Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/H_966Wk1FTC3jkTyzqV8yNg_ZNA.roa
File:                     H_966Wk1FTC3jkTyzqV8yNg_ZNA.roa (raw, json)
Hash identifier:          TnyQK3WU+PBRd+vEsMdM10aU8d+vzRsAvTM7gsLxMXo=
Subject key identifier:   1F:FF:7A:E9:69:35:15:30:B7:8E:44:F2:CE:A5:7C:C8:D8:3F:64:D0
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019951863CF88426C0D5050BC0B0E38962DB
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/H_966Wk1FTC3jkTyzqV8yNg_ZNA.roa
Signing time:             Tue 16 Sep 2025 07:56:15 +0000
ROA not before:           Tue 16 Sep 2025 07:56:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        95.170.20.0/24 maxlen: 24
                          95.170.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:86:3c:f8:84:26:c0:d5:05:0b:c0:b0:e3:89:62:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Sep 16 07:56:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fff7ae969351530b78e44f2cea57cc8d83f64d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:06:b7:6b:39:06:86:b7:3d:82:49:52:32:57:
                    58:1e:29:b3:0f:53:27:28:ef:a7:c2:07:30:a6:b4:
                    b4:66:a9:ff:0b:61:45:b5:4b:c5:ae:41:7c:ec:b7:
                    f2:aa:6a:ab:d2:4e:b0:48:a3:b4:5b:55:c2:29:91:
                    4f:79:45:d3:d3:dc:42:f2:f9:7d:8f:33:a3:f0:f9:
                    7a:3d:2f:04:fa:69:9e:81:a7:16:60:4c:f8:e8:ca:
                    ac:25:31:03:29:56:a4:62:75:ac:fe:86:7c:02:4f:
                    ec:7b:cc:25:58:77:66:4c:a6:39:c5:9c:8e:8d:69:
                    0d:8d:d6:59:f1:e7:0e:70:8e:e5:48:3e:b4:5e:da:
                    b9:42:50:b7:a2:50:f3:db:4f:64:f4:08:b7:f4:01:
                    44:7b:da:a6:e2:9e:49:bc:86:ec:ca:c9:e8:05:c4:
                    fc:1f:c7:8e:0f:1d:f4:dd:84:0f:a0:fa:df:97:30:
                    be:b4:9f:37:02:cc:e2:80:c4:e4:d7:22:36:27:d4:
                    29:12:43:e1:9d:68:a6:5c:b7:07:b1:9a:6a:d4:10:
                    c8:3d:7f:3f:78:f6:b2:00:c5:63:f5:6a:8b:ad:f2:
                    82:c6:ed:74:ee:cf:f8:7b:c5:1a:58:73:22:33:be:
                    96:7b:b5:16:de:01:48:82:06:ae:66:c7:4e:dd:7f:
                    2f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:FF:7A:E9:69:35:15:30:B7:8E:44:F2:CE:A5:7C:C8:D8:3F:64:D0
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/H_966Wk1FTC3jkTyzqV8yNg_ZNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.20.0/24
                  95.170.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:8e:66:1d:a7:9f:19:ce:0b:88:ee:0d:f5:c4:6c:94:83:91:
         ac:35:1f:da:33:6a:38:b2:f7:5e:1f:ec:ff:20:f6:0a:38:38:
         54:84:20:9d:3b:7b:bb:db:66:4f:9a:d5:0e:74:22:8b:f5:cc:
         ec:36:7d:fb:96:31:b3:4d:52:7c:e8:e5:79:45:3e:aa:11:bb:
         95:fc:2c:7f:dc:e1:ca:fd:14:2e:a3:00:55:ec:3c:46:85:03:
         5b:da:0f:86:30:03:13:f1:7b:08:36:4d:61:d0:6d:6f:64:5f:
         dd:1b:b6:74:39:9d:56:78:e1:44:14:d6:59:cf:2d:8b:a8:3e:
         dd:4d:a0:2c:4c:92:80:8c:2b:1f:4a:39:52:ac:ac:34:fd:a4:
         5f:f7:f4:fd:da:e0:37:2a:42:11:a5:05:a5:97:f8:f7:ce:23:
         ce:41:89:33:7d:70:78:4f:46:ee:80:38:63:1e:23:2f:52:45:
         d1:c3:31:29:54:62:63:fa:ff:01:23:c6:08:a8:1e:ed:61:0d:
         2d:ea:a4:76:46:68:c9:49:1d:dd:c2:d4:b5:81:d5:33:31:37:
         a7:fe:53:0d:ab:22:af:06:24:07:a5:29:09:60:0c:ef:86:ca:
         76:3d:a7:11:5c:a2:b7:2b:8a:be:47:ec:e4:bf:8c:bd:30:ab:
         28:61:7c:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlRhjz4hCbA1QULwLDjiWLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUwOTE2MDc1NjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmZmN2FlOTY5MzUxNTMwYjc4ZTQ0ZjJjZWE1N2NjOGQ4M2Y2NGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAa3azkGhrc9gklSMldYHimzD1Mn
KO+nwgcwprS0Zqn/C2FFtUvFrkF87Lfyqmqr0k6wSKO0W1XCKZFPeUXT09xC8vl9
jzOj8Pl6PS8E+mmegacWYEz46MqsJTEDKVakYnWs/oZ8Ak/se8wlWHdmTKY5xZyO
jWkNjdZZ8ecOcI7lSD60Xtq5QlC3olDz209k9Ai39AFEe9qm4p5JvIbsysnoBcT8
H8eODx303YQPoPrflzC+tJ83AszigMTk1yI2J9QpEkPhnWimXLcHsZpq1BDIPX8/
ePayAMVj9WqLrfKCxu107s/4e8UaWHMiM76We7UW3gFIggauZsdO3X8vvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB//eulpNRUwt45E8s6lfMjYP2TQMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvSF85NjZXazFGVEMzamtUeXpxVjh5TmdfWk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX6oUAwQA
X6odMA0GCSqGSIb3DQEBCwUAA4IBAQBzjmYdp58ZzguI7g31xGyUg5GsNR/aM2o4
svdeH+z/IPYKODhUhCCdO3u722ZPmtUOdCKL9czsNn37ljGzTVJ86OV5RT6qEbuV
/Cx/3OHK/RQuowBV7DxGhQNb2g+GMAMT8XsINk1h0G1vZF/dG7Z0OZ1WeOFEFNZZ
zy2LqD7dTaAsTJKAjCsfSjlSrKw0/aRf9/T92uA3KkIRpQWll/j3ziPOQYkzfXB4
T0bugDhjHiMvUkXRwzEpVGJj+v8BI8YIqB7tYQ0t6qR2RmjJSR3dwtS1gdUzMTen
/lMNqyKvBiQHpSkJYAzvhsp2PacRXKK3K4q+R+zkv4y9MKsoYXxY
-----END CERTIFICATE-----