsMLqfHvPiiMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEveVU2Skg0ckI0RUVjMmtvc0t3d3VwOGU4LUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WtMA0G
CSqGSIb3DQEBCwUAA4IBAQBEIKwqgJcGm5URjCa841nMSUxY1akG1ewpMRcYGQ7V
QCuLMWzeIn7Au5GaouyZpj7lfJXFnVNV06Koiy+zAJf0XmWB5vaUMAsjWDzuq5MB
hGfb/PIzr/2muQpBxFC5o44/AWNHQm3gXm3g2tGX0PZLq3ZgEi5zvT/9vOkyxU3A
g5ASbkYnDmwXGUPYO0zWoodi/eIYxr8TJBwZcYCvzklPL+evPFNgYeQ2I/6qx5Ym
5Ko1vDf2Z2sojt+ihtDIJrHgr+lEYkbzIh9XNbFRANr+wL+qjMzvL1zqRispch0p
oqM+/2Bl2WVwv8ro8cN4btd4b/yC9Xuhsrmd8Inft/wd
-----END CERTIFICATE-----