Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/a0il1xPCzL5RX2zRZ16C5yrKQN0.roa
File:                     a0il1xPCzL5RX2zRZ16C5yrKQN0.roa (raw, json)
Hash identifier:          jNHlYD8MG49p1qoIK36TKFr01Lgirahfew8083hVbhQ=
Subject key identifier:   6B:48:A5:D7:13:C2:CC:BE:51:5F:6C:D1:67:5E:82:E7:2A:CA:40:DD
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       01992FA1E2B95806B8D42D29F14071862A0F
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/a0il1xPCzL5RX2zRZ16C5yrKQN0.roa
Signing time:             Tue 09 Sep 2025 17:59:22 +0000
ROA not before:           Tue 09 Sep 2025 17:59:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     265827
IP address blocks:        95.164.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2f:a1:e2:b9:58:06:b8:d4:2d:29:f1:40:71:86:2a:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Sep  9 17:59:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b48a5d713c2ccbe515f6cd1675e82e72aca40dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a0:af:8e:9f:5a:6a:ec:a7:33:ef:9e:de:36:
                    dd:6c:d5:c8:96:5e:76:e6:0d:23:19:47:a2:3d:b7:
                    47:eb:ad:0a:4f:e7:1e:e0:7b:6c:b4:16:7c:8d:45:
                    36:c1:24:1b:aa:ba:0b:51:73:6a:aa:ad:2c:2d:3c:
                    07:77:74:a2:f0:83:57:d0:2e:5f:fe:2e:f8:d1:ed:
                    73:80:fe:e2:08:c9:12:9f:bd:15:ab:b3:e0:ea:77:
                    fe:69:e0:b3:74:12:6d:92:75:62:8c:0b:46:6a:ec:
                    2f:ce:e8:3d:f4:4e:52:44:90:28:61:eb:a7:82:9d:
                    f0:e9:43:71:c4:ca:2c:50:be:1f:dc:65:3f:67:eb:
                    10:00:ed:f9:58:c6:e7:e0:70:34:41:fd:08:2a:90:
                    96:13:31:0d:d8:13:cb:9d:c6:05:bc:a3:12:a7:a6:
                    16:73:16:ce:44:73:cb:66:a9:f0:98:45:5d:a3:52:
                    72:55:ed:d2:76:10:f6:8c:2e:84:26:54:57:e9:84:
                    f6:a2:08:eb:c0:a5:ee:d7:7b:2d:7f:63:7d:2e:dd:
                    ec:ce:1b:36:ca:10:33:74:83:9c:1f:f4:ba:2b:28:
                    94:8d:54:68:52:1c:47:2b:b3:b3:00:51:7f:6a:e2:
                    ae:ec:84:fc:b0:00:bf:b9:60:17:62:fd:f4:05:d9:
                    26:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:48:A5:D7:13:C2:CC:BE:51:5F:6C:D1:67:5E:82:E7:2A:CA:40:DD
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/a0il1xPCzL5RX2zRZ16C5yrKQN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:0f:a0:b7:a0:b8:61:df:df:54:27:f0:4b:96:c4:27:06:a4:
         6f:a6:cf:ac:65:6b:ad:7b:35:05:ac:5c:58:4e:29:52:28:ad:
         e0:04:26:d3:73:4b:86:00:08:6c:69:02:3f:9b:1b:3f:f8:f2:
         d6:5d:2a:1a:eb:bc:d2:96:fc:43:39:fc:62:21:8a:de:e0:eb:
         a9:23:13:f5:af:d0:dd:db:5a:6f:60:ae:69:e8:f5:ca:a2:a6:
         7d:12:03:f0:50:f6:0c:c2:2a:d9:e6:33:b9:4d:01:c1:49:2b:
         2f:ae:63:2d:5c:c3:67:8a:3f:c3:d0:d1:24:b4:6d:91:7a:cc:
         ef:0f:46:26:7b:8f:df:10:78:92:fc:e7:e9:74:78:2c:3f:03:
         52:83:75:04:fa:b1:4a:ab:37:16:a6:bf:4c:2c:65:85:a9:eb:
         70:89:ab:71:6a:c8:48:2f:06:5f:9d:7a:6b:e9:01:33:57:9d:
         10:d7:93:7a:a3:d3:5f:da:0c:9d:b2:d8:3b:4a:d2:d4:e2:2b:
         45:a0:fc:7f:1b:d9:0c:3d:77:36:a0:f6:3b:29:cb:31:5b:1a:
         6f:13:21:a0:c6:26:75:d1:b3:7f:47:eb:c1:9a:32:69:08:09:
         27:65:87:09:33:6f:17:7d:82:65:78:7b:95:5b:e2:b3:61:73:
         1e:1a:a5:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkvoeK5WAa41C0p8UBxhioPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwOTA5MTc1OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjQ4YTVkNzEzYzJjY2JlNTE1ZjZjZDE2NzVlODJlNzJhY2E0MGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6Cvjp9aauynM++e3jbdbNXIll52
5g0jGUeiPbdH660KT+ce4HtstBZ8jUU2wSQbqroLUXNqqq0sLTwHd3Si8INX0C5f
/i740e1zgP7iCMkSn70Vq7Pg6nf+aeCzdBJtknVijAtGauwvzug99E5SRJAoYeun
gp3w6UNxxMosUL4f3GU/Z+sQAO35WMbn4HA0Qf0IKpCWEzEN2BPLncYFvKMSp6YW
cxbORHPLZqnwmEVdo1JyVe3SdhD2jC6EJlRX6YT2ogjrwKXu13stf2N9Lt3szhs2
yhAzdIOcH/S6KyiUjVRoUhxHK7OzAFF/auKu7IT8sAC/uWAXYv30Bdkm/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtIpdcTwsy+UV9s0WdegucqykDdMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvYTBpbDF4UEN6TDVSWDJ6UloxNkM1eXJLUU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6SiMA0G
CSqGSIb3DQEBCwUAA4IBAQB5D6C3oLhh399UJ/BLlsQnBqRvps+sZWutezUFrFxY
TilSKK3gBCbTc0uGAAhsaQI/mxs/+PLWXSoa67zSlvxDOfxiIYre4OupIxP1r9Dd
21pvYK5p6PXKoqZ9EgPwUPYMwirZ5jO5TQHBSSsvrmMtXMNnij/D0NEktG2Reszv
D0Yme4/fEHiS/OfpdHgsPwNSg3UE+rFKqzcWpr9MLGWFqetwiatxashILwZfnXpr
6QEzV50Q15N6o9Nf2gydstg7StLU4itFoPx/G9kMPXc2oPY7KcsxWxpvEyGgxiZ1
0bN/R+vBmjJpCAknZYcJM28XfYJleHuVW+KzYXMeGqWs
-----END CERTIFICATE-----