Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/saXVgoVzNRbFAdgTctYGeI4Btug.roa
File:                     saXVgoVzNRbFAdgTctYGeI4Btug.roa (raw, json)
Hash identifier:          Ni5nFlKALS6As/RHO2AnppySml8jTNUM8omaVQR73WQ=
Subject key identifier:   B1:A5:D5:82:85:73:35:16:C5:01:D8:13:72:D6:06:78:8E:01:B6:E8
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019D0B0C038ACC4EDD4DED491514595B5557
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/saXVgoVzNRbFAdgTctYGeI4Btug.roa
Signing time:             Fri 20 Mar 2026 11:40:29 +0000
ROA not before:           Fri 20 Mar 2026 11:40:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402203
IP address blocks:        95.173.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:0c:03:8a:cc:4e:dd:4d:ed:49:15:14:59:5b:55:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 20 11:40:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1a5d58285733516c501d81372d606788e01b6e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0d:ab:80:1b:f0:5f:e5:0f:f0:b4:2d:fc:46:
                    02:c0:12:42:f5:f1:ef:1d:ae:60:57:6d:38:c2:d1:
                    ef:29:a9:f6:c2:48:f1:aa:da:26:98:a1:ed:a9:eb:
                    2c:5f:ce:36:46:ce:5c:c8:28:44:0b:ff:aa:19:f9:
                    57:8b:a9:f1:f4:98:72:86:5d:79:b3:8c:d4:2b:0a:
                    5e:09:d6:8a:55:2b:1d:91:09:99:82:d2:f5:c9:64:
                    80:d4:c1:4d:92:4f:6f:de:f5:70:ad:36:55:98:88:
                    9b:64:74:1e:71:8a:9e:2b:01:90:a0:e7:a2:2f:e1:
                    5c:dd:e0:5c:fc:89:0a:d7:cc:c6:38:de:0b:16:b9:
                    b1:03:d8:d7:f3:00:99:a1:35:97:fb:42:4a:2d:69:
                    32:de:b9:a0:94:4c:90:0b:79:a4:ae:df:33:38:ab:
                    85:f2:a5:e4:69:6d:46:ef:47:04:7d:2f:8d:1c:9d:
                    f4:2c:91:4d:4d:ad:36:35:f7:80:7d:a1:9a:a9:bc:
                    49:4c:dc:4a:a4:28:27:ea:2d:0b:63:1a:00:3b:a9:
                    75:06:99:0d:4b:2e:ba:cd:b8:43:fb:ad:78:87:6f:
                    73:31:fd:64:b1:19:9c:e0:af:e7:b6:a2:7e:f7:ad:
                    09:93:3d:46:77:5f:9f:cd:88:80:3e:4f:9f:06:c0:
                    f1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A5:D5:82:85:73:35:16:C5:01:D8:13:72:D6:06:78:8E:01:B6:E8
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/saXVgoVzNRbFAdgTctYGeI4Btug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:82:9c:42:d3:03:ed:4e:65:f0:98:b4:bc:12:15:af:6b:3d:
         16:c7:5f:74:dc:15:aa:00:d3:13:17:9a:0f:6b:b3:3c:12:bb:
         d9:c6:0e:e3:5d:01:e5:ef:77:ec:ef:59:1f:1b:53:b3:02:a9:
         37:e0:cb:ed:83:69:62:ed:0b:a2:a1:6e:72:a1:09:cd:c0:8b:
         7c:fb:87:d0:31:80:dd:1c:6b:ed:4c:be:02:4f:ff:e0:3f:dd:
         1b:cf:7b:ed:67:50:63:af:0a:ad:82:c7:b8:78:cd:c9:7d:a4:
         a2:b6:3b:e3:b1:0a:c8:69:c9:18:64:97:2a:7f:42:4d:55:63:
         72:3c:d5:60:95:15:bb:43:58:46:af:be:12:92:56:95:b9:9b:
         3d:fd:4e:22:72:ef:ee:eb:42:36:90:dd:34:cf:c5:8f:b0:62:
         29:9b:38:d4:78:a4:97:af:c2:14:55:bf:bb:08:d6:15:70:19:
         6c:2a:e8:f2:b2:81:36:1c:63:7b:ab:e6:66:b4:e4:7c:0a:f4:
         8a:3f:f7:4d:4e:2c:42:f2:78:ea:83:75:f8:48:6b:5f:a5:23:
         a7:6e:10:d2:e2:a2:be:24:db:43:35:86:e6:1f:00:9e:bd:14:
         72:cf:c9:4c:66:dd:82:e3:2a:27:6b:a4:3d:99:b5:89:94:f3:
         3d:0b:f9:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0LDAOKzE7dTe1JFRRZW1VXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMzIwMTE0MDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE1ZDU4Mjg1NzMzNTE2YzUwMWQ4MTM3MmQ2MDY3ODhlMDFiNmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg2rgBvwX+UP8LQt/EYCwBJC9fHv
Ha5gV204wtHvKan2wkjxqtommKHtqessX842Rs5cyChEC/+qGflXi6nx9Jhyhl15
s4zUKwpeCdaKVSsdkQmZgtL1yWSA1MFNkk9v3vVwrTZVmIibZHQecYqeKwGQoOei
L+Fc3eBc/IkK18zGON4LFrmxA9jX8wCZoTWX+0JKLWky3rmglEyQC3mkrt8zOKuF
8qXkaW1G70cEfS+NHJ30LJFNTa02NfeAfaGaqbxJTNxKpCgn6i0LYxoAO6l1BpkN
Sy66zbhD+614h29zMf1ksRmc4K/ntqJ+960Jkz1Gd1+fzYiAPk+fBsDxeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGl1YKFczUWxQHYE3LWBniOAbboMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvc2FYVmdvVnpOUmJGQWRnVGN0WUdlSTRCdHVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX60wMA0G
CSqGSIb3DQEBCwUAA4IBAQBvgpxC0wPtTmXwmLS8EhWvaz0Wx1903BWqANMTF5oP
a7M8ErvZxg7jXQHl73fs71kfG1OzAqk34Mvtg2li7QuioW5yoQnNwIt8+4fQMYDd
HGvtTL4CT//gP90bz3vtZ1Bjrwqtgse4eM3JfaSitjvjsQrIackYZJcqf0JNVWNy
PNVglRW7Q1hGr74SklaVuZs9/U4icu/u60I2kN00z8WPsGIpmzjUeKSXr8IUVb+7
CNYVcBlsKujysoE2HGN7q+ZmtOR8CvSKP/dNTixC8njqg3X4SGtfpSOnbhDS4qK+
JNtDNYbmHwCevRRyz8lMZt2C4yona6Q9mbWJlPM9C/kP
-----END CERTIFICATE-----