Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/GRzget217Aq0ecWli8x7_zJ6neE.roa
File:                     GRzget217Aq0ecWli8x7_zJ6neE.roa (raw, json)
Hash identifier:          CY2GikLQYoWTrEF7hrznObW7Yqrk27oq5FD0igjVs3w=
Subject key identifier:   19:1C:E0:7A:DD:B5:EC:0A:B4:79:C5:A5:8B:CC:7B:FF:32:7A:9D:E1
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019D421C34CDF92502F8219F3C5C562DE175
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/GRzget217Aq0ecWli8x7_zJ6neE.roa
Signing time:             Tue 31 Mar 2026 04:17:17 +0000
ROA not before:           Tue 31 Mar 2026 04:17:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142146
IP address blocks:        95.173.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:42:1c:34:cd:f9:25:02:f8:21:9f:3c:5c:56:2d:e1:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 31 04:17:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=191ce07addb5ec0ab479c5a58bcc7bff327a9de1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:22:4d:36:c5:29:ed:40:65:5d:70:09:f8:31:
                    64:fd:29:32:8a:0c:fa:50:0c:0b:99:35:6e:6e:3b:
                    15:a0:5e:28:91:e9:17:a8:4c:8d:f5:75:0c:8f:93:
                    44:99:3e:7a:66:77:79:64:54:ac:46:87:a2:8d:d5:
                    1f:df:fe:a7:e2:9e:94:7d:ce:c9:fc:3e:45:5a:81:
                    4f:5d:46:1e:37:8f:5f:ec:3d:19:13:e6:70:18:8a:
                    5b:b9:46:9f:c8:11:79:64:60:0d:53:4e:fc:80:60:
                    7e:e5:f3:be:17:a2:2b:3c:b4:34:58:5f:c7:2c:f1:
                    87:52:8c:a8:2a:51:cf:46:0d:fc:19:d6:67:3b:ca:
                    70:86:f0:c2:28:ac:f4:d4:d6:3f:bf:4c:b1:86:1c:
                    e8:a1:b2:88:07:96:9b:a2:14:e6:87:44:7b:43:d7:
                    e4:4e:e9:2d:1d:b3:b4:5e:bc:93:9f:76:ae:3b:4b:
                    ae:11:9c:a1:98:6e:d6:b7:92:b8:b2:ff:91:e2:6b:
                    d9:2f:28:ab:4a:4e:83:e5:af:1b:60:a9:79:ac:37:
                    3d:8c:da:64:81:b9:c8:e2:92:0a:37:04:8b:3f:85:
                    0c:68:52:b6:79:f4:ed:64:53:40:9c:d5:1a:fc:6c:
                    35:3b:f5:be:d7:9b:08:ef:88:bb:b5:0e:92:95:f0:
                    4f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:1C:E0:7A:DD:B5:EC:0A:B4:79:C5:A5:8B:CC:7B:FF:32:7A:9D:E1
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/GRzget217Aq0ecWli8x7_zJ6neE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:9a:23:92:35:6b:f8:cc:8a:0e:15:9f:f0:74:03:f3:a9:55:
         3c:21:82:ce:55:d1:de:2f:c9:ef:c4:66:96:68:b1:7a:0e:81:
         0d:55:31:a2:dd:a0:42:5c:1b:81:f0:6c:54:fb:ef:76:cd:e3:
         35:b6:db:b6:75:94:f0:e5:74:46:1f:9a:26:af:13:19:72:32:
         18:46:7d:90:00:7d:91:a8:37:9f:fb:01:4d:0a:18:b0:d6:16:
         94:bc:29:9d:60:3e:cb:56:dd:0b:8c:31:60:70:57:35:f2:01:
         9a:c1:51:06:2c:ac:7f:16:d1:e5:7b:07:f8:d6:a0:ba:e2:4b:
         de:3e:9e:a8:b8:4c:50:fc:65:e8:88:4c:5f:4a:6d:50:fe:13:
         f9:0f:8d:c0:99:a3:a5:77:59:dd:e3:36:c3:13:34:0b:e8:6a:
         85:55:aa:af:c9:c8:cd:93:5d:f2:ee:0e:83:8a:43:ff:60:e6:
         9a:21:d3:f4:c6:0b:ac:26:34:66:53:c9:4b:d2:fe:38:6e:cc:
         9c:1b:42:5d:72:f7:e6:91:cb:73:b7:d7:28:56:7b:dc:a8:02:
         0e:42:2e:ca:8b:5f:79:9b:54:67:2f:fa:59:39:08:ae:83:87:
         3e:06:21:4b:a8:19:c1:46:b2:6f:71:29:fe:0b:fe:eb:41:ac:
         ad:42:4a:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1CHDTN+SUC+CGfPFxWLeF1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMzMxMDQxNzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTFjZTA3YWRkYjVlYzBhYjQ3OWM1YTU4YmNjN2JmZjMyN2E5ZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iJNNsUp7UBlXXAJ+DFk/Skyigz6
UAwLmTVubjsVoF4okekXqEyN9XUMj5NEmT56Znd5ZFSsRoeijdUf3/6n4p6Ufc7J
/D5FWoFPXUYeN49f7D0ZE+ZwGIpbuUafyBF5ZGANU078gGB+5fO+F6IrPLQ0WF/H
LPGHUoyoKlHPRg38GdZnO8pwhvDCKKz01NY/v0yxhhzoobKIB5abohTmh0R7Q9fk
TuktHbO0XryTn3auO0uuEZyhmG7Wt5K4sv+R4mvZLyirSk6D5a8bYKl5rDc9jNpk
gbnI4pIKNwSLP4UMaFK2efTtZFNAnNUa/Gw1O/W+15sI74i7tQ6SlfBPZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkc4HrdtewKtHnFpYvMe/8yep3hMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvR1J6Z2V0MjE3QXEwZWNXbGk4eDdfeko2bmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX608MA0G
CSqGSIb3DQEBCwUAA4IBAQAtmiOSNWv4zIoOFZ/wdAPzqVU8IYLOVdHeL8nvxGaW
aLF6DoENVTGi3aBCXBuB8GxU++92zeM1ttu2dZTw5XRGH5omrxMZcjIYRn2QAH2R
qDef+wFNChiw1haUvCmdYD7LVt0LjDFgcFc18gGawVEGLKx/FtHlewf41qC64kve
Pp6ouExQ/GXoiExfSm1Q/hP5D43AmaOld1nd4zbDEzQL6GqFVaqvycjNk13y7g6D
ikP/YOaaIdP0xgusJjRmU8lL0v44bsycG0Jdcvfmkctzt9coVnvcqAIOQi7Ki195
m1RnL/pZOQiug4c+BiFLqBnBRrJvcSn+C/7rQaytQkrK
-----END CERTIFICATE-----