Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/B9E5JactSyIcFQ6PftrFCykRrtA.roa
File:                     B9E5JactSyIcFQ6PftrFCykRrtA.roa (raw, json)
Hash identifier:          HKP9soP+n5+otLr1WnVLOerw0oovvQB3aHXqFrem9Bk=
Subject key identifier:   07:D1:39:25:A7:2D:4B:22:1C:15:0E:8F:7E:DA:C5:0B:29:11:AE:D0
Certificate issuer:       /CN=20f75069bd56efc5170383ed31cad22464fdf030
Certificate serial:       019E3ECEBD0F61CD951D1D8880C2B29BD6A9
Authority key identifier: 20:F7:50:69:BD:56:EF:C5:17:03:83:ED:31:CA:D2:24:64:FD:F0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPdQab1W78UXA4PtMcrSJGT98DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/B9E5JactSyIcFQ6PftrFCykRrtA.roa
Signing time:             Tue 19 May 2026 05:56:36 +0000
ROA not before:           Tue 19 May 2026 05:56:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33965
IP address blocks:        83.144.192.0/18 maxlen: 24
                          195.162.166.0/24 maxlen: 24
                          2a02:e70::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/IPdQab1W78UXA4PtMcrSJGT98DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/IPdQab1W78UXA4PtMcrSJGT98DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPdQab1W78UXA4PtMcrSJGT98DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3e:ce:bd:0f:61:cd:95:1d:1d:88:80:c2:b2:9b:d6:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f75069bd56efc5170383ed31cad22464fdf030
        Validity
            Not Before: May 19 05:56:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07d13925a72d4b221c150e8f7edac50b2911aed0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:49:5c:82:a4:34:43:a5:e1:ac:eb:90:08:8b:
                    43:3d:53:24:a2:47:ce:de:1b:ef:32:34:f7:db:31:
                    57:99:ec:e5:d4:7a:93:21:fe:17:73:77:9a:4b:d1:
                    d4:d6:81:e9:e9:35:d0:8c:b6:38:66:ef:ab:95:78:
                    bf:04:b8:a2:ec:6f:9e:a0:ba:7e:1a:6c:b1:5f:4c:
                    d5:83:28:91:ee:a3:fc:6d:c4:ae:16:f8:d6:e1:06:
                    0b:42:63:d0:3e:b0:a5:e2:37:d1:c3:1d:26:d3:f3:
                    94:7d:ef:2a:fc:09:3f:da:25:f9:0f:20:e3:2c:e9:
                    e7:0d:7b:25:67:f2:bf:06:fe:a5:fa:1e:40:56:06:
                    c2:d9:15:e5:04:67:09:12:ba:6e:f9:87:50:78:12:
                    84:ad:f1:d9:18:ed:79:b9:d8:21:da:da:55:6d:ab:
                    be:73:9f:21:d7:06:71:be:84:f3:99:73:e3:d8:aa:
                    40:c2:c2:b5:35:75:0a:1b:0c:b3:f8:98:b9:b2:b9:
                    86:9e:5f:d1:f4:57:49:72:e3:dd:87:1a:81:c2:22:
                    40:cd:4f:68:d4:a5:b1:8a:a7:d5:10:10:e2:49:43:
                    41:c7:42:b0:de:8e:df:c6:e9:40:d9:bc:66:83:14:
                    7a:47:fa:17:c6:03:33:79:02:af:df:ae:b8:33:e3:
                    07:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D1:39:25:A7:2D:4B:22:1C:15:0E:8F:7E:DA:C5:0B:29:11:AE:D0
            X509v3 Authority Key Identifier:
                keyid:20:F7:50:69:BD:56:EF:C5:17:03:83:ED:31:CA:D2:24:64:FD:F0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPdQab1W78UXA4PtMcrSJGT98DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/B9E5JactSyIcFQ6PftrFCykRrtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/95cd70-50cd-46bd-8e06-b9705d7d3579/1/IPdQab1W78UXA4PtMcrSJGT98DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.144.192.0/18
                  195.162.166.0/24
                IPv6:
                  2a02:e70::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:db:45:bf:b3:5c:95:fc:1e:eb:a5:ac:67:d4:44:44:96:17:
         65:29:c0:77:41:31:c7:ed:e3:22:b1:9c:8d:ae:ec:f6:34:c5:
         22:72:c5:3a:09:bd:85:12:29:b7:d2:a4:82:ce:a1:c4:b3:6e:
         09:5c:19:86:91:93:91:af:12:75:0b:d3:ca:05:96:34:50:6f:
         8e:37:41:a0:29:4e:8f:5f:d5:57:9e:60:dd:ed:0c:1a:be:c3:
         7b:24:42:4b:ea:69:0a:fe:9a:70:24:b6:84:11:16:60:40:ce:
         b8:81:8d:80:a2:fc:f1:52:c7:7f:6d:35:89:81:48:ac:49:09:
         3b:6b:7d:83:c8:fe:31:f8:bd:12:6b:68:0c:39:61:db:23:95:
         6f:6c:33:d9:19:97:9f:43:52:37:65:2e:44:e4:bc:7a:75:40:
         6b:28:11:08:4d:8f:5d:e2:67:13:eb:60:c2:34:31:8f:23:ea:
         2a:d3:2a:9b:58:6d:8d:b5:03:96:22:b3:e9:74:9b:f7:a7:b1:
         e1:61:ef:58:c9:e9:6a:e3:ab:7f:f9:cb:62:67:06:89:66:e6:
         b5:d7:b0:c7:0e:78:13:fa:8b:0a:73:32:c9:72:d0:00:d2:5a:
         20:38:39:d1:e8:9a:3c:fc:e7:80:1b:5b:f1:ca:7c:0f:73:59:
         eb:ff:5f:9a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ4+zr0PYc2VHR2IgMKym9apMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjc1MDY5YmQ1NmVmYzUxNzAzODNlZDMxY2FkMjI0NjRm
ZGYwMzAwHhcNMjYwNTE5MDU1NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2QxMzkyNWE3MmQ0YjIyMWMxNTBlOGY3ZWRhYzUwYjI5MTFhZWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApElcgqQ0Q6XhrOuQCItDPVMkokfO
3hvvMjT32zFXmezl1HqTIf4Xc3eaS9HU1oHp6TXQjLY4Zu+rlXi/BLii7G+eoLp+
GmyxX0zVgyiR7qP8bcSuFvjW4QYLQmPQPrCl4jfRwx0m0/OUfe8q/Ak/2iX5DyDj
LOnnDXslZ/K/Bv6l+h5AVgbC2RXlBGcJErpu+YdQeBKErfHZGO15udgh2tpVbau+
c58h1wZxvoTzmXPj2KpAwsK1NXUKGwyz+Ji5srmGnl/R9FdJcuPdhxqBwiJAzU9o
1KWxiqfVEBDiSUNBx0Kw3o7fxulA2bxmgxR6R/oXxgMzeQKv3664M+MHEwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAfROSWnLUsiHBUOj37axQspEa7QMB8GA1UdIwQY
MBaAFCD3UGm9Vu/FFwOD7THK0iRk/fAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBkUWFiMVc3OFVYQTRQdE1jclNKR1Q5OERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC85NWNkNzAtNTBjZC00NmJkLThlMDYt
Yjk3MDVkN2QzNTc5LzEvQjlFNUphY3RTeUljRlE2UGZ0ckZDeWtScnRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC85NWNkNzAtNTBjZC00NmJkLThlMDYtYjk3MDVkN2QzNTc5
LzEvSVBkUWFiMVc3OFVYQTRQdE1jclNKR1Q5OERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGU5DAAwQA
w6KmMA0EAgACMAcDBQAqAg5wMA0GCSqGSIb3DQEBCwUAA4IBAQBQ20W/s1yV/B7r
paxn1ERElhdlKcB3QTHH7eMisZyNruz2NMUicsU6Cb2FEim30qSCzqHEs24JXBmG
kZORrxJ1C9PKBZY0UG+ON0GgKU6PX9VXnmDd7QwavsN7JEJL6mkK/ppwJLaEERZg
QM64gY2AovzxUsd/bTWJgUisSQk7a32DyP4x+L0Sa2gMOWHbI5VvbDPZGZefQ1I3
ZS5E5Lx6dUBrKBEITY9d4mcT62DCNDGPI+oq0yqbWG2NtQOWIrPpdJv3p7HhYe9Y
yelq46t/+ctiZwaJZua117DHDngT+osKczLJctAA0logODnR6Jo8/OeAG1vxynwP
c1nr/1+a
-----END CERTIFICATE-----