Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/PCRZo7y9tu3CQFwmbfoQbR3eUHc.roa
File:                     PCRZo7y9tu3CQFwmbfoQbR3eUHc.roa (raw, json)
Hash identifier:          TAX2ekhpscWHlQTg3ikzSFgXMMFTiQv22GQIE+8xRLA=
Subject key identifier:   3C:24:59:A3:BC:BD:B6:ED:C2:40:5C:26:6D:FA:10:6D:1D:DE:50:77
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       0198884A901F8276731C2435B4E16011F07D
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/PCRZo7y9tu3CQFwmbfoQbR3eUHc.roa
Signing time:             Fri 08 Aug 2025 06:07:24 +0000
ROA not before:           Fri 08 Aug 2025 06:07:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216145
IP address blocks:        95.170.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:88:4a:90:1f:82:76:73:1c:24:35:b4:e1:60:11:f0:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Aug  8 06:07:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c2459a3bcbdb6edc2405c266dfa106d1dde5077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ab:f0:a2:6b:aa:30:35:7c:f1:a2:39:46:66:
                    f1:63:31:cd:65:4a:bd:9d:53:51:e4:3e:a9:15:ac:
                    40:47:1d:6e:8f:2b:d6:37:f0:57:5a:bb:5b:90:b2:
                    d7:32:74:da:d8:4e:5c:76:f0:d7:07:3b:56:f8:da:
                    51:c8:e1:d9:2e:80:2b:93:55:24:5a:c5:ff:3b:cf:
                    61:4b:3f:82:be:95:ed:7d:95:dc:f5:dc:4c:93:dc:
                    bc:20:b7:98:8a:92:74:2c:9b:b5:c3:5d:82:4b:2f:
                    24:b2:73:60:2f:f8:b0:e1:94:0e:84:71:72:2b:b0:
                    99:41:5a:16:fe:60:9a:21:e9:b5:3a:9a:33:e8:3f:
                    1a:e1:cf:ee:df:44:09:73:e9:cb:48:c8:49:2a:96:
                    50:3f:d6:2c:60:1f:b4:5d:7c:f8:fc:b9:bd:46:ed:
                    b2:89:59:a4:41:91:a9:1c:89:34:89:b9:4f:6c:e3:
                    15:f1:21:4c:41:91:85:b0:34:00:92:a3:45:e9:14:
                    d4:69:55:1c:e4:c9:56:4f:5e:7b:f0:e1:bf:30:44:
                    8a:d3:66:ec:43:17:be:22:03:5f:a4:aa:3f:d0:9d:
                    81:f7:73:af:37:90:3f:c2:3a:8a:32:13:93:4d:37:
                    bc:22:70:df:a7:9c:04:a9:ae:f3:f7:cc:62:40:04:
                    d4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:24:59:A3:BC:BD:B6:ED:C2:40:5C:26:6D:FA:10:6D:1D:DE:50:77
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/PCRZo7y9tu3CQFwmbfoQbR3eUHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:8b:f2:6d:72:28:c9:43:fc:60:d3:d2:37:f0:82:05:18:a5:
         c4:89:c1:af:7f:1c:2f:9e:23:9e:f7:34:60:99:fb:f2:8f:84:
         b2:2b:8a:f4:82:9c:c0:0c:92:82:03:9d:7e:4a:f9:88:3e:cd:
         cd:c1:51:8f:2f:81:1f:65:0b:05:71:f7:05:bc:93:de:e4:d6:
         56:bc:e6:1c:73:78:b2:c4:35:2b:1b:f3:17:0f:b5:2d:c2:a0:
         b5:cc:3f:28:33:3a:f3:18:c9:05:8c:cd:03:2e:21:0d:8b:f5:
         07:1a:c3:1a:4d:2d:f7:de:73:a9:61:25:e5:4d:9f:36:34:75:
         d2:3e:33:38:90:21:56:71:bd:c5:3d:3c:62:79:f8:96:33:af:
         d7:dd:57:f8:66:71:cf:ac:ff:70:cf:3e:53:eb:22:1e:0e:1a:
         48:c2:a3:1a:3d:7a:dd:d5:dc:46:d1:96:2d:c8:cf:d6:79:03:
         12:05:76:f7:29:1a:2d:77:9b:bc:e9:10:00:10:6e:52:c6:b5:
         e5:98:1c:2a:4b:79:69:d5:5f:4c:68:bd:f0:81:11:cd:92:20:
         c4:78:03:98:1f:af:bb:ec:09:55:77:1c:86:69:8c:4e:54:d4:
         e9:34:a7:ca:2a:74:ca:13:c4:03:df:2e:18:a4:4a:8b:be:5a:
         b4:42:e8:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiISpAfgnZzHCQ1tOFgEfB9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUwODA4MDYwNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzI0NTlhM2JjYmRiNmVkYzI0MDVjMjY2ZGZhMTA2ZDFkZGU1MDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiavwomuqMDV88aI5RmbxYzHNZUq9
nVNR5D6pFaxARx1ujyvWN/BXWrtbkLLXMnTa2E5cdvDXBztW+NpRyOHZLoArk1Uk
WsX/O89hSz+CvpXtfZXc9dxMk9y8ILeYipJ0LJu1w12CSy8ksnNgL/iw4ZQOhHFy
K7CZQVoW/mCaIem1Opoz6D8a4c/u30QJc+nLSMhJKpZQP9YsYB+0XXz4/Lm9Ru2y
iVmkQZGpHIk0iblPbOMV8SFMQZGFsDQAkqNF6RTUaVUc5MlWT1578OG/MESK02bs
Qxe+IgNfpKo/0J2B93OvN5A/wjqKMhOTTTe8InDfp5wEqa7z98xiQATUTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwkWaO8vbbtwkBcJm36EG0d3lB3MB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvUENSWm83eTl0dTNDUUZ3bWJmb1FiUjNlVUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6obMA0G
CSqGSIb3DQEBCwUAA4IBAQCLi/JtcijJQ/xg09I38IIFGKXEicGvfxwvniOe9zRg
mfvyj4SyK4r0gpzADJKCA51+SvmIPs3NwVGPL4EfZQsFcfcFvJPe5NZWvOYcc3iy
xDUrG/MXD7UtwqC1zD8oMzrzGMkFjM0DLiENi/UHGsMaTS333nOpYSXlTZ82NHXS
PjM4kCFWcb3FPTxiefiWM6/X3Vf4ZnHPrP9wzz5T6yIeDhpIwqMaPXrd1dxG0ZYt
yM/WeQMSBXb3KRotd5u86RAAEG5SxrXlmBwqS3lp1V9MaL3wgRHNkiDEeAOYH6+7
7AlVdxyGaYxOVNTpNKfKKnTKE8QD3y4YpEqLvlq0Qujk
-----END CERTIFICATE-----