Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/OQwatOOKNts1l5QciIRYlIrZrUA.roa
File:                     OQwatOOKNts1l5QciIRYlIrZrUA.roa (raw, json)
Hash identifier:          /WVw3A1izDTxQhVDT4B9DMpIDCfh/f6b1AgbmhKnBE4=
Subject key identifier:   39:0C:1A:B4:E3:8A:36:DB:35:97:94:1C:88:84:58:94:8A:D9:AD:40
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019A1052578F8B01BDC7DDAE837453EB07A9
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/OQwatOOKNts1l5QciIRYlIrZrUA.roa
Signing time:             Thu 23 Oct 2025 09:07:03 +0000
ROA not before:           Thu 23 Oct 2025 09:07:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35625
IP address blocks:        95.170.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Oct 2025 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:52:57:8f:8b:01:bd:c7:dd:ae:83:74:53:eb:07:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Oct 23 09:07:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=390c1ab4e38a36db3597941c888458948ad9ad40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:2c:24:29:57:6c:5d:b3:b5:35:f7:97:06:6d:
                    e3:88:e8:31:c4:a2:86:69:32:18:04:1c:a6:e3:18:
                    ef:89:6f:76:ec:89:9b:0c:b2:6d:80:66:84:5a:b3:
                    6d:83:d5:a2:84:5b:8e:be:78:20:e0:f8:fc:de:0e:
                    9e:13:bb:15:e1:11:a6:af:04:8f:0c:f9:69:e7:83:
                    62:a4:fd:85:91:b7:fa:99:ec:05:fe:5e:7e:c2:c0:
                    f7:b5:65:c9:8b:0d:3c:4e:67:41:7b:77:ad:ff:d8:
                    92:73:0a:5c:80:78:b8:a4:f6:80:64:81:13:b8:a1:
                    cf:89:25:82:c4:9c:d3:a9:c9:fe:9d:93:32:17:da:
                    be:11:8f:ee:bf:61:9d:3a:d9:7e:e1:95:0e:de:34:
                    9d:11:2c:7f:fc:80:f7:01:5b:3f:17:1f:1c:dc:4d:
                    3f:8c:86:00:8e:04:70:31:33:6f:a8:a1:e8:4f:bf:
                    9c:61:7f:75:de:75:0e:63:e9:88:88:8c:ac:40:55:
                    76:fb:6c:2c:61:9b:70:e0:d6:4c:4d:d1:18:08:12:
                    03:23:40:88:57:63:d4:af:d6:d0:15:54:7d:15:55:
                    0b:c3:f8:ce:4f:bd:5c:bc:7d:20:6b:f9:0b:66:50:
                    1a:8c:0d:8a:fb:d1:df:f9:69:c1:04:42:09:93:d4:
                    6a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:0C:1A:B4:E3:8A:36:DB:35:97:94:1C:88:84:58:94:8A:D9:AD:40
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/OQwatOOKNts1l5QciIRYlIrZrUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:57:16:15:a2:69:0f:26:97:e0:0d:00:9e:47:48:8d:35:f7:
         42:62:d6:76:e8:36:35:d8:63:e4:de:4d:35:36:f7:70:a2:cd:
         76:aa:22:12:74:34:b7:f0:3b:c7:bd:d2:9c:ef:96:3b:a8:3a:
         e9:fb:89:d3:21:ea:69:89:63:a6:3d:a6:8c:d4:34:3b:36:2b:
         48:f0:51:ea:40:0b:5b:66:ee:74:ef:ff:44:c5:15:f4:7c:4a:
         18:66:fb:f1:1c:58:f8:01:6c:c4:fa:da:42:48:c1:a4:d4:a4:
         25:6a:85:8c:d4:79:b3:c7:92:fc:47:11:98:17:47:e0:eb:52:
         aa:5c:03:e9:a9:82:71:d9:53:0a:33:27:db:4a:d5:32:59:83:
         58:77:97:a7:cb:2a:8d:ec:e4:57:4e:8e:e8:6d:84:e7:2c:75:
         99:f2:87:5b:d2:e2:2b:fc:e0:97:e9:9b:74:4d:70:e3:45:41:
         61:24:07:25:73:b9:29:15:25:5e:5b:c7:a2:65:7b:f0:8f:d0:
         b2:c3:0f:6f:96:05:b3:f0:36:9c:90:98:89:ce:68:52:49:0d:
         ec:93:d4:a3:6e:d7:4b:3e:7a:d6:d9:2d:04:24:45:a7:0a:56:
         98:2d:d7:9e:45:5f:ad:fe:50:35:ce:59:52:a7:90:6f:4d:9c:
         1c:a3:b9:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoQUlePiwG9x92ug3RT6wepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUxMDIzMDkwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTBjMWFiNGUzOGEzNmRiMzU5Nzk0MWM4ODg0NTg5NDhhZDlhZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ywkKVdsXbO1NfeXBm3jiOgxxKKG
aTIYBBym4xjviW927ImbDLJtgGaEWrNtg9WihFuOvngg4Pj83g6eE7sV4RGmrwSP
DPlp54NipP2Fkbf6mewF/l5+wsD3tWXJiw08TmdBe3et/9iScwpcgHi4pPaAZIET
uKHPiSWCxJzTqcn+nZMyF9q+EY/uv2GdOtl+4ZUO3jSdESx//ID3AVs/Fx8c3E0/
jIYAjgRwMTNvqKHoT7+cYX913nUOY+mIiIysQFV2+2wsYZtw4NZMTdEYCBIDI0CI
V2PUr9bQFVR9FVULw/jOT71cvH0ga/kLZlAajA2K+9Hf+WnBBEIJk9Rq/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkMGrTjijbbNZeUHIiEWJSK2a1AMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvT1F3YXRPT0tOdHMxbDVRY2lJUllsSXJaclVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oEMA0G
CSqGSIb3DQEBCwUAA4IBAQAkVxYVomkPJpfgDQCeR0iNNfdCYtZ26DY12GPk3k01
Nvdwos12qiISdDS38DvHvdKc75Y7qDrp+4nTIeppiWOmPaaM1DQ7NitI8FHqQAtb
Zu507/9ExRX0fEoYZvvxHFj4AWzE+tpCSMGk1KQlaoWM1Hmzx5L8RxGYF0fg61Kq
XAPpqYJx2VMKMyfbStUyWYNYd5enyyqN7ORXTo7obYTnLHWZ8odb0uIr/OCX6Zt0
TXDjRUFhJAclc7kpFSVeW8eiZXvwj9Cyww9vlgWz8DackJiJzmhSSQ3sk9SjbtdL
PnrW2S0EJEWnClaYLdeeRV+t/lA1zllSp5BvTZwco7k6
-----END CERTIFICATE-----