Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          IXrJ5j+i+K7eIgzimd1VqgX+OOrVT4x9nyQ6aEvSYFA=
Subject key identifier:   90:D5:B9:3A:55:5A:F9:13:D7:31:A3:90:87:6A:49:B5:C3:35:01:9A
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5457BEB0336CFBF90F184A686ACE3BDD142949E5
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa
Signing time:             Mon 01 Sep 2025 06:31:57 +0000
ROA not before:           Mon 01 Sep 2025 06:26:57 +0000
ROA not after:            Mon 31 Aug 2026 06:31:57 +0000
asID:                     20326
IP address blocks:        178.95.32.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 23:05:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:57:be:b0:33:6c:fb:f9:0f:18:4a:68:6a:ce:3b:dd:14:29:49:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep  1 06:26:57 2025 GMT
            Not After : Aug 31 06:31:57 2026 GMT
        Subject: CN=90D5B93A555AF913D731A390876A49B5C335019A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a4:d9:e3:c2:f7:86:a0:ab:8a:df:0d:d1:4f:
                    8c:38:36:a7:8a:40:39:cc:8b:14:00:d5:c0:88:c3:
                    37:82:f4:e1:bc:e4:59:8a:b2:bf:d8:e4:0c:83:fc:
                    81:af:04:7a:bb:c0:b6:cb:45:ea:6a:bb:78:39:27:
                    ca:41:e1:66:42:ac:16:f6:6c:1a:fb:e5:fc:11:5a:
                    53:7b:eb:2b:8c:23:ae:d5:14:98:2b:24:8e:93:86:
                    29:2d:a6:9d:07:6f:ff:39:2f:0b:9e:23:41:d8:fc:
                    d5:fe:e2:3d:a4:e2:08:6b:f9:ca:49:54:93:20:4b:
                    ea:29:1b:9e:51:5f:7f:04:61:90:a2:d9:a2:17:35:
                    2d:52:da:30:24:83:d7:2f:bd:12:7b:bf:7e:58:8f:
                    86:78:27:2a:6c:ff:f7:54:22:22:eb:35:12:a2:77:
                    38:a1:ec:a6:50:55:11:59:28:a4:31:48:51:ca:3b:
                    f8:7c:7a:2c:81:60:27:1d:31:5f:b9:99:52:91:2d:
                    ba:20:79:07:e8:54:44:31:3e:38:0a:59:d8:a2:98:
                    bd:c0:8a:16:f0:70:c2:5e:84:96:7e:6b:d9:af:60:
                    bb:01:40:ea:bb:d5:24:62:cb:66:17:3d:d4:29:ae:
                    a0:eb:58:2f:f2:bf:91:38:6d:4a:64:cc:a8:52:e8:
                    38:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D5:B9:3A:55:5A:F9:13:D7:31:A3:90:87:6A:49:B5:C3:35:01:9A
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         40:80:0b:11:a3:56:84:93:de:8a:63:a6:ba:94:42:93:d3:18:
         d1:03:47:29:38:af:70:81:47:75:8c:65:7a:52:b7:b0:a4:e8:
         76:38:2b:0a:98:67:1e:26:e8:f7:17:83:50:33:fd:f9:f7:9d:
         0e:69:6d:67:08:4b:f2:67:86:45:e8:92:ea:76:ed:1c:4b:df:
         b6:69:1e:71:77:1e:74:a1:87:33:88:95:31:fa:58:6b:e0:48:
         e7:a5:9c:f9:b3:fc:f5:30:4c:64:6f:d4:f2:e4:63:b6:70:20:
         43:9d:2c:ce:0e:fe:d1:4a:e8:8d:ab:8e:1a:3a:eb:6e:09:e3:
         16:56:d3:66:03:89:ac:57:24:81:4a:62:f9:c9:72:8f:ac:0e:
         02:e5:47:85:ea:05:c1:a3:9a:53:3a:19:a9:2d:7d:08:cb:8d:
         e3:c9:5c:4a:d5:8c:87:1b:9a:c1:7c:b5:00:eb:b2:31:39:3a:
         0b:30:88:78:b8:9f:5a:2f:d1:77:42:9c:d3:a9:2c:ac:79:08:
         84:c1:96:6d:96:31:42:70:78:9d:bf:24:18:1f:e1:d7:dd:0c:
         4e:f0:58:d3:d2:ff:e8:37:a8:66:24:11:f3:eb:2e:e7:cc:e4:
         d5:ea:22:38:77:ab:0e:23:85:63:3e:4e:b7:91:53:af:41:8a:
         90:bd:46:7e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVFe+sDNs+/kPGEpoas473RQpSeUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MDEwNjI2NTdaFw0yNjA4MzEwNjMxNTdaMDMxMTAvBgNV
BAMTKDkwRDVCOTNBNTU1QUY5MTNENzMxQTM5MDg3NkE0OUI1QzMzNTAxOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClpNnjwveGoKuK3w3RT4w4NqeK
QDnMixQA1cCIwzeC9OG85FmKsr/Y5AyD/IGvBHq7wLbLRepqu3g5J8pB4WZCrBb2
bBr75fwRWlN76yuMI67VFJgrJI6Thiktpp0Hb/85LwueI0HY/NX+4j2k4ghr+cpJ
VJMgS+opG55RX38EYZCi2aIXNS1S2jAkg9cvvRJ7v35Yj4Z4Jyps//dUIiLrNRKi
dzih7KZQVRFZKKQxSFHKO/h8eiyBYCcdMV+5mVKRLbogeQfoVEQxPjgKWdiimL3A
ihbwcMJehJZ+a9mvYLsBQOq71SRiy2YXPdQprqDrWC/yv5E4bUpkzKhS6DgnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUkNW5OlVa+RPXMaOQh2pJtcM1AZowHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBASyXyAw
DQYJKoZIhvcNAQELBQADggEBAECACxGjVoST3opjprqUQpPTGNEDRyk4r3CBR3WM
ZXpSt7Ck6HY4KwqYZx4m6PcXg1Az/fn3nQ5pbWcIS/JnhkXokup27RxL37ZpHnF3
HnShhzOIlTH6WGvgSOelnPmz/PUwTGRv1PLkY7ZwIEOdLM4O/tFK6I2rjho6624J
4xZW02YDiaxXJIFKYvnJco+sDgLlR4XqBcGjmlM6GaktfQjLjePJXErVjIcbmsF8
tQDrsjE5OgswiHi4n1ov0XdCnNOpLKx5CITBlm2WMUJweJ2/JBgf4dfdDE7wWNPS
/+g3qGYkEfPrLufM5NXqIjh3qw4jhWM+TreRU69BipC9Rn4=
-----END CERTIFICATE-----