Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/f52efd-73ff-4624-9d27-9a901f5e4263/1/VnSCYq6QQmv1dE1dnE9cYopj4go.roa
File:                     VnSCYq6QQmv1dE1dnE9cYopj4go.roa (raw, json)
Hash identifier:          FEXjLTkNb7gfw7oBQ9cLz74ByuIdmIEBC39hpvpBVm0=
Subject key identifier:   56:74:82:62:AE:90:42:6B:F5:74:4D:5D:9C:4F:5C:62:8A:63:E2:0A
Certificate issuer:       /CN=bbe908e8a3e0a5ad7dda95c06138537d66eaa341
Certificate serial:       019DF223DAC736AA18C77E3FAB4535996EB4
Authority key identifier: BB:E9:08:E8:A3:E0:A5:AD:7D:DA:95:C0:61:38:53:7D:66:EA:A3:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u-kI6KPgpa192pXAYThTfWbqo0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/f52efd-73ff-4624-9d27-9a901f5e4263/1/VnSCYq6QQmv1dE1dnE9cYopj4go.roa
Signing time:             Mon 04 May 2026 08:38:49 +0000
ROA not before:           Mon 04 May 2026 08:38:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199552
IP address blocks:        195.95.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/f52efd-73ff-4624-9d27-9a901f5e4263/1/u-kI6KPgpa192pXAYThTfWbqo0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/f52efd-73ff-4624-9d27-9a901f5e4263/1/u-kI6KPgpa192pXAYThTfWbqo0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u-kI6KPgpa192pXAYThTfWbqo0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 17 May 2026 12:40:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:23:da:c7:36:aa:18:c7:7e:3f:ab:45:35:99:6e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbe908e8a3e0a5ad7dda95c06138537d66eaa341
        Validity
            Not Before: May  4 08:38:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56748262ae90426bf5744d5d9c4f5c628a63e20a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:96:7f:ac:20:17:b8:21:2e:d5:d4:96:6d:7a:
                    39:64:8f:82:27:20:a8:8a:3a:e5:5d:96:ac:cc:3b:
                    b2:fa:8d:a8:e3:ab:16:53:e1:72:68:7b:f1:13:65:
                    b4:a6:f6:c2:93:38:96:62:b7:ec:23:69:78:6b:c7:
                    3d:45:4e:0d:a9:b4:61:1e:69:c9:3a:68:1b:9a:3b:
                    1b:fc:4b:9a:08:e8:85:d3:05:92:bc:3e:d8:a6:ac:
                    86:5d:c2:2c:60:d6:90:01:0c:22:c2:3f:b7:87:95:
                    33:00:98:5f:ff:47:ee:be:18:f0:1a:f5:75:6c:55:
                    3b:dc:a0:0e:a0:e4:8c:ce:2c:f3:1d:86:13:01:c9:
                    76:6f:4d:83:cc:33:af:79:84:8c:c8:3d:c5:56:19:
                    88:7e:d2:2e:fa:d3:01:ef:51:58:65:0f:d3:ec:a0:
                    33:76:47:e6:d2:c4:48:80:91:b7:53:97:48:2c:38:
                    3b:7e:48:5e:d5:6f:b2:21:d0:3b:b5:27:45:06:bc:
                    57:c9:b0:dc:26:82:6a:bb:39:33:39:3f:c3:3d:e1:
                    70:00:d2:b7:16:33:6f:d6:07:43:27:f1:cb:e4:4f:
                    54:2f:56:d0:22:59:95:6e:d5:05:11:26:de:ac:72:
                    41:21:bd:d4:2d:01:c7:5b:31:5f:7a:e3:11:71:a7:
                    8c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:74:82:62:AE:90:42:6B:F5:74:4D:5D:9C:4F:5C:62:8A:63:E2:0A
            X509v3 Authority Key Identifier:
                keyid:BB:E9:08:E8:A3:E0:A5:AD:7D:DA:95:C0:61:38:53:7D:66:EA:A3:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u-kI6KPgpa192pXAYThTfWbqo0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/f52efd-73ff-4624-9d27-9a901f5e4263/1/VnSCYq6QQmv1dE1dnE9cYopj4go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/f52efd-73ff-4624-9d27-9a901f5e4263/1/u-kI6KPgpa192pXAYThTfWbqo0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:be:7b:fe:ec:97:f4:19:e8:c1:90:99:96:52:ad:2b:3f:25:
         a0:41:1e:70:7a:19:4d:90:02:da:0e:14:e0:01:a9:b3:2c:85:
         8d:1b:6e:11:d8:35:df:62:e0:ae:34:49:65:f7:8f:33:4f:59:
         1b:06:ae:66:c6:36:e7:f3:67:ef:0b:a3:15:89:5f:09:85:4f:
         38:ba:5f:5b:2e:c1:75:42:c1:01:ef:77:7f:ac:df:a1:0a:d0:
         c3:db:ff:be:49:b1:6f:51:fd:83:b0:92:62:45:69:8e:99:79:
         68:f2:c8:1a:e1:04:c5:13:a2:7c:59:ac:db:f1:89:7c:ea:4d:
         fa:54:62:8f:68:91:cc:df:6a:be:ae:65:3c:34:00:e2:a1:af:
         8a:9d:e7:22:f6:d7:33:e6:00:f7:1c:ac:7e:74:2e:e2:5d:27:
         09:61:db:fd:32:0c:d6:df:fe:e1:4a:fa:c7:41:f0:0e:30:39:
         31:a0:15:24:1a:eb:a6:fd:44:3a:76:64:7d:8d:37:cd:c6:eb:
         b7:f3:f1:a1:0c:5a:73:ff:c9:dd:f2:33:26:33:f0:a2:e9:84:
         e7:fd:1f:35:51:5f:ad:c4:ca:ca:e5:3a:ed:45:17:e9:0f:df:
         6f:ff:74:37:5b:23:8e:bb:d9:e8:a4:8b:0b:0e:4c:e9:9f:66:
         d8:54:2f:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3yI9rHNqoYx34/q0U1mW60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZTkwOGU4YTNlMGE1YWQ3ZGRhOTVjMDYxMzg1MzdkNjZl
YWEzNDEwHhcNMjYwNTA0MDgzODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Njc0ODI2MmFlOTA0MjZiZjU3NDRkNWQ5YzRmNWM2MjhhNjNlMjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZZ/rCAXuCEu1dSWbXo5ZI+CJyCo
ijrlXZaszDuy+o2o46sWU+FyaHvxE2W0pvbCkziWYrfsI2l4a8c9RU4NqbRhHmnJ
Omgbmjsb/EuaCOiF0wWSvD7YpqyGXcIsYNaQAQwiwj+3h5UzAJhf/0fuvhjwGvV1
bFU73KAOoOSMzizzHYYTAcl2b02DzDOveYSMyD3FVhmIftIu+tMB71FYZQ/T7KAz
dkfm0sRIgJG3U5dILDg7fkhe1W+yIdA7tSdFBrxXybDcJoJquzkzOT/DPeFwANK3
FjNv1gdDJ/HL5E9UL1bQIlmVbtUFESberHJBIb3ULQHHWzFfeuMRcaeMEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZ0gmKukEJr9XRNXZxPXGKKY+IKMB8GA1UdIwQY
MBaAFLvpCOij4KWtfdqVwGE4U31m6qNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdS1rSTZLUGdwYTE5MnBYQVlUaFRmV2JxbzBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9mNTJlZmQtNzNmZi00NjI0LTlkMjct
OWE5MDFmNWU0MjYzLzEvVm5TQ1lxNlFRbXYxZEUxZG5FOWNZb3BqNGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9mNTJlZmQtNzNmZi00NjI0LTlkMjctOWE5MDFmNWU0MjYz
LzEvdS1rSTZLUGdwYTE5MnBYQVlUaFRmV2JxbzBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+wMA0G
CSqGSIb3DQEBCwUAA4IBAQAXvnv+7Jf0GejBkJmWUq0rPyWgQR5wehlNkALaDhTg
AamzLIWNG24R2DXfYuCuNEll948zT1kbBq5mxjbn82fvC6MViV8JhU84ul9bLsF1
QsEB73d/rN+hCtDD2/++SbFvUf2DsJJiRWmOmXlo8sga4QTFE6J8Wazb8Yl86k36
VGKPaJHM32q+rmU8NADioa+Kneci9tcz5gD3HKx+dC7iXScJYdv9MgzW3/7hSvrH
QfAOMDkxoBUkGuum/UQ6dmR9jTfNxuu38/GhDFpz/8nd8jMmM/Ci6YTn/R81UV+t
xMrK5TrtRRfpD99v/3Q3WyOOu9nopIsLDkzpn2bYVC/f
-----END CERTIFICATE-----