Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS202036.roa
File:                     AS202036.roa (raw, json)
Hash identifier:          s3IvwHkH2IbTCknsc7hEhsudxbB+HnDD4ShOyArPsa8=
Subject key identifier:   24:B0:B6:DF:20:F9:8E:2A:96:EC:47:95:3C:72:6B:A5:1D:F9:72:41
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6E60138F0BD6B5DB5F3857CEDFC2B8BDE60DFD28
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS202036.roa
Signing time:             Tue 19 May 2026 07:07:00 +0000
ROA not before:           Tue 19 May 2026 07:02:00 +0000
ROA not after:            Tue 18 May 2027 07:07:00 +0000
asID:                     202036
IP address blocks:        95.134.81.0/24 maxlen: 24
                          178.95.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 May 2026 07:48:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:60:13:8f:0b:d6:b5:db:5f:38:57:ce:df:c2:b8:bd:e6:0d:fd:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 19 07:02:00 2026 GMT
            Not After : May 18 07:07:00 2027 GMT
        Subject: CN=24B0B6DF20F98E2A96EC47953C726BA51DF97241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e5:33:ba:3a:49:69:2a:85:ab:3a:f3:b9:89:
                    f7:1a:c9:4c:46:73:9f:2a:98:36:e7:0f:e7:f9:28:
                    75:bf:25:6f:ca:99:ae:d3:db:9b:2b:c0:c1:28:3f:
                    1a:a0:a9:ab:df:aa:31:46:67:6f:b2:d2:a9:c1:88:
                    93:a3:33:86:4a:ba:a9:c9:46:b3:c0:10:ed:67:87:
                    fd:49:be:fe:e5:ac:b0:85:b2:f0:95:57:9f:9d:f2:
                    4d:71:d8:18:7b:1f:11:be:31:3f:ef:78:b4:f4:ce:
                    e1:44:2d:ff:1b:f3:da:90:8b:f2:64:30:c9:50:6c:
                    0b:bf:9c:4e:6b:ca:3f:f8:9c:52:0d:08:8e:da:24:
                    d9:54:d5:8e:4a:b0:ac:20:e6:35:7d:4e:d9:12:35:
                    9a:78:76:9a:eb:27:cf:b5:0c:f0:2c:98:7c:92:22:
                    9a:a5:3e:34:24:3b:c5:1c:7d:6e:e1:7d:69:00:17:
                    75:b7:dc:9e:2d:e1:57:16:2e:bd:27:17:fa:0b:ee:
                    61:26:db:ba:fe:1c:4a:24:4c:b9:3d:8b:00:8e:11:
                    14:7a:b3:80:ec:1d:b9:8f:21:49:cc:38:8a:b4:4d:
                    e1:07:02:10:3e:e1:3f:fb:45:d8:50:74:34:96:1e:
                    0d:49:6f:a2:8c:eb:f7:bf:e9:fb:9b:a9:40:22:66:
                    5b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:B0:B6:DF:20:F9:8E:2A:96:EC:47:95:3C:72:6B:A5:1D:F9:72:41
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS202036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.81.0/24
                  178.95.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a8:a4:82:97:23:81:90:af:59:13:3d:d5:53:a8:89:c9:03:
         be:29:56:7d:8f:3a:24:00:13:1d:09:b3:ac:81:f1:c2:23:fc:
         05:95:b8:46:27:3f:b8:de:dd:9e:ee:b3:27:2a:db:d1:d5:2b:
         41:a1:2e:fe:c9:b3:f7:60:8a:8b:94:74:8b:4d:ec:dd:07:ab:
         48:53:b3:d9:2c:90:d0:f5:8c:87:da:89:c0:5d:d2:71:22:12:
         f3:ce:ad:bb:39:c2:a1:5b:5c:97:cc:8e:45:5d:f5:a2:4c:e1:
         93:18:3f:f9:64:6a:4c:64:6e:b9:d7:6d:69:35:d9:e9:20:13:
         02:c3:54:9b:79:7f:b0:90:1d:bd:04:07:e8:67:5b:71:6d:7b:
         ea:4e:bf:9b:7d:e8:f9:0a:11:d1:77:dc:2c:f1:bf:49:bf:45:
         10:52:a0:6e:37:9e:a7:5e:c9:83:6a:39:6a:53:57:3b:bd:5f:
         82:f5:69:7b:87:31:05:bd:22:c7:c9:49:f1:cc:79:02:6c:b6:
         ea:e3:b9:23:93:2d:4f:ef:86:f3:10:87:ee:df:72:99:2f:b7:
         d2:56:bf:61:f5:8f:18:de:40:5f:76:84:aa:f0:4f:29:1b:1e:
         4e:7a:7e:c4:ac:ad:b3:a2:2e:c4:9a:01:22:7b:cd:80:60:f0:
         d0:a8:3d:79
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbmATjwvWtdtfOFfO38K4veYN/SgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MTkwNzAyMDBaFw0yNzA1MTgwNzA3MDBaMDMxMTAvBgNV
BAMTKDI0QjBCNkRGMjBGOThFMkE5NkVDNDc5NTNDNzI2QkE1MURGOTcyNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM5TO6OklpKoWrOvO5ifcayUxG
c58qmDbnD+f5KHW/JW/Kma7T25srwMEoPxqgqavfqjFGZ2+y0qnBiJOjM4ZKuqnJ
RrPAEO1nh/1Jvv7lrLCFsvCVV5+d8k1x2Bh7HxG+MT/veLT0zuFELf8b89qQi/Jk
MMlQbAu/nE5ryj/4nFINCI7aJNlU1Y5KsKwg5jV9TtkSNZp4dprrJ8+1DPAsmHyS
IpqlPjQkO8UcfW7hfWkAF3W33J4t4VcWLr0nF/oL7mEm27r+HEokTLk9iwCOERR6
s4DsHbmPIUnMOIq0TeEHAhA+4T/7RdhQdDSWHg1Jb6KM6/e/6fubqUAiZlu/AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUJLC23yD5jiqW7EeVPHJrpR35ckEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAyMDM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4ZR
AwQAsl/3MA0GCSqGSIb3DQEBCwUAA4IBAQBLqKSClyOBkK9ZEz3VU6iJyQO+KVZ9
jzokABMdCbOsgfHCI/wFlbhGJz+43t2e7rMnKtvR1StBoS7+ybP3YIqLlHSLTezd
B6tIU7PZLJDQ9YyH2onAXdJxIhLzzq27OcKhW1yXzI5FXfWiTOGTGD/5ZGpMZG65
121pNdnpIBMCw1SbeX+wkB29BAfoZ1txbXvqTr+bfej5ChHRd9ws8b9Jv0UQUqBu
N56nXsmDajlqU1c7vV+C9Wl7hzEFvSLHyUnxzHkCbLbq47kjky1P74bzEIfu33KZ
L7fSVr9h9Y8Y3kBfdoSq8E8pGx5Oen7ErK2zoi7EmgEie82AYPDQqD15
-----END CERTIFICATE-----