Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/xygQhFvaDn0KcsXT2TVrBVJGRy8.roa
File:                     xygQhFvaDn0KcsXT2TVrBVJGRy8.roa (raw, json)
Hash identifier:          dsftadFShOGlp8GVX992hYwLlmpdYYKlbeZgmlDhCys=
Subject key identifier:   C7:28:10:84:5B:DA:0E:7D:0A:72:C5:D3:D9:35:6B:05:52:46:47:2F
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019D1B3F7E2B74F8BB94D58432FC57ED0AEF
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/xygQhFvaDn0KcsXT2TVrBVJGRy8.roa
Signing time:             Mon 23 Mar 2026 15:10:39 +0000
ROA not before:           Mon 23 Mar 2026 15:10:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135402
IP address blocks:        95.173.46.0/24 maxlen: 24
                          95.173.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:3f:7e:2b:74:f8:bb:94:d5:84:32:fc:57:ed:0a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 23 15:10:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c72810845bda0e7d0a72c5d3d9356b055246472f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2f:6f:09:93:ca:c6:93:3c:e6:af:a4:a3:2c:
                    ae:48:fc:d6:b9:9b:f6:71:1d:10:9e:bd:2d:34:40:
                    8f:2f:09:4d:bf:58:0b:6e:a8:07:56:a9:94:1e:7f:
                    ce:02:ce:6a:52:e1:7d:e9:17:dd:3e:40:8c:2f:82:
                    21:b5:f3:48:71:35:ea:29:86:e6:5e:69:76:59:99:
                    cd:46:ff:bb:3b:17:1e:16:76:9a:ba:ab:6d:1e:d6:
                    2a:a7:c0:9c:99:5a:10:24:82:a8:17:0b:dc:4a:e1:
                    14:ea:d1:24:d6:45:a6:e4:61:8e:b5:09:c3:ad:d6:
                    47:0b:32:53:df:ea:85:29:fc:ca:34:67:b4:49:01:
                    d8:6d:d4:ee:5e:e0:78:d6:07:6d:e9:9f:7f:7c:95:
                    23:7e:8f:88:60:db:e0:0c:04:91:24:03:84:dd:1a:
                    b7:4d:7e:fd:70:7f:14:6a:1c:56:70:a9:1b:6a:61:
                    35:c2:c9:83:84:02:aa:e5:2a:f9:76:73:e7:35:7b:
                    08:55:14:be:82:bd:b5:78:ac:1c:db:57:83:ea:d8:
                    2a:b0:71:ee:4d:0c:bc:0e:aa:34:de:1c:0c:b3:de:
                    9a:a2:d3:f0:94:5f:bd:7d:df:14:df:b9:32:fd:ef:
                    a2:df:2f:51:62:da:6c:05:64:c0:98:10:23:5c:16:
                    55:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:28:10:84:5B:DA:0E:7D:0A:72:C5:D3:D9:35:6B:05:52:46:47:2F
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/xygQhFvaDn0KcsXT2TVrBVJGRy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.46.0/24
                  95.173.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:af:18:77:2a:05:38:a4:5f:a3:9f:81:f4:9f:d7:ae:ed:4d:
         c2:b5:78:da:4b:32:b0:0c:bd:ec:65:de:02:e8:45:6c:74:b1:
         34:2f:47:1c:cc:ac:06:00:87:df:a8:e1:f2:4d:13:62:d4:58:
         f1:db:32:a1:09:ba:d3:6f:b0:96:97:fc:94:8c:85:3a:a2:32:
         1d:6f:c3:5f:a7:a7:61:59:80:6d:7b:f8:19:e1:16:84:c1:4b:
         1e:c8:c8:44:e0:d9:a1:81:98:58:cd:b2:2d:2e:e2:7f:b6:e3:
         c9:96:ba:ff:44:d3:c0:c9:23:15:d4:c9:c0:c2:83:80:07:d8:
         fe:6a:fd:12:8c:b0:7d:3e:72:db:f7:bb:86:29:f7:da:10:00:
         ff:65:84:f2:a8:ec:93:fb:64:6f:ef:b6:f9:c4:e5:6d:b1:22:
         b6:59:0a:b7:86:71:cb:35:48:c3:04:09:10:09:cd:15:1f:45:
         03:fd:f8:08:26:1f:79:b1:49:af:6b:6e:52:c1:fe:2d:a8:2b:
         f1:b6:cb:39:e6:11:83:e7:a4:15:63:8e:9f:38:64:0d:d3:76:
         db:60:0f:90:0f:d8:9b:a6:3e:26:c8:24:3c:fa:76:c4:28:e8:
         5d:af:84:46:3f:69:fa:0e:85:fe:9b:e8:73:d5:7f:d8:8f:07:
         cf:09:07:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0bP34rdPi7lNWEMvxX7QrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMzIzMTUxMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzI4MTA4NDViZGEwZTdkMGE3MmM1ZDNkOTM1NmIwNTUyNDY0NzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2i9vCZPKxpM85q+koyyuSPzWuZv2
cR0Qnr0tNECPLwlNv1gLbqgHVqmUHn/OAs5qUuF96RfdPkCML4IhtfNIcTXqKYbm
Xml2WZnNRv+7OxceFnaauqttHtYqp8CcmVoQJIKoFwvcSuEU6tEk1kWm5GGOtQnD
rdZHCzJT3+qFKfzKNGe0SQHYbdTuXuB41gdt6Z9/fJUjfo+IYNvgDASRJAOE3Rq3
TX79cH8UahxWcKkbamE1wsmDhAKq5Sr5dnPnNXsIVRS+gr21eKwc21eD6tgqsHHu
TQy8Dqo03hwMs96aotPwlF+9fd8U37ky/e+i3y9RYtpsBWTAmBAjXBZVnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMcoEIRb2g59CnLF09k1awVSRkcvMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEveHlnUWhGdmFEbjBLY3NYVDJUVnJCVkpHUnk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX60uAwQA
X60yMA0GCSqGSIb3DQEBCwUAA4IBAQCErxh3KgU4pF+jn4H0n9eu7U3CtXjaSzKw
DL3sZd4C6EVsdLE0L0cczKwGAIffqOHyTRNi1Fjx2zKhCbrTb7CWl/yUjIU6ojId
b8Nfp6dhWYBte/gZ4RaEwUseyMhE4NmhgZhYzbItLuJ/tuPJlrr/RNPAySMV1MnA
woOAB9j+av0SjLB9PnLb97uGKffaEAD/ZYTyqOyT+2Rv77b5xOVtsSK2WQq3hnHL
NUjDBAkQCc0VH0UD/fgIJh95sUmva25Swf4tqCvxtss55hGD56QVY46fOGQN03bb
YA+QD9ibpj4myCQ8+nbEKOhdr4RGP2n6DoX+m+hz1X/YjwfPCQc2
-----END CERTIFICATE-----