Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/iryj8oj2-V8BM-nhifn9xaWFT6k.roa
File:                     iryj8oj2-V8BM-nhifn9xaWFT6k.roa (raw, json)
Hash identifier:          J2c6WbxcvYg3n0i5rwopADF8nqS8/EkzKqjIvyGqKVg=
Subject key identifier:   8A:BC:A3:F2:88:F6:F9:5F:01:33:E9:E1:89:F9:FD:C5:A5:85:4F:A9
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       019CDC31B080F2CB0784ADE38449EDCD85D2
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/iryj8oj2-V8BM-nhifn9xaWFT6k.roa
Signing time:             Wed 11 Mar 2026 09:19:29 +0000
ROA not before:           Wed 11 Mar 2026 09:19:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60441
IP address blocks:        95.169.208.0/24 maxlen: 24
                          95.169.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:31:b0:80:f2:cb:07:84:ad:e3:84:49:ed:cd:85:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Mar 11 09:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8abca3f288f6f95f0133e9e189f9fdc5a5854fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:46:0c:dc:29:85:ba:8b:6f:a2:d0:db:a9:c3:
                    0b:d4:5d:6e:2d:92:99:1a:76:e8:93:ec:12:60:62:
                    ea:0b:dc:d6:f4:6d:bb:cb:6c:49:60:81:3e:aa:10:
                    4b:8b:03:cb:4a:5e:52:9d:9f:1a:91:62:9d:c2:ce:
                    ff:99:55:f3:5a:c5:a4:8d:be:34:64:af:ae:76:ee:
                    17:de:8d:8b:8c:3d:bf:91:86:92:85:cb:8b:d6:72:
                    23:4e:2c:b5:f9:d6:4d:99:78:cb:9e:59:a8:a7:23:
                    4e:9e:9d:61:c2:e9:f5:ba:d2:9c:dc:05:60:53:59:
                    46:6b:78:c3:34:c0:e4:fa:b1:40:e2:30:ee:fe:c3:
                    50:cc:98:36:0d:09:78:16:f9:9c:d7:ec:e6:ed:dc:
                    f6:97:83:49:d2:ba:f1:94:8f:7c:59:96:e3:65:54:
                    e6:07:60:58:f5:69:04:77:94:33:21:31:a1:6d:2f:
                    45:f0:8d:91:82:b5:33:2d:ad:6a:13:09:7a:43:31:
                    04:68:09:17:b7:33:63:1a:64:d1:02:23:dd:35:ea:
                    e7:87:d6:b1:29:43:0a:a1:53:84:19:d7:41:0c:dc:
                    2b:8d:df:ef:b5:58:12:10:82:c4:8e:c7:5e:66:79:
                    f1:7f:7b:40:8f:de:35:52:56:67:e7:3a:30:43:ca:
                    e6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:BC:A3:F2:88:F6:F9:5F:01:33:E9:E1:89:F9:FD:C5:A5:85:4F:A9
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/iryj8oj2-V8BM-nhifn9xaWFT6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.208.0/24
                  95.169.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:70:22:ff:8e:6e:a0:7c:91:f7:aa:be:02:09:ad:55:9d:b2:
         d0:72:14:36:72:b6:86:22:a6:a8:5e:34:fa:f7:9a:57:62:a7:
         34:8b:41:a8:32:57:a6:1e:ce:c1:e3:1d:23:6d:f7:ca:37:a5:
         04:e9:62:f9:1f:00:16:13:e9:96:0a:b0:8d:9e:3f:e7:1e:8e:
         94:fc:c5:68:9c:66:40:b4:9b:36:bc:62:37:55:11:9a:1e:09:
         b5:e9:d5:53:14:f2:f8:36:7d:9c:d0:87:81:2f:27:93:ee:ac:
         df:9b:41:b3:95:7d:94:ee:00:13:b8:26:59:b6:91:46:37:37:
         cc:08:9d:77:74:bd:61:87:d1:1c:6e:70:4a:c4:c0:88:fd:21:
         76:68:02:22:db:5b:9a:93:15:1d:8a:6b:2f:b2:6e:48:37:21:
         3f:7a:d8:d5:42:bb:ef:83:eb:1c:1a:7d:56:96:49:32:93:d3:
         2d:2e:3d:c2:01:ad:e2:45:8c:23:30:2e:e7:16:f2:62:42:2a:
         67:47:b4:f7:f6:de:ce:f3:15:b8:30:27:5b:8d:f0:87:17:b1:
         9c:20:1b:fc:3d:ec:6e:fe:b7:c1:bc:46:ee:5b:e8:85:ee:59:
         76:22:98:fa:d4:64:8e:6b:11:a6:e9:d3:f5:7a:47:a1:80:67:
         9b:da:08:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzcMbCA8ssHhK3jhEntzYXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjYwMzExMDkxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWJjYTNmMjg4ZjZmOTVmMDEzM2U5ZTE4OWY5ZmRjNWE1ODU0ZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkYM3CmFuotvotDbqcML1F1uLZKZ
Gnbok+wSYGLqC9zW9G27y2xJYIE+qhBLiwPLSl5SnZ8akWKdws7/mVXzWsWkjb40
ZK+udu4X3o2LjD2/kYaShcuL1nIjTiy1+dZNmXjLnlmopyNOnp1hwun1utKc3AVg
U1lGa3jDNMDk+rFA4jDu/sNQzJg2DQl4Fvmc1+zm7dz2l4NJ0rrxlI98WZbjZVTm
B2BY9WkEd5QzITGhbS9F8I2RgrUzLa1qEwl6QzEEaAkXtzNjGmTRAiPdNernh9ax
KUMKoVOEGddBDNwrjd/vtVgSEILEjsdeZnnxf3tAj941UlZn5zowQ8rmdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIq8o/KI9vlfATPp4Yn5/cWlhU+pMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvaXJ5ajhvajItVjhCTS1uaGlmbjl4YVdGVDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX6nQAwQA
X6nTMA0GCSqGSIb3DQEBCwUAA4IBAQBZcCL/jm6gfJH3qr4CCa1VnbLQchQ2craG
IqaoXjT695pXYqc0i0GoMlemHs7B4x0jbffKN6UE6WL5HwAWE+mWCrCNnj/nHo6U
/MVonGZAtJs2vGI3VRGaHgm16dVTFPL4Nn2c0IeBLyeT7qzfm0GzlX2U7gATuCZZ
tpFGNzfMCJ13dL1hh9EcbnBKxMCI/SF2aAIi21uakxUdimsvsm5INyE/etjVQrvv
g+scGn1Wlkkyk9MtLj3CAa3iRYwjMC7nFvJiQipnR7T39t7O8xW4MCdbjfCHF7Gc
IBv8Pexu/rfBvEbuW+iF7ll2Ipj61GSOaxGm6dP1ekehgGeb2gj1
-----END CERTIFICATE-----