Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/KtKxD1HbUkxdQbT12LynXd7iXTs.roa
File:                     KtKxD1HbUkxdQbT12LynXd7iXTs.roa (raw, json)
Hash identifier:          sI8vJTHX8+A6Ti8zSaEXzqBtKgPjjPc75g33e2ATpPA=
Subject key identifier:   2A:D2:B1:0F:51:DB:52:4C:5D:41:B4:F5:D8:BC:A7:5D:DE:E2:5D:3B
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       0198D034974FF8D3D1CD34ACE65C77B22ABF
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/KtKxD1HbUkxdQbT12LynXd7iXTs.roa
Signing time:             Fri 22 Aug 2025 05:16:04 +0000
ROA not before:           Fri 22 Aug 2025 05:16:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214152
IP address blocks:        81.95.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d0:34:97:4f:f8:d3:d1:cd:34:ac:e6:5c:77:b2:2a:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Aug 22 05:16:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ad2b10f51db524c5d41b4f5d8bca75ddee25d3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:69:eb:89:12:cb:bb:89:d4:3a:e4:14:36:e0:
                    9f:fb:e3:ec:22:9f:18:ce:c2:e3:74:da:99:cf:c5:
                    50:3e:4d:73:3b:13:64:1d:78:d9:79:ba:b0:25:2f:
                    c1:dd:21:ec:f1:b3:65:f0:3e:0e:40:c3:fe:dd:53:
                    57:0d:26:a3:6c:0a:02:44:76:17:e9:80:43:8d:ab:
                    c0:39:50:11:94:97:58:d7:d9:35:f3:5b:88:cc:40:
                    41:82:2e:1c:f2:02:0d:9e:fd:6e:0f:3e:14:88:ef:
                    83:bb:77:05:b5:43:82:a7:2d:c2:2d:24:2f:ae:4d:
                    c9:eb:b7:80:d4:ce:9d:b3:94:b3:ce:e7:c6:3c:c7:
                    08:29:17:81:6b:fa:ae:74:c7:d1:7e:ac:b3:f3:bc:
                    b0:41:b8:16:b0:8e:18:f1:8f:8a:17:2c:93:ef:d7:
                    e3:a3:fb:d9:0d:d8:11:43:4a:3b:05:a3:a1:29:4f:
                    b0:e7:37:af:8d:6a:9d:3a:86:19:fe:73:23:88:5f:
                    08:31:fc:3d:17:99:79:f4:d4:1f:91:13:d6:b6:2a:
                    41:14:6e:4a:aa:71:bf:09:6a:8e:57:c0:60:84:11:
                    47:22:d4:5d:16:84:6d:71:b8:cd:b1:e2:2f:ba:5d:
                    29:72:6c:d7:14:47:e5:92:54:c4:a2:f6:55:11:b4:
                    7d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D2:B1:0F:51:DB:52:4C:5D:41:B4:F5:D8:BC:A7:5D:DE:E2:5D:3B
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/KtKxD1HbUkxdQbT12LynXd7iXTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.95.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:d0:02:83:fe:e5:10:d3:80:07:6f:28:b8:3c:d9:6f:d0:05:
         2c:d2:e6:53:54:98:97:cd:3f:de:40:46:63:a3:67:47:09:47:
         6c:73:af:7a:c5:c5:c6:1f:f4:5a:09:9b:c3:06:32:26:05:6a:
         73:47:c9:f6:27:02:d9:a6:81:c8:6e:30:44:57:3b:6f:dd:24:
         53:da:c1:3e:dd:bb:7f:e8:88:a4:9b:36:f3:96:37:fa:01:0f:
         b5:fb:26:9c:85:5f:b2:cf:9d:5f:b8:40:20:4d:9d:1a:c2:ff:
         a2:17:77:f1:10:b7:a6:36:5b:3a:04:c6:64:5b:4f:24:81:94:
         d7:1d:77:0a:76:da:65:97:c2:5f:c9:72:6f:39:c8:08:ef:4e:
         6f:c1:fa:6d:f2:2f:84:7f:f5:7e:8b:71:81:25:86:e9:43:81:
         ce:42:12:86:5a:e9:ee:b5:08:5a:b9:6f:55:ae:64:cd:fe:02:
         1e:57:1c:26:b9:11:f8:bc:90:cd:d8:5d:db:4b:c3:c4:17:0f:
         05:60:86:d8:1a:3b:a1:4e:92:6a:8c:18:5a:ba:15:a6:79:c6:
         bd:08:d1:29:50:eb:8e:62:d1:6d:56:64:b8:97:50:29:ba:d6:
         09:0e:ca:8c:12:5c:9e:81:1b:bd:74:97:d6:36:1d:2a:dd:eb:
         f2:df:07:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjQNJdP+NPRzTSs5lx3siq/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjUwODIyMDUxNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQyYjEwZjUxZGI1MjRjNWQ0MWI0ZjVkOGJjYTc1ZGRlZTI1ZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGnriRLLu4nUOuQUNuCf++PsIp8Y
zsLjdNqZz8VQPk1zOxNkHXjZebqwJS/B3SHs8bNl8D4OQMP+3VNXDSajbAoCRHYX
6YBDjavAOVARlJdY19k181uIzEBBgi4c8gINnv1uDz4UiO+Du3cFtUOCpy3CLSQv
rk3J67eA1M6ds5SzzufGPMcIKReBa/qudMfRfqyz87ywQbgWsI4Y8Y+KFyyT79fj
o/vZDdgRQ0o7BaOhKU+w5zevjWqdOoYZ/nMjiF8IMfw9F5l59NQfkRPWtipBFG5K
qnG/CWqOV8BghBFHItRdFoRtcbjNseIvul0pcmzXFEflklTEovZVEbR9lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrSsQ9R21JMXUG09di8p13e4l07MB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvS3RLeEQxSGJVa3hkUWJUMTJMeW5YZDdpWFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUV8pMA0G
CSqGSIb3DQEBCwUAA4IBAQB90AKD/uUQ04AHbyi4PNlv0AUs0uZTVJiXzT/eQEZj
o2dHCUdsc696xcXGH/RaCZvDBjImBWpzR8n2JwLZpoHIbjBEVztv3SRT2sE+3bt/
6Iikmzbzljf6AQ+1+yachV+yz51fuEAgTZ0awv+iF3fxELemNls6BMZkW08kgZTX
HXcKdtpll8JfyXJvOcgI705vwfpt8i+Ef/V+i3GBJYbpQ4HOQhKGWunutQhauW9V
rmTN/gIeVxwmuRH4vJDN2F3bS8PEFw8FYIbYGjuhTpJqjBhauhWmeca9CNEpUOuO
YtFtVmS4l1AputYJDsqMElyegRu9dJfWNh0q3evy3wcX
-----END CERTIFICATE-----