Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/6b9626-fb1a-445e-b95a-b002f35be739/1/2EqRaIm0ahFzSQziRWxNhuiDeiY.roa
File:                     2EqRaIm0ahFzSQziRWxNhuiDeiY.roa (raw, json)
Hash identifier:          5jZKlaOwWZIRRP1zoyFgUhrGBnHTFy4tV4SJl+5yoHI=
Subject key identifier:   D8:4A:91:68:89:B4:6A:11:73:49:0C:E2:45:6C:4D:86:E8:83:7A:26
Certificate issuer:       /CN=71d8b09757333126dfb583480ea8e2d3d346c08d
Certificate serial:       019A102F8CBEC24B51B260CC3AC047019EF8
Authority key identifier: 71:D8:B0:97:57:33:31:26:DF:B5:83:48:0E:A8:E2:D3:D3:46:C0:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdiwl1czMSbftYNIDqji09NGwI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/6b9626-fb1a-445e-b95a-b002f35be739/1/2EqRaIm0ahFzSQziRWxNhuiDeiY.roa
Signing time:             Thu 23 Oct 2025 08:29:02 +0000
ROA not before:           Thu 23 Oct 2025 08:29:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204949
IP address blocks:        91.220.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/6b9626-fb1a-445e-b95a-b002f35be739/1/cdiwl1czMSbftYNIDqji09NGwI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/6b9626-fb1a-445e-b95a-b002f35be739/1/cdiwl1czMSbftYNIDqji09NGwI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdiwl1czMSbftYNIDqji09NGwI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:2f:8c:be:c2:4b:51:b2:60:cc:3a:c0:47:01:9e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d8b09757333126dfb583480ea8e2d3d346c08d
        Validity
            Not Before: Oct 23 08:29:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d84a916889b46a1173490ce2456c4d86e8837a26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5f:cb:50:03:a4:ea:46:12:a9:ad:61:47:8e:
                    ec:16:d7:7f:a4:06:2c:d0:fa:76:78:39:90:af:15:
                    d6:33:bc:03:ba:da:b5:b2:43:dc:e3:5f:60:34:53:
                    4d:27:02:b9:eb:4e:55:66:c8:61:2f:dd:0d:6f:3e:
                    85:8f:3f:35:f9:5f:9e:76:d6:0f:34:34:fb:b4:d8:
                    26:d3:87:8e:86:64:7b:2c:a1:6d:fc:de:dd:8b:43:
                    fb:72:07:bc:fc:29:3c:e1:c6:49:b9:6a:af:67:db:
                    d9:a2:56:9b:79:94:6e:c0:37:34:95:28:37:05:91:
                    61:c2:47:fc:c7:56:cc:35:9b:b8:97:d0:9a:b2:85:
                    42:cc:2a:41:2b:c5:66:76:9a:01:50:7b:7e:d6:30:
                    e8:00:21:a0:ca:0d:d3:be:b1:40:61:14:9a:d1:32:
                    cf:ae:40:17:79:ea:85:28:1b:1a:db:59:5c:a7:5f:
                    23:7f:6f:39:96:52:f6:8a:45:66:4d:75:a6:8a:2b:
                    0a:f9:ae:64:ce:1f:be:c0:0e:74:2e:41:d7:fa:46:
                    85:32:77:66:a5:94:ca:d7:fd:11:5c:a0:5b:64:75:
                    0e:ac:78:69:ce:aa:f6:bb:3f:d9:fa:64:5c:b2:e4:
                    fd:34:10:4d:ca:f2:4d:1b:ca:8b:8c:e7:b6:fa:50:
                    c3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:4A:91:68:89:B4:6A:11:73:49:0C:E2:45:6C:4D:86:E8:83:7A:26
            X509v3 Authority Key Identifier:
                keyid:71:D8:B0:97:57:33:31:26:DF:B5:83:48:0E:A8:E2:D3:D3:46:C0:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdiwl1czMSbftYNIDqji09NGwI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/6b9626-fb1a-445e-b95a-b002f35be739/1/2EqRaIm0ahFzSQziRWxNhuiDeiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/6b9626-fb1a-445e-b95a-b002f35be739/1/cdiwl1czMSbftYNIDqji09NGwI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:c3:ac:15:d0:2f:cd:92:a7:3d:2e:1a:09:61:93:80:b6:0c:
         b1:54:ac:cc:9c:68:b2:31:38:bc:17:c4:cb:8d:f2:85:53:1c:
         94:83:4c:62:59:bd:93:99:3a:f0:84:38:17:5b:31:6a:f7:e0:
         98:99:34:a9:7c:d6:6c:de:52:d1:0c:85:c0:2a:35:3c:4a:8d:
         1a:b4:a3:62:f2:c2:b2:5b:da:22:fb:f1:f0:e0:f9:d3:f9:79:
         24:0c:16:d5:fa:d3:fb:bb:22:1b:8d:61:3c:7e:99:8b:ac:70:
         a3:68:ba:03:9d:03:87:e8:fc:f8:9f:20:ad:61:0f:63:c8:de:
         7d:80:7f:a5:12:ef:be:aa:3f:dd:34:34:2e:cc:3c:8f:2e:ef:
         95:07:df:5b:9e:db:bb:a3:e8:ef:49:3f:dd:04:49:57:ab:f8:
         97:0b:ce:cf:02:4c:4d:be:0a:cc:24:2c:da:e5:65:00:ce:49:
         af:de:3e:bd:16:ad:46:81:c4:f2:c3:9c:49:ee:56:6e:b6:01:
         d7:e5:18:bd:12:07:76:49:c0:2d:db:94:11:ff:e2:f8:f8:7d:
         ce:81:d7:ba:34:5e:6d:49:ab:df:97:13:a7:d4:df:43:ee:17:
         d6:59:bc:31:57:d0:7a:f5:46:f8:3e:1e:84:95:57:d3:f8:d3:
         0b:24:00:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoQL4y+wktRsmDMOsBHAZ74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZDhiMDk3NTczMzMxMjZkZmI1ODM0ODBlYThlMmQzZDM0
NmMwOGQwHhcNMjUxMDIzMDgyOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODRhOTE2ODg5YjQ2YTExNzM0OTBjZTI0NTZjNGQ4NmU4ODM3YTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1/LUAOk6kYSqa1hR47sFtd/pAYs
0Pp2eDmQrxXWM7wDutq1skPc419gNFNNJwK5605VZshhL90Nbz6Fjz81+V+edtYP
NDT7tNgm04eOhmR7LKFt/N7di0P7cge8/Ck84cZJuWqvZ9vZolabeZRuwDc0lSg3
BZFhwkf8x1bMNZu4l9CasoVCzCpBK8VmdpoBUHt+1jDoACGgyg3TvrFAYRSa0TLP
rkAXeeqFKBsa21lcp18jf285llL2ikVmTXWmiisK+a5kzh++wA50LkHX+kaFMndm
pZTK1/0RXKBbZHUOrHhpzqr2uz/Z+mRcsuT9NBBNyvJNG8qLjOe2+lDD7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhKkWiJtGoRc0kM4kVsTYbog3omMB8GA1UdIwQY
MBaAFHHYsJdXMzEm37WDSA6o4tPTRsCNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2Rpd2wxY3pNU2JmdFlOSURxamkwOU5Hd0kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy82Yjk2MjYtZmIxYS00NDVlLWI5NWEt
YjAwMmYzNWJlNzM5LzEvMkVxUmFJbTBhaEZ6U1F6aVJXeE5odWlEZWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy82Yjk2MjYtZmIxYS00NDVlLWI5NWEtYjAwMmYzNWJlNzM5
LzEvY2Rpd2wxY3pNU2JmdFlOSURxamkwOU5Hd0kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wUMA0G
CSqGSIb3DQEBCwUAA4IBAQAGw6wV0C/Nkqc9LhoJYZOAtgyxVKzMnGiyMTi8F8TL
jfKFUxyUg0xiWb2TmTrwhDgXWzFq9+CYmTSpfNZs3lLRDIXAKjU8So0atKNi8sKy
W9oi+/Hw4PnT+XkkDBbV+tP7uyIbjWE8fpmLrHCjaLoDnQOH6Pz4nyCtYQ9jyN59
gH+lEu++qj/dNDQuzDyPLu+VB99bntu7o+jvST/dBElXq/iXC87PAkxNvgrMJCza
5WUAzkmv3j69Fq1GgcTyw5xJ7lZutgHX5Ri9Egd2ScAt25QR/+L4+H3Ogde6NF5t
SavflxOn1N9D7hfWWbwxV9B69Ub4Ph6ElVfT+NMLJABD
-----END CERTIFICATE-----