Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/2fACuJecAc-smwkteOGVyDmQwaw.roa
File:                     2fACuJecAc-smwkteOGVyDmQwaw.roa (raw, json)
Hash identifier:          viMl4YuUNqgc5sNwoMnn50MgLIKYr6T6TslDseVt1Hs=
Subject key identifier:   D9:F0:02:B8:97:9C:01:CF:AC:9B:09:2D:78:E1:95:C8:39:90:C1:AC
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019808F2396D169904BA04BB5D8E744F2DF3
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/2fACuJecAc-smwkteOGVyDmQwaw.roa
Signing time:             Mon 14 Jul 2025 12:39:08 +0000
ROA not before:           Mon 14 Jul 2025 12:39:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213607
IP address blocks:        95.170.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:f2:39:6d:16:99:04:ba:04:bb:5d:8e:74:4f:2d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Jul 14 12:39:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9f002b8979c01cfac9b092d78e195c83990c1ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:48:f1:7e:c7:a5:dd:45:af:47:85:b5:56:a2:
                    74:25:f4:b4:8d:ba:e0:1c:84:34:e7:6e:7b:4e:f7:
                    18:ac:85:42:8a:16:5c:88:1b:c0:ef:53:14:19:f0:
                    16:da:b1:dc:82:e2:53:54:03:a4:89:e3:04:22:43:
                    92:57:b9:0e:4b:39:d8:f2:6e:f0:98:87:8f:30:67:
                    c2:ed:a8:1b:97:83:49:23:b2:2a:41:38:25:e0:5d:
                    ac:7d:f3:ad:2f:ad:73:a1:d9:e4:7c:cc:be:c1:9b:
                    b2:03:c6:44:44:e4:ce:72:0c:aa:0b:c2:a7:fc:71:
                    73:f1:ec:05:5a:b6:8e:b1:87:f6:53:fe:59:3e:4e:
                    ab:a8:12:a1:9e:21:7e:c4:a1:fc:ff:6f:d0:a7:88:
                    37:38:81:12:c8:eb:87:07:8f:00:36:ff:db:2e:e3:
                    ed:67:16:85:ef:ba:32:83:52:0e:de:47:a1:9c:7d:
                    77:86:1c:6a:00:cb:54:33:e9:8f:99:b8:da:67:2e:
                    53:59:f0:f9:de:66:76:47:1d:21:3b:49:6e:5a:44:
                    33:6c:8a:ee:f1:5d:c2:89:42:22:7d:a1:78:49:6b:
                    08:3d:8b:ca:93:f4:ae:bd:bf:e5:45:a9:d3:07:7b:
                    dc:fd:b4:bd:a0:d9:4f:51:12:ce:23:c0:86:ad:1a:
                    93:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F0:02:B8:97:9C:01:CF:AC:9B:09:2D:78:E1:95:C8:39:90:C1:AC
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/2fACuJecAc-smwkteOGVyDmQwaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:04:7f:9d:10:89:77:28:6e:eb:36:1d:29:28:00:66:9f:ba:
         0d:e4:7e:6f:fb:8b:e2:b1:50:42:e4:e9:97:1c:b2:94:9f:7d:
         ae:33:43:82:52:9e:d2:6b:c4:6a:a2:c6:a9:0d:ff:6d:3d:d3:
         c2:69:bf:7d:c8:75:7b:2c:73:e2:80:2e:f6:3c:e3:0a:2f:f0:
         ce:c0:e5:9b:c8:3c:42:7f:0f:0c:ee:2b:76:5c:16:5c:b7:2d:
         5d:ec:82:00:5a:70:fc:fe:8d:52:fe:a9:9c:78:58:5e:7e:87:
         ff:de:db:2a:b4:a8:62:1c:68:d8:df:bd:54:e8:70:09:fd:b5:
         d2:84:39:93:2d:68:73:71:11:fc:a6:d9:2b:e6:eb:41:f5:15:
         c8:89:29:89:03:69:a9:da:33:4a:0c:86:cc:1b:f8:3b:c9:e8:
         59:85:62:a6:c5:85:48:7a:81:7c:16:fc:f3:71:78:68:2e:a5:
         fb:e6:5a:99:e3:35:f0:cb:41:35:07:79:2e:88:ff:32:f9:f3:
         cb:25:17:04:b0:d5:78:8d:0f:51:b0:17:aa:04:f5:d1:a7:3a:
         f6:15:49:53:64:94:c7:b0:f9:67:ed:f6:5c:0c:80:dd:70:fc:
         3c:9b:2c:4b:71:3f:9a:04:2f:3b:70:dc:1d:61:9a:bb:3f:39:
         b7:68:0c:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgI8jltFpkEugS7XY50Ty3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUwNzE0MTIzOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWYwMDJiODk3OWMwMWNmYWM5YjA5MmQ3OGUxOTVjODM5OTBjMWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukjxfsel3UWvR4W1VqJ0JfS0jbrg
HIQ05257TvcYrIVCihZciBvA71MUGfAW2rHcguJTVAOkieMEIkOSV7kOSznY8m7w
mIePMGfC7agbl4NJI7IqQTgl4F2sffOtL61zodnkfMy+wZuyA8ZEROTOcgyqC8Kn
/HFz8ewFWraOsYf2U/5ZPk6rqBKhniF+xKH8/2/Qp4g3OIESyOuHB48ANv/bLuPt
ZxaF77oyg1IO3kehnH13hhxqAMtUM+mPmbjaZy5TWfD53mZ2Rx0hO0luWkQzbIru
8V3CiUIifaF4SWsIPYvKk/Suvb/lRanTB3vc/bS9oNlPURLOI8CGrRqTJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnwAriXnAHPrJsJLXjhlcg5kMGsMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvMmZBQ3VKZWNBYy1zbXdrdGVPR1Z5RG1Rd2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oRMA0G
CSqGSIb3DQEBCwUAA4IBAQB6BH+dEIl3KG7rNh0pKABmn7oN5H5v+4visVBC5OmX
HLKUn32uM0OCUp7Sa8RqosapDf9tPdPCab99yHV7LHPigC72POMKL/DOwOWbyDxC
fw8M7it2XBZcty1d7IIAWnD8/o1S/qmceFhefof/3tsqtKhiHGjY371U6HAJ/bXS
hDmTLWhzcRH8ptkr5utB9RXIiSmJA2mp2jNKDIbMG/g7yehZhWKmxYVIeoF8Fvzz
cXhoLqX75lqZ4zXwy0E1B3kuiP8y+fPLJRcEsNV4jQ9RsBeqBPXRpzr2FUlTZJTH
sPln7fZcDIDdcPw8myxLcT+aBC87cNwdYZq7Pzm3aAx0
-----END CERTIFICATE-----