Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/D2j4kWLz0VUlUTY9pIlLsXVv89c.roa
File:                     D2j4kWLz0VUlUTY9pIlLsXVv89c.roa (raw, json)
Hash identifier:          6dhVyDfvwWMyVEfdcJ/dxM+JgDX2N4ZHyTOtO1ofw2A=
Subject key identifier:   0F:68:F8:91:62:F3:D1:55:25:51:36:3D:A4:89:4B:B1:75:6F:F3:D7
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019A3671DD3CDE43BBFD3E39A24D29815DF6
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/D2j4kWLz0VUlUTY9pIlLsXVv89c.roa
Signing time:             Thu 30 Oct 2025 18:47:03 +0000
ROA not before:           Thu 30 Oct 2025 18:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        95.170.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:36:71:dd:3c:de:43:bb:fd:3e:39:a2:4d:29:81:5d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Oct 30 18:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f68f89162f3d1552551363da4894bb1756ff3d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3d:dc:58:dc:16:98:55:2a:8a:33:90:6f:05:
                    73:f3:23:df:f3:10:96:44:24:33:1e:29:df:a7:cd:
                    65:8a:82:68:a2:c8:1a:41:dd:44:09:e4:9e:2f:05:
                    a9:5e:06:23:9e:14:9a:07:ff:72:b2:86:fc:19:43:
                    95:29:00:25:70:65:69:a1:11:92:42:b7:6f:6f:4a:
                    4e:26:53:d6:72:60:84:3d:f4:c9:96:b8:61:e9:9a:
                    87:17:81:04:95:c0:44:30:fc:4c:57:ca:c8:d5:e5:
                    c6:67:9f:92:da:45:ff:f3:44:39:9b:d8:85:a4:87:
                    98:be:32:75:9f:10:17:66:57:72:0f:e9:17:dc:67:
                    04:af:b6:62:ea:99:de:b6:f2:fa:39:de:3e:91:81:
                    4e:93:28:2b:9e:b9:9c:df:68:b0:80:34:ad:43:49:
                    76:62:85:98:77:53:1a:c5:00:40:86:90:3f:94:d9:
                    07:22:f5:37:10:9e:c6:04:44:38:bf:64:c0:12:72:
                    6b:2b:87:97:80:1e:e9:5a:73:e7:d7:0e:8a:21:4b:
                    f0:5d:fe:ba:1a:de:d8:d1:65:0e:4a:a2:de:fa:1e:
                    38:21:cc:48:9f:d4:e9:37:30:2d:60:5e:0b:9e:b8:
                    06:c3:36:bf:93:77:fc:eb:9d:0d:5c:8b:92:b2:33:
                    92:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:68:F8:91:62:F3:D1:55:25:51:36:3D:A4:89:4B:B1:75:6F:F3:D7
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/D2j4kWLz0VUlUTY9pIlLsXVv89c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:eb:63:28:d0:f8:2b:da:57:20:58:5d:4c:b8:eb:3f:d5:7b:
         9e:4e:2c:53:a2:83:ab:b6:8c:1f:61:fa:f8:28:2a:54:f2:f9:
         a7:cf:1d:82:58:e7:89:03:70:df:bc:c4:47:51:a6:f4:bd:c2:
         30:f2:68:02:90:81:54:f8:f2:4b:f6:2a:64:d9:32:b0:41:eb:
         21:ed:a6:5c:f2:73:c8:93:25:55:fe:ae:fd:df:0f:b9:24:5d:
         25:14:22:75:89:7f:59:51:0e:c8:74:7c:0f:29:18:bd:04:08:
         60:83:fe:16:86:9e:5d:4a:15:59:20:10:7d:c1:d8:ac:67:4c:
         df:ef:c8:2f:08:30:05:fd:67:a3:9e:fa:7c:31:61:9e:0d:29:
         a6:eb:ed:83:3e:2e:d8:ea:78:e8:d1:fe:e3:41:a5:81:e3:b1:
         f4:cc:2f:c5:4e:fc:c1:f1:eb:ea:b6:aa:89:b1:a8:0d:ef:00:
         ab:e4:e6:93:04:34:22:46:32:d1:70:83:69:72:d8:7a:af:77:
         a0:bc:f3:04:7c:04:e3:2c:d2:27:9e:d2:41:1a:ec:1d:60:6e:
         61:e5:4e:72:ca:36:2d:e3:5b:d7:08:ea:f8:91:55:c3:30:4c:
         6f:36:21:7a:2f:d3:b0:74:61:cc:0a:e4:74:93:76:76:8d:85:
         68:70:19:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo2cd083kO7/T45ok0pgV32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUxMDMwMTg0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjY4Zjg5MTYyZjNkMTU1MjU1MTM2M2RhNDg5NGJiMTc1NmZmM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj3cWNwWmFUqijOQbwVz8yPf8xCW
RCQzHinfp81lioJoosgaQd1ECeSeLwWpXgYjnhSaB/9ysob8GUOVKQAlcGVpoRGS
Qrdvb0pOJlPWcmCEPfTJlrhh6ZqHF4EElcBEMPxMV8rI1eXGZ5+S2kX/80Q5m9iF
pIeYvjJ1nxAXZldyD+kX3GcEr7Zi6pnetvL6Od4+kYFOkygrnrmc32iwgDStQ0l2
YoWYd1MaxQBAhpA/lNkHIvU3EJ7GBEQ4v2TAEnJrK4eXgB7pWnPn1w6KIUvwXf66
Gt7Y0WUOSqLe+h44IcxIn9TpNzAtYF4LnrgGwza/k3f8650NXIuSsjOSmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9o+JFi89FVJVE2PaSJS7F1b/PXMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvRDJqNGtXTHowVlVsVVRZOXBJbExzWFZ2ODljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oSMA0G
CSqGSIb3DQEBCwUAA4IBAQCM62Mo0Pgr2lcgWF1MuOs/1XueTixTooOrtowfYfr4
KCpU8vmnzx2CWOeJA3DfvMRHUab0vcIw8mgCkIFU+PJL9ipk2TKwQesh7aZc8nPI
kyVV/q793w+5JF0lFCJ1iX9ZUQ7IdHwPKRi9BAhgg/4Whp5dShVZIBB9wdisZ0zf
78gvCDAF/Wejnvp8MWGeDSmm6+2DPi7Y6njo0f7jQaWB47H0zC/FTvzB8evqtqqJ
sagN7wCr5OaTBDQiRjLRcINpcth6r3egvPMEfATjLNInntJBGuwdYG5h5U5yyjYt
41vXCOr4kVXDMExvNiF6L9OwdGHMCuR0k3Z2jYVocBkT
-----END CERTIFICATE-----