Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/qo7C66bX7nZgf8bu0aV4Y1bWXgg.roa
File:                     qo7C66bX7nZgf8bu0aV4Y1bWXgg.roa (raw, json)
Hash identifier:          NUZhkr2nCngDCv92miXKv65EN2+fNIqBrJSkpKYvV70=
Subject key identifier:   AA:8E:C2:EB:A6:D7:EE:76:60:7F:C6:EE:D1:A5:78:63:56:D6:5E:08
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019D9550E5F0A50D70FA2908D91968222FC2
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/qo7C66bX7nZgf8bu0aV4Y1bWXgg.roa
Signing time:             Thu 16 Apr 2026 08:03:20 +0000
ROA not before:           Thu 16 Apr 2026 08:03:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        95.170.22.0/24 maxlen: 24
                          95.170.23.0/24 maxlen: 24
                          95.170.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:50:e5:f0:a5:0d:70:fa:29:08:d9:19:68:22:2f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Apr 16 08:03:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa8ec2eba6d7ee76607fc6eed1a5786356d65e08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c5:f5:07:92:63:d7:d5:36:82:24:09:af:6e:
                    a0:cd:c3:d8:4a:2b:54:b2:5d:15:72:f6:3d:4f:5f:
                    97:5b:26:e0:8a:5f:07:98:42:a1:14:60:2b:4e:48:
                    19:9b:91:20:ec:80:d3:70:21:aa:f8:3e:38:85:1d:
                    24:a9:d5:3c:bb:84:fa:e8:7a:7c:4a:b3:61:c8:a6:
                    00:6b:44:ee:bf:ca:43:64:3b:6f:df:48:23:06:22:
                    fb:23:07:a1:13:70:d8:6c:98:f2:d8:6a:36:4d:0f:
                    ee:e0:27:22:0d:94:04:ca:c9:74:c1:58:f1:0b:37:
                    34:10:23:61:91:e4:15:9f:f9:ea:c5:c2:0e:31:7c:
                    ba:2c:0b:dd:61:de:35:19:19:7b:ec:fe:a2:64:e4:
                    6a:ba:18:d8:45:4d:88:e4:d5:4b:4b:26:b9:79:21:
                    26:df:9f:87:a1:c3:10:77:6c:ac:7b:48:6c:ad:93:
                    f8:91:78:9f:32:35:10:ea:d4:87:f3:6e:e0:ae:3e:
                    42:16:3f:e7:bc:9f:7c:38:46:2f:83:5b:32:5f:5c:
                    77:11:a4:02:19:14:1a:82:8b:9a:2c:01:b1:ef:55:
                    37:d5:2e:45:7b:e0:35:5f:02:ed:2c:16:f4:08:4c:
                    fb:a7:33:67:a9:e0:31:db:35:38:d5:7a:5a:b6:47:
                    7d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8E:C2:EB:A6:D7:EE:76:60:7F:C6:EE:D1:A5:78:63:56:D6:5E:08
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/qo7C66bX7nZgf8bu0aV4Y1bWXgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.22.0/23
                  95.170.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:0d:02:eb:74:37:28:c7:3e:18:41:3a:18:c8:ff:af:dd:2f:
         6d:6d:af:61:65:5f:ea:01:71:cb:ca:ff:7c:6b:55:a3:b9:c8:
         84:f9:a0:69:7b:df:47:b5:98:68:87:f4:7c:40:7a:ff:29:94:
         f6:4d:f2:ef:57:cb:c5:d5:cf:cb:75:03:09:36:08:23:88:c7:
         cd:86:b0:24:cc:83:15:17:65:69:14:4b:dd:70:e4:f4:79:52:
         fc:c0:96:e5:8c:72:8e:92:de:b9:dd:15:3c:69:47:fa:68:a9:
         f6:be:37:f8:27:46:c9:3a:0f:46:cd:df:70:5c:1c:7d:ba:93:
         90:a1:60:18:2b:43:a4:70:8f:c3:fe:d5:3e:e2:71:3c:29:b5:
         9d:5e:9d:8a:08:77:c0:81:56:f0:52:02:e9:ec:ed:82:19:f2:
         7a:b0:33:70:1c:50:c4:77:e0:f0:d1:bc:48:5d:f6:51:e2:36:
         ce:37:1a:fc:59:bc:2b:d1:af:91:54:61:63:d2:4f:d9:23:c4:
         21:11:74:1b:b5:11:f3:73:7d:4c:18:13:87:c8:6b:c8:f5:c1:
         80:df:79:fb:35:9e:d6:30:13:1d:38:99:4d:53:6a:60:f8:f3:
         9f:a7:b7:aa:2f:d6:e8:4c:14:bb:ec:04:ec:27:71:58:57:9c:
         81:f8:fc:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2VUOXwpQ1w+ikI2RloIi/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjYwNDE2MDgwMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYThlYzJlYmE2ZDdlZTc2NjA3ZmM2ZWVkMWE1Nzg2MzU2ZDY1ZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssX1B5Jj19U2giQJr26gzcPYSitU
sl0VcvY9T1+XWybgil8HmEKhFGArTkgZm5Eg7IDTcCGq+D44hR0kqdU8u4T66Hp8
SrNhyKYAa0Tuv8pDZDtv30gjBiL7IwehE3DYbJjy2Go2TQ/u4CciDZQEysl0wVjx
Czc0ECNhkeQVn/nqxcIOMXy6LAvdYd41GRl77P6iZORquhjYRU2I5NVLSya5eSEm
35+HocMQd2yse0hsrZP4kXifMjUQ6tSH827grj5CFj/nvJ98OEYvg1syX1x3EaQC
GRQagouaLAGx71U31S5Fe+A1XwLtLBb0CEz7pzNnqeAx2zU41Xpatkd9PQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKqOwuum1+52YH/G7tGleGNW1l4IMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvcW83QzY2Ylg3blpnZjhidTBhVjRZMWJXWGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBX6oWAwQA
X6ocMA0GCSqGSIb3DQEBCwUAA4IBAQBTDQLrdDcoxz4YQToYyP+v3S9tba9hZV/q
AXHLyv98a1WjuciE+aBpe99HtZhoh/R8QHr/KZT2TfLvV8vF1c/LdQMJNggjiMfN
hrAkzIMVF2VpFEvdcOT0eVL8wJbljHKOkt653RU8aUf6aKn2vjf4J0bJOg9Gzd9w
XBx9upOQoWAYK0OkcI/D/tU+4nE8KbWdXp2KCHfAgVbwUgLp7O2CGfJ6sDNwHFDE
d+Dw0bxIXfZR4jbONxr8Wbwr0a+RVGFj0k/ZI8QhEXQbtRHzc31MGBOHyGvI9cGA
33n7NZ7WMBMdOJlNU2pg+POfp7eqL9boTBS77ATsJ3FYV5yB+Pys
-----END CERTIFICATE-----