Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          PyPZyyCW0FrpxvQCNyPMmdjO9BY21JhuOSS0qfPhwkE=
Subject key identifier:   42:56:23:F1:05:FC:0F:CC:55:B4:85:81:54:D0:7C:3C:DD:F9:7D:84
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       68ED414978A3535929F95C1582998BBE8C9DF616
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa
Signing time:             Fri 25 Apr 2025 21:30:32 +0000
ROA not before:           Fri 25 Apr 2025 21:25:32 +0000
ROA not after:            Fri 24 Apr 2026 21:30:32 +0000
asID:                     20326
IP address blocks:        95.134.60.0/22 maxlen: 22
                          95.134.160.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:ed:41:49:78:a3:53:59:29:f9:5c:15:82:99:8b:be:8c:9d:f6:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 25 21:25:32 2025 GMT
            Not After : Apr 24 21:30:32 2026 GMT
        Subject: CN=425623F105FC0FCC55B4858154D07C3CDDF97D84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ce:79:37:a0:47:37:07:5b:28:42:e2:5b:99:
                    92:19:8d:ac:9c:c0:5d:9c:73:89:3d:2f:8a:a6:66:
                    fe:c9:8c:b0:9e:c8:de:9d:dd:6a:09:00:52:11:aa:
                    ef:75:d8:2b:9e:0d:1b:a8:69:51:94:c8:47:b4:3d:
                    b5:ea:89:fd:08:23:5a:ef:21:35:30:ce:9e:45:4e:
                    04:c4:b1:d7:a9:95:73:be:55:0c:7a:5e:51:79:24:
                    3b:4f:80:92:03:ab:7b:38:da:30:56:3c:b3:7d:b9:
                    b1:25:6d:5c:bb:4f:cb:d7:3e:25:69:08:17:00:4b:
                    38:50:34:d7:03:83:d1:f9:4c:7a:a4:1c:b7:68:31:
                    0c:95:c3:48:60:8c:b1:3d:08:74:6c:dc:cb:66:7d:
                    4a:e5:d8:45:e8:e9:63:14:11:db:b3:a4:c5:dc:3e:
                    18:5e:63:c0:4b:9f:3c:65:e0:5b:c9:2c:7f:f0:17:
                    b3:5d:f5:ae:29:2b:c3:a0:ff:18:ee:c0:35:20:7b:
                    89:0f:e0:68:f7:0a:d5:b5:f7:52:f9:5d:90:f0:35:
                    da:f8:80:2a:41:98:d7:09:8b:03:09:59:f8:07:ca:
                    6e:a3:48:98:e4:cd:4f:27:39:5b:5c:c3:ba:78:80:
                    66:bf:2c:a7:20:09:fb:ec:48:cc:10:1e:9d:d4:28:
                    64:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:56:23:F1:05:FC:0F:CC:55:B4:85:81:54:D0:7C:3C:DD:F9:7D:84
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.60.0/22
                  95.134.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:02:d6:da:1a:ec:59:c1:1c:f0:6b:bc:af:bd:d2:df:36:35:
         ad:40:dd:d1:06:c0:c9:f0:73:3f:55:83:ee:91:10:4d:4f:08:
         ab:ba:c8:38:ce:d3:e3:fe:ed:35:6d:96:eb:ff:f4:86:11:f7:
         7a:66:ce:44:04:b6:f5:b3:81:58:12:52:3b:45:93:a5:3b:7b:
         42:56:fd:6f:bd:11:c2:8e:98:c0:7f:51:7f:54:f0:ff:9f:87:
         b7:e4:65:91:39:cc:18:f2:51:44:55:c5:64:d9:eb:0a:e8:a6:
         36:f4:2c:48:2b:cf:aa:21:46:3b:2e:c0:e6:82:a2:90:c8:5d:
         d1:33:6b:33:d9:69:88:c9:6b:f9:ba:c2:66:dd:f3:91:ab:90:
         b5:60:b2:89:27:e4:a4:54:5d:3b:d2:9b:5c:32:54:ad:31:a2:
         52:8b:a6:30:07:2b:a4:ba:26:c0:60:1f:3b:dd:9f:67:51:06:
         75:03:23:a7:7c:b7:65:20:54:23:3c:fb:62:65:6c:bb:08:a5:
         16:c8:53:ef:65:43:b7:71:3c:fd:63:40:48:85:60:f6:6e:7a:
         0e:a1:ef:91:be:25:2e:84:17:06:cd:b1:6c:45:6e:09:1c:1d:
         bb:77:01:e3:45:e3:49:de:03:7e:b8:2e:e9:7f:59:1b:51:9a:
         9b:80:db:35
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUaO1BSXijU1kp+VwVgpmLvoyd9hYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MjUyMTI1MzJaFw0yNjA0MjQyMTMwMzJaMDMxMTAvBgNV
BAMTKDQyNTYyM0YxMDVGQzBGQ0M1NUI0ODU4MTU0RDA3QzNDRERGOTdEODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGznk3oEc3B1soQuJbmZIZjayc
wF2cc4k9L4qmZv7JjLCeyN6d3WoJAFIRqu912CueDRuoaVGUyEe0PbXqif0II1rv
ITUwzp5FTgTEsdeplXO+VQx6XlF5JDtPgJIDq3s42jBWPLN9ubElbVy7T8vXPiVp
CBcASzhQNNcDg9H5THqkHLdoMQyVw0hgjLE9CHRs3MtmfUrl2EXo6WMUEduzpMXc
PhheY8BLnzxl4FvJLH/wF7Nd9a4pK8Og/xjuwDUge4kP4Gj3CtW191L5XZDwNdr4
gCpBmNcJiwMJWfgHym6jSJjkzU8nOVtcw7p4gGa/LKcgCfvsSMwQHp3UKGSFAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUQlYj8QX8D8xVtIWBVNB8PN35fYQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAJfhjwD
BAJfhqAwDQYJKoZIhvcNAQELBQADggEBABIC1toa7FnBHPBrvK+90t82Na1A3dEG
wMnwcz9Vg+6REE1PCKu6yDjO0+P+7TVtluv/9IYR93pmzkQEtvWzgVgSUjtFk6U7
e0JW/W+9EcKOmMB/UX9U8P+fh7fkZZE5zBjyUURVxWTZ6wropjb0LEgrz6ohRjsu
wOaCopDIXdEzazPZaYjJa/m6wmbd85GrkLVgsokn5KRUXTvSm1wyVK0xolKLpjAH
K6S6JsBgHzvdn2dRBnUDI6d8t2UgVCM8+2JlbLsIpRbIU+9lQ7dxPP1jQEiFYPZu
eg6h75G+JS6EFwbNsWxFbgkcHbt3AeNF40neA364Lul/WRtRmpuA2zU=
-----END CERTIFICATE-----