Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/5B96JsENP7oPHcdFfVpqYDbmFYg.roa
File:                     5B96JsENP7oPHcdFfVpqYDbmFYg.roa (raw, json)
Hash identifier:          EHvXfHafsqrn16RMNZ7Iql67i0KDC/bzUoVDYjRF+eY=
Subject key identifier:   E4:1F:7A:26:C1:0D:3F:BA:0F:1D:C7:45:7D:5A:6A:60:36:E6:15:88
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       01999BDC2FF5FA2915F322E00E7473C0BDB9
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/5B96JsENP7oPHcdFfVpqYDbmFYg.roa
Signing time:             Tue 30 Sep 2025 18:22:02 +0000
ROA not before:           Tue 30 Sep 2025 18:22:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        95.170.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:dc:2f:f5:fa:29:15:f3:22:e0:0e:74:73:c0:bd:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Sep 30 18:22:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e41f7a26c10d3fba0f1dc7457d5a6a6036e61588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:10:fe:b5:b4:25:3d:34:33:6f:7b:35:90:c5:
                    cb:e1:e3:e4:5f:f4:d2:27:f0:b5:82:84:05:4f:56:
                    b8:11:cf:a1:ef:c1:f8:73:55:87:75:df:ab:46:ea:
                    f4:7d:4d:cb:62:8a:b6:c5:5e:cb:f8:a7:3e:20:23:
                    c6:d4:f9:1d:31:90:f7:c6:71:ab:61:69:d4:d5:88:
                    4c:cb:d0:2b:e7:9d:b2:67:10:15:63:fa:cd:db:b8:
                    cd:a6:4a:11:f0:a3:09:d2:87:a2:91:bb:87:c3:1c:
                    c0:8d:b7:1f:80:fa:ea:76:4b:5b:4b:45:32:9f:66:
                    73:6d:ad:e9:1c:f5:46:e4:0c:b4:4b:4b:40:8a:67:
                    13:80:43:db:30:da:a3:a5:49:0d:ff:36:2f:4e:8e:
                    ac:82:24:8d:20:2e:50:77:f5:48:61:d7:81:5c:a8:
                    da:36:65:dd:27:14:53:2e:7f:bc:20:32:3e:fe:81:
                    76:32:bb:b4:1e:25:6b:b5:63:c0:9c:42:0f:eb:68:
                    bd:cd:4d:76:f5:1b:e6:b8:fc:b7:55:40:64:b5:b9:
                    b5:6c:eb:24:02:1b:d6:22:3e:e5:00:db:3a:58:80:
                    b2:dc:44:5e:0d:4c:09:6b:b9:5f:2c:85:4d:c1:8f:
                    ce:db:68:a7:63:61:91:1c:27:2e:7e:5e:55:3f:b7:
                    0b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:1F:7A:26:C1:0D:3F:BA:0F:1D:C7:45:7D:5A:6A:60:36:E6:15:88
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/5B96JsENP7oPHcdFfVpqYDbmFYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:17:15:bb:d9:8e:35:33:41:1c:ee:b4:01:6b:08:49:78:a7:
         11:c8:34:44:e0:ed:d3:91:8d:ca:de:17:d2:c9:f5:82:8e:5a:
         66:40:1c:31:6f:b9:71:d8:d2:52:61:3b:ef:88:f8:e8:8c:21:
         4e:ea:f1:12:5f:23:5a:6b:39:37:2c:2c:13:67:e9:32:77:d3:
         86:bc:01:96:bc:5a:23:b3:a5:7c:4c:70:66:ca:c0:a1:5f:32:
         17:b6:28:f2:c5:4a:dc:b7:4f:77:e6:8a:7a:f6:17:49:f3:6a:
         71:14:36:ad:7b:fc:f0:12:02:29:92:0e:80:7d:10:48:28:34:
         10:62:09:aa:5b:b8:5e:fb:32:96:97:a9:0f:22:88:5d:57:f4:
         d2:2a:fb:4c:a2:db:fb:fc:5d:87:c6:25:ab:aa:17:4d:ca:a6:
         1b:d8:dd:4d:3d:ac:98:eb:af:4f:21:17:6e:45:84:dd:31:34:
         98:f0:a7:0d:68:fa:94:b2:48:03:ee:24:a2:61:dd:8a:2a:9f:
         92:20:57:6c:65:5b:1d:d0:e4:8e:4d:6a:6c:d4:ab:28:0f:01:
         70:67:dc:9d:76:44:47:95:1c:77:52:cb:16:ae:a1:29:2f:fd:
         64:31:da:9d:79:9a:ce:9e:b8:2b:32:c8:41:2b:58:77:0e:9a:
         e9:9a:67:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmb3C/1+ikV8yLgDnRzwL25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUwOTMwMTgyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDFmN2EyNmMxMGQzZmJhMGYxZGM3NDU3ZDVhNmE2MDM2ZTYxNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRD+tbQlPTQzb3s1kMXL4ePkX/TS
J/C1goQFT1a4Ec+h78H4c1WHdd+rRur0fU3LYoq2xV7L+Kc+ICPG1PkdMZD3xnGr
YWnU1YhMy9Ar552yZxAVY/rN27jNpkoR8KMJ0oeikbuHwxzAjbcfgPrqdktbS0Uy
n2Zzba3pHPVG5Ay0S0tAimcTgEPbMNqjpUkN/zYvTo6sgiSNIC5Qd/VIYdeBXKja
NmXdJxRTLn+8IDI+/oF2Mru0HiVrtWPAnEIP62i9zU129RvmuPy3VUBktbm1bOsk
AhvWIj7lANs6WICy3EReDUwJa7lfLIVNwY/O22inY2GRHCcufl5VP7cLGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQfeibBDT+6Dx3HRX1aamA25hWIMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvNUI5NkpzRU5QN29QSGNkRmZWcHFZRGJtRllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oSMA0G
CSqGSIb3DQEBCwUAA4IBAQALFxW72Y41M0Ec7rQBawhJeKcRyDRE4O3TkY3K3hfS
yfWCjlpmQBwxb7lx2NJSYTvviPjojCFO6vESXyNaazk3LCwTZ+kyd9OGvAGWvFoj
s6V8THBmysChXzIXtijyxUrct0935op69hdJ82pxFDate/zwEgIpkg6AfRBIKDQQ
YgmqW7he+zKWl6kPIohdV/TSKvtMotv7/F2HxiWrqhdNyqYb2N1NPayY669PIRdu
RYTdMTSY8KcNaPqUskgD7iSiYd2KKp+SIFdsZVsd0OSOTWps1KsoDwFwZ9yddkRH
lRx3UssWrqEpL/1kMdqdeZrOnrgrMshBK1h3Dprpmmfi
-----END CERTIFICATE-----