Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/1OlJ8NsOKOD01xCWoiIyjWdp4Bc.roa
File:                     1OlJ8NsOKOD01xCWoiIyjWdp4Bc.roa (raw, json)
Hash identifier:          iQo57+gdJ9Vjj/7Kiw7OwFjSsiapovLAZi6ylkwjliY=
Subject key identifier:   D4:E9:49:F0:DB:0E:28:E0:F4:D7:10:96:A2:22:32:8D:67:69:E0:17
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019E79AA57A45A8289A0C919F1B2B49CA991
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/1OlJ8NsOKOD01xCWoiIyjWdp4Bc.roa
Signing time:             Sat 30 May 2026 16:14:27 +0000
ROA not before:           Sat 30 May 2026 16:14:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201949
IP address blocks:        95.170.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:79:aa:57:a4:5a:82:89:a0:c9:19:f1:b2:b4:9c:a9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: May 30 16:14:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4e949f0db0e28e0f4d71096a222328d6769e017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:1e:0e:d5:1c:05:a0:cc:25:0f:ba:00:c8:66:
                    9d:64:18:5c:1c:3e:50:4f:15:59:54:dc:c9:52:b7:
                    af:0f:60:d6:b2:a3:9a:ab:3f:8d:40:65:c5:9d:b1:
                    43:a7:c0:94:50:89:48:f6:c3:1c:a1:12:4b:80:64:
                    41:bf:2b:8d:c8:f9:5d:92:94:b0:f1:d8:d3:29:b3:
                    73:d2:03:2e:b6:b9:28:a4:99:81:bd:54:59:7b:a3:
                    54:df:07:5b:b3:ed:c4:50:c7:9f:61:ab:d7:9d:1d:
                    28:93:f6:f2:3c:04:40:6d:8a:4c:82:74:e2:2d:af:
                    66:0d:c9:9f:b8:2e:14:d9:5a:1c:c7:1b:5c:4c:69:
                    0c:bf:77:da:0c:6f:32:eb:c8:4b:74:d6:7f:04:e0:
                    9a:ae:cd:42:3a:fc:b2:f0:d4:b4:bb:66:97:90:8d:
                    74:a7:09:2b:f1:3f:71:59:49:97:ec:dd:dc:be:67:
                    ad:8b:da:90:c0:8f:c4:6f:48:30:69:6d:f0:52:d8:
                    34:73:87:0d:6e:e3:6a:41:6b:39:ae:23:d3:a8:36:
                    44:ae:02:a3:63:2d:99:8e:d8:1e:0e:2b:13:0f:45:
                    26:c2:20:f8:41:2a:7b:4e:c2:2e:00:c6:ce:16:ec:
                    09:3d:e2:84:67:f0:c7:dc:93:6c:79:6a:4e:04:9d:
                    a6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:E9:49:F0:DB:0E:28:E0:F4:D7:10:96:A2:22:32:8D:67:69:E0:17
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/1OlJ8NsOKOD01xCWoiIyjWdp4Bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a2:7f:d5:72:c0:f7:b7:8b:22:04:43:9a:09:21:bd:20:ea:
         ee:e8:4d:46:95:fb:cd:8d:70:09:47:8c:af:23:c1:1f:86:eb:
         ed:96:34:2a:b4:8c:7b:07:35:13:07:fb:ca:66:b0:55:65:4d:
         58:77:e9:f5:a6:8f:e6:d3:22:55:3e:37:ac:33:47:52:37:b7:
         a2:b0:41:f0:87:f4:a9:c5:01:28:86:9c:b8:65:54:33:8b:f6:
         55:48:ed:02:56:b7:1d:b5:65:f2:df:e2:57:33:3b:d0:d9:aa:
         bc:ae:b3:d6:78:3b:50:e4:7d:89:da:7f:f9:fb:11:e4:ac:34:
         f5:57:3d:55:6d:1a:76:44:4d:9b:85:02:75:5b:76:d4:3d:39:
         0f:8f:f5:bc:65:f4:58:c3:4d:49:d4:9b:3d:31:7a:7f:bf:0c:
         d0:d5:1d:bb:f6:35:df:d3:3a:de:08:77:0a:69:04:a5:1a:25:
         8c:d0:6e:55:d3:f5:b2:28:0d:82:4e:26:b6:96:bd:2f:ee:21:
         32:6d:f1:37:09:8f:b9:85:77:cf:64:bd:ee:f1:98:a4:e3:b9:
         c5:b3:7e:9a:e0:e2:32:71:85:af:2e:6b:a3:a2:a1:6b:5c:82:
         5f:77:5d:e7:e2:c1:f1:69:3c:54:67:18:51:41:ec:8e:9d:24:
         c3:86:39:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ55qlekWoKJoMkZ8bK0nKmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjYwNTMwMTYxNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGU5NDlmMGRiMGUyOGUwZjRkNzEwOTZhMjIyMzI4ZDY3NjllMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8B4O1RwFoMwlD7oAyGadZBhcHD5Q
TxVZVNzJUrevD2DWsqOaqz+NQGXFnbFDp8CUUIlI9sMcoRJLgGRBvyuNyPldkpSw
8djTKbNz0gMutrkopJmBvVRZe6NU3wdbs+3EUMefYavXnR0ok/byPARAbYpMgnTi
La9mDcmfuC4U2VocxxtcTGkMv3faDG8y68hLdNZ/BOCars1COvyy8NS0u2aXkI10
pwkr8T9xWUmX7N3cvmeti9qQwI/Eb0gwaW3wUtg0c4cNbuNqQWs5riPTqDZErgKj
Yy2ZjtgeDisTD0UmwiD4QSp7TsIuAMbOFuwJPeKEZ/DH3JNseWpOBJ2m+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTpSfDbDijg9NcQlqIiMo1naeAXMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvMU9sSjhOc09LT0QwMXhDV29pSXlqV2RwNEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oUMA0G
CSqGSIb3DQEBCwUAA4IBAQCVon/VcsD3t4siBEOaCSG9IOru6E1GlfvNjXAJR4yv
I8EfhuvtljQqtIx7BzUTB/vKZrBVZU1Yd+n1po/m0yJVPjesM0dSN7eisEHwh/Sp
xQEohpy4ZVQzi/ZVSO0CVrcdtWXy3+JXMzvQ2aq8rrPWeDtQ5H2J2n/5+xHkrDT1
Vz1VbRp2RE2bhQJ1W3bUPTkPj/W8ZfRYw01J1Js9MXp/vwzQ1R279jXf0zreCHcK
aQSlGiWM0G5V0/WyKA2CTia2lr0v7iEybfE3CY+5hXfPZL3u8Zik47nFs36a4OIy
cYWvLmujoqFrXIJfd13n4sHxaTxUZxhRQeyOnSTDhjk5
-----END CERTIFICATE-----