Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/0l9u7U7-JAE9oPOAXydnoK5llfw.roa
File:                     0l9u7U7-JAE9oPOAXydnoK5llfw.roa (raw, json)
Hash identifier:          oY/oS9q71h1EkykDeqhOM86N3ajJJAt9KtXF0lNGiMw=
Subject key identifier:   D2:5F:6E:ED:4E:FE:24:01:3D:A0:F3:80:5F:27:67:A0:AE:65:95:FC
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       01981E31A213E9D9A616356A2237CC874A44
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/0l9u7U7-JAE9oPOAXydnoK5llfw.roa
Signing time:             Fri 18 Jul 2025 15:40:25 +0000
ROA not before:           Fri 18 Jul 2025 15:40:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        95.170.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1e:31:a2:13:e9:d9:a6:16:35:6a:22:37:cc:87:4a:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Jul 18 15:40:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d25f6eed4efe24013da0f3805f2767a0ae6595fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:56:e2:0f:4c:a7:03:bf:7c:1f:38:69:82:df:
                    68:14:36:5c:3e:5c:af:90:af:a3:5e:22:d9:12:76:
                    54:2f:81:f6:f0:a9:a0:44:ca:b6:98:d7:7b:28:88:
                    48:15:a6:4a:13:f5:1a:21:56:20:fc:84:0c:71:79:
                    7c:2d:e4:e2:b2:c4:4e:f8:18:80:e1:95:19:a5:74:
                    07:ae:a0:d2:30:d3:57:30:45:73:43:51:57:fa:7d:
                    27:fb:c2:5f:af:2c:83:d6:58:7c:bf:d2:59:f1:17:
                    13:e6:dc:c6:ec:21:4f:83:34:d5:eb:a7:cb:ff:83:
                    a5:4d:d1:0a:4a:1d:e5:09:02:4a:54:39:93:98:b6:
                    34:d0:71:6f:58:e1:9e:b0:31:59:3f:49:d5:22:83:
                    12:8f:a6:0a:82:16:99:24:59:4b:33:32:ca:b0:ed:
                    6a:2d:53:95:a9:52:61:11:9c:b1:da:e1:4a:31:22:
                    18:fc:73:85:a0:ea:09:2e:0d:e4:a8:83:3b:9e:12:
                    77:4a:2c:ef:e9:02:99:27:7b:78:9c:2f:97:57:61:
                    7c:e5:cc:cc:c5:c7:48:73:8b:da:02:59:d7:15:5b:
                    b8:a5:66:0a:e4:9b:42:d1:e8:69:2a:53:69:b3:1a:
                    2a:76:9d:5f:06:ad:6c:79:bf:65:f5:fa:86:4d:48:
                    2e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:5F:6E:ED:4E:FE:24:01:3D:A0:F3:80:5F:27:67:A0:AE:65:95:FC
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/0l9u7U7-JAE9oPOAXydnoK5llfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:2a:08:da:81:42:b7:2d:02:4b:56:8c:25:75:c4:97:da:78:
         ac:b5:f1:68:ca:03:3d:40:67:13:a8:0e:a5:56:4c:62:06:13:
         56:2f:a1:61:10:87:55:f9:dd:3a:ed:cb:01:51:4d:a6:75:95:
         5c:6d:c1:87:44:ba:f7:f0:64:27:a4:6c:de:ae:49:68:fd:df:
         6e:30:5d:d0:6d:ef:20:91:b6:43:d2:cf:2f:3c:de:c4:c8:e2:
         a3:e7:39:4b:ee:7d:14:f9:59:42:73:4b:48:c1:6f:64:f5:a8:
         75:58:fc:fc:34:08:0b:e7:8e:68:bf:87:dd:20:25:b9:60:2a:
         90:9d:25:05:f7:8e:48:37:39:ad:a4:64:0f:35:7f:fe:40:ac:
         35:5d:f4:05:8b:96:60:80:ec:98:bb:25:85:02:2a:88:10:87:
         54:ff:43:10:4c:39:7d:6a:85:cd:d0:bd:4e:ea:0c:df:ee:a5:
         7f:f7:a7:ea:ba:5b:ff:01:f6:e6:01:98:07:bd:74:dc:98:26:
         6f:fb:4e:8a:af:8d:6c:92:2b:8a:9f:79:22:08:24:52:77:37:
         08:a2:b0:19:1a:72:bb:10:ce:7f:f3:43:9b:4c:fa:0e:27:78:
         c1:fe:42:f8:d6:01:05:4d:14:2b:ec:18:06:a3:24:ff:ac:0a:
         d9:c1:66:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgeMaIT6dmmFjVqIjfMh0pEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUwNzE4MTU0MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjVmNmVlZDRlZmUyNDAxM2RhMGYzODA1ZjI3NjdhMGFlNjU5NWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVbiD0ynA798Hzhpgt9oFDZcPlyv
kK+jXiLZEnZUL4H28KmgRMq2mNd7KIhIFaZKE/UaIVYg/IQMcXl8LeTissRO+BiA
4ZUZpXQHrqDSMNNXMEVzQ1FX+n0n+8JfryyD1lh8v9JZ8RcT5tzG7CFPgzTV66fL
/4OlTdEKSh3lCQJKVDmTmLY00HFvWOGesDFZP0nVIoMSj6YKghaZJFlLMzLKsO1q
LVOVqVJhEZyx2uFKMSIY/HOFoOoJLg3kqIM7nhJ3Sizv6QKZJ3t4nC+XV2F85czM
xcdIc4vaAlnXFVu4pWYK5JtC0ehpKlNpsxoqdp1fBq1seb9l9fqGTUgu3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJfbu1O/iQBPaDzgF8nZ6CuZZX8MB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvMGw5dTdVNy1KQUU5b1BPQVh5ZG5vSzVsbGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oNMA0G
CSqGSIb3DQEBCwUAA4IBAQCBKgjagUK3LQJLVowldcSX2nistfFoygM9QGcTqA6l
VkxiBhNWL6FhEIdV+d067csBUU2mdZVcbcGHRLr38GQnpGzerklo/d9uMF3Qbe8g
kbZD0s8vPN7EyOKj5zlL7n0U+VlCc0tIwW9k9ah1WPz8NAgL545ov4fdICW5YCqQ
nSUF945INzmtpGQPNX/+QKw1XfQFi5ZggOyYuyWFAiqIEIdU/0MQTDl9aoXN0L1O
6gzf7qV/96fqulv/AfbmAZgHvXTcmCZv+06Kr41skiuKn3kiCCRSdzcIorAZGnK7
EM5/80ObTPoOJ3jB/kL41gEFTRQr7BgGoyT/rArZwWYh
-----END CERTIFICATE-----