Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          YZz/9ibRWGM5RwszYMFHjI5U2lVTiq2kX4q7DNB4088=
Subject key identifier:   AD:67:77:C4:95:64:20:8E:0C:DF:01:73:68:C6:EB:AD:2D:01:E4:31
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4133DDC3C708022CA50E8941A759500B15D21964
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa
Signing time:             Thu 25 Jun 2026 12:46:25 +0000
ROA not before:           Thu 25 Jun 2026 12:41:25 +0000
ROA not after:            Thu 24 Jun 2027 12:46:25 +0000
asID:                     20326
IP address blocks:        95.135.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Jun 2026 16:30:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:33:dd:c3:c7:08:02:2c:a5:0e:89:41:a7:59:50:0b:15:d2:19:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 25 12:41:25 2026 GMT
            Not After : Jun 24 12:46:25 2027 GMT
        Subject: CN=AD6777C49564208E0CDF017368C6EBAD2D01E431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:59:66:d8:02:8f:46:bf:9f:25:99:32:06:ec:
                    45:3b:14:51:f8:0c:55:de:3f:68:00:98:7c:43:2f:
                    f4:3f:01:2b:0c:b9:7b:b5:a1:a4:21:3c:ec:91:55:
                    65:26:34:1d:60:b8:0f:a4:83:cc:e9:e2:9c:e8:0e:
                    38:f6:cd:94:07:0d:2c:10:72:7c:41:49:18:c4:a9:
                    eb:a4:38:1d:bf:c8:38:c7:47:ea:b1:b3:21:f0:df:
                    cf:a4:cd:24:71:8f:0f:69:4f:62:9e:be:82:4e:09:
                    7d:10:46:2b:93:a4:61:ac:ef:01:61:d0:dd:51:19:
                    f6:59:2e:ce:5c:5d:ed:35:e5:47:56:40:51:b0:49:
                    6e:7f:23:68:2a:9e:16:35:d4:15:88:16:21:f9:46:
                    6e:25:09:de:9c:d5:70:73:34:42:1b:c9:b1:52:ba:
                    83:05:dc:a5:f6:2e:3a:29:f4:b6:e7:9d:8d:79:ec:
                    47:cb:30:9b:a5:d6:51:5d:78:0d:24:56:6d:e3:b3:
                    21:0e:06:d6:2c:c3:73:d1:53:77:d6:8c:af:0e:9c:
                    b7:31:df:e4:83:68:27:a9:15:94:37:e9:d9:fa:d0:
                    09:63:12:2b:35:8c:92:0a:7f:a6:10:73:c1:fb:64:
                    21:89:a3:18:8d:4d:31:ea:42:d1:b3:03:08:69:fa:
                    08:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:67:77:C4:95:64:20:8E:0C:DF:01:73:68:C6:EB:AD:2D:01:E4:31
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:c3:4a:4b:67:46:7b:61:4d:94:49:d1:ee:c4:d9:ad:2c:05:
         d3:9d:99:d5:a8:ff:23:67:2b:be:63:c0:b0:7e:de:36:5c:ad:
         79:9c:21:f3:e1:cd:6e:a7:a5:7a:06:87:22:18:33:c8:92:bf:
         e1:01:76:a4:82:a1:dc:03:05:22:47:f1:65:c2:a5:bc:0a:0a:
         6a:6f:09:74:7d:da:f8:63:af:f7:76:fe:f3:30:fe:c3:c0:57:
         24:72:5b:7d:30:fc:d3:d8:a2:42:32:a5:01:54:d2:e6:d4:f5:
         47:6f:f4:38:29:9d:32:17:1c:a8:81:f3:fe:a8:33:50:02:fd:
         3a:e7:55:5c:5a:09:3f:7b:55:e0:6b:95:ad:36:23:4b:b2:2d:
         03:ff:96:68:51:dc:ce:54:8b:2d:6c:43:38:3f:57:f4:ff:79:
         33:ad:2f:5c:78:88:e4:52:6b:80:fc:7e:80:16:78:86:5b:3f:
         6e:aa:e6:59:0c:c2:d5:74:10:2f:fc:5a:10:bd:43:f2:68:4d:
         87:f4:fc:5d:7f:88:93:23:cf:03:dd:7c:b1:cd:e6:c9:a2:e5:
         c1:b0:b9:83:3c:cb:8f:d0:79:d9:2e:97:d8:61:c3:11:8c:3b:
         4a:9a:6e:8c:6e:5c:0d:39:aa:6b:39:e4:77:ae:29:b6:1d:c8:
         7b:c9:7a:7d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQTPdw8cIAiylDolBp1lQCxXSGWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MjUxMjQxMjVaFw0yNzA2MjQxMjQ2MjVaMDMxMTAvBgNV
BAMTKEFENjc3N0M0OTU2NDIwOEUwQ0RGMDE3MzY4QzZFQkFEMkQwMUU0MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHWWbYAo9Gv58lmTIG7EU7FFH4
DFXeP2gAmHxDL/Q/ASsMuXu1oaQhPOyRVWUmNB1guA+kg8zp4pzoDjj2zZQHDSwQ
cnxBSRjEqeukOB2/yDjHR+qxsyHw38+kzSRxjw9pT2KevoJOCX0QRiuTpGGs7wFh
0N1RGfZZLs5cXe015UdWQFGwSW5/I2gqnhY11BWIFiH5Rm4lCd6c1XBzNEIbybFS
uoMF3KX2Ljop9LbnnY157EfLMJul1lFdeA0kVm3jsyEOBtYsw3PRU3fWjK8OnLcx
3+SDaCepFZQ36dn60AljEis1jJIKf6YQc8H7ZCGJoxiNTTHqQtGzAwhp+gjFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUrWd3xJVkII4M3wFzaMbrrS0B5DEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABfhx4w
DQYJKoZIhvcNAQELBQADggEBAJzDSktnRnthTZRJ0e7E2a0sBdOdmdWo/yNnK75j
wLB+3jZcrXmcIfPhzW6npXoGhyIYM8iSv+EBdqSCodwDBSJH8WXCpbwKCmpvCXR9
2vhjr/d2/vMw/sPAVyRyW30w/NPYokIypQFU0ubU9Udv9DgpnTIXHKiB8/6oM1AC
/TrnVVxaCT97VeBrla02I0uyLQP/lmhR3M5Uiy1sQzg/V/T/eTOtL1x4iORSa4D8
foAWeIZbP26q5lkMwtV0EC/8WhC9Q/JoTYf0/F1/iJMjzwPdfLHN5smi5cGwuYM8
y4/Qedkul9hhwxGMO0qaboxuXA05qms55HeuKbYdyHvJen0=
-----END CERTIFICATE-----