Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/9eiUlUD0hj0t27n6HAJRiEtwViI.roa
File:                     9eiUlUD0hj0t27n6HAJRiEtwViI.roa (raw, json)
Hash identifier:          blcfxDrN7nUCCk3DcsvznLKNNMxZgs2x1KvzO6XB+pY=
Subject key identifier:   F5:E8:94:95:40:F4:86:3D:2D:DB:B9:FA:1C:02:51:88:4B:70:56:22
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019874ADE0B06B64477DC7B9DAC68266E833
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/9eiUlUD0hj0t27n6HAJRiEtwViI.roa
Signing time:             Mon 04 Aug 2025 10:43:28 +0000
ROA not before:           Mon 04 Aug 2025 10:43:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        95.170.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:ad:e0:b0:6b:64:47:7d:c7:b9:da:c6:82:66:e8:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Aug  4 10:43:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5e8949540f4863d2ddbb9fa1c0251884b705622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b4:6e:28:fc:4b:1a:46:9c:81:d2:bf:73:eb:
                    86:43:3e:a4:fb:57:ae:db:a3:b2:a9:81:4c:fc:32:
                    ee:fb:81:1e:3a:8e:90:1d:bd:07:f7:e8:a4:ae:7f:
                    9c:2b:83:81:0f:31:ac:6c:46:d1:ee:04:26:58:df:
                    d9:3b:1e:c4:16:55:5d:e6:88:02:7f:02:4c:31:f6:
                    43:95:a3:20:a6:cf:5f:08:4e:06:06:1e:30:f1:7b:
                    67:10:f1:dc:7d:83:64:61:9e:0d:92:d1:da:22:4f:
                    26:88:35:5f:1b:54:52:51:39:a9:5c:28:eb:09:66:
                    b6:5e:49:3b:2e:cd:bb:a8:93:77:c3:e5:da:33:38:
                    36:88:26:86:59:ca:75:13:5e:7b:bf:d3:97:12:aa:
                    d0:ca:dd:a1:d0:a3:4d:40:d9:4e:ec:e4:30:98:49:
                    ab:31:bc:f1:ec:8c:c5:34:84:96:6f:04:d8:69:88:
                    15:18:ed:20:10:48:9d:bd:a6:3d:46:13:9a:47:66:
                    81:ac:bb:0b:06:06:a3:5c:77:ae:1c:67:6d:8e:05:
                    54:0c:5b:95:43:d4:0d:b7:70:71:12:5b:05:b3:bf:
                    47:95:8c:58:fd:84:f8:c9:cd:79:c2:7b:5d:01:54:
                    42:74:ca:91:a2:1f:b0:25:a6:7b:52:16:aa:5a:9d:
                    d1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E8:94:95:40:F4:86:3D:2D:DB:B9:FA:1C:02:51:88:4B:70:56:22
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/9eiUlUD0hj0t27n6HAJRiEtwViI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:c0:26:a4:d1:dd:ef:18:a4:3f:12:88:27:42:ba:c3:8b:29:
         26:d9:03:74:0e:1d:a7:ce:ed:ff:24:c6:78:1b:ea:23:f1:12:
         fe:d8:45:55:4d:a9:a0:35:43:e0:5f:88:18:b9:4a:58:be:5a:
         08:0f:8b:b5:f2:09:c7:de:47:ce:23:73:89:0d:d5:cf:3c:89:
         a4:5f:7d:b2:70:d6:ea:45:0b:8b:92:0c:f3:b0:a6:e6:97:d4:
         14:18:5a:bf:54:bd:b2:ab:68:9e:9a:f4:21:46:3a:42:7a:c6:
         f1:44:b1:44:e5:56:d5:b7:46:5f:0a:e2:6a:7e:3e:99:9f:88:
         30:df:2c:07:ed:f8:d3:d8:bf:32:6b:a4:1e:30:de:f9:ff:d5:
         c7:86:53:a2:2b:11:4e:22:eb:5b:c5:12:d0:0e:8e:73:40:53:
         9c:a6:f8:0f:82:ef:01:51:15:65:54:c4:a8:26:39:6b:f6:08:
         d2:82:79:fc:98:05:90:35:e0:ad:cf:0b:73:33:27:19:34:fd:
         96:76:4b:e0:6c:d6:29:5d:e7:da:5a:50:82:c9:81:14:18:98:
         a8:ad:ba:d9:c4:4c:39:d8:c9:ce:50:38:dc:ba:00:66:f3:a5:
         21:ac:66:06:cf:5c:11:00:b6:40:ea:59:1d:60:23:77:5c:73:
         59:24:61:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh0reCwa2RHfce52saCZugzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUwODA0MTA0MzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWU4OTQ5NTQwZjQ4NjNkMmRkYmI5ZmExYzAyNTE4ODRiNzA1NjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7RuKPxLGkacgdK/c+uGQz6k+1eu
26OyqYFM/DLu+4EeOo6QHb0H9+ikrn+cK4OBDzGsbEbR7gQmWN/ZOx7EFlVd5ogC
fwJMMfZDlaMgps9fCE4GBh4w8XtnEPHcfYNkYZ4NktHaIk8miDVfG1RSUTmpXCjr
CWa2Xkk7Ls27qJN3w+XaMzg2iCaGWcp1E157v9OXEqrQyt2h0KNNQNlO7OQwmEmr
Mbzx7IzFNISWbwTYaYgVGO0gEEidvaY9RhOaR2aBrLsLBgajXHeuHGdtjgVUDFuV
Q9QNt3BxElsFs79HlYxY/YT4yc15wntdAVRCdMqRoh+wJaZ7UhaqWp3RRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXolJVA9IY9Ldu5+hwCUYhLcFYiMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvOWVpVWxVRDBoajB0MjduNkhBSlJpRXR3VmlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6odMA0G
CSqGSIb3DQEBCwUAA4IBAQCVwCak0d3vGKQ/EognQrrDiykm2QN0Dh2nzu3/JMZ4
G+oj8RL+2EVVTamgNUPgX4gYuUpYvloID4u18gnH3kfOI3OJDdXPPImkX32ycNbq
RQuLkgzzsKbml9QUGFq/VL2yq2iemvQhRjpCesbxRLFE5VbVt0ZfCuJqfj6Zn4gw
3ywH7fjT2L8ya6QeMN75/9XHhlOiKxFOIutbxRLQDo5zQFOcpvgPgu8BURVlVMSo
Jjlr9gjSgnn8mAWQNeCtzwtzMycZNP2WdkvgbNYpXefaWlCCyYEUGJiorbrZxEw5
2MnOUDjcugBm86UhrGYGz1wRALZA6lkdYCN3XHNZJGFJ
-----END CERTIFICATE-----