Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/gzCdu4B60ulbYHwK_RiuV0cdwGw.roa
File:                     gzCdu4B60ulbYHwK_RiuV0cdwGw.roa (raw, json)
Hash identifier:          24bRCzIay5o/WHjWaKny9z4CXLaZwrpVpSj9NC5y3Ks=
Subject key identifier:   83:30:9D:BB:80:7A:D2:E9:5B:60:7C:0A:FD:18:AE:57:47:1D:C0:6C
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       019A2C4F42B24E3FD23C2D0FEA65DCAAE677
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/gzCdu4B60ulbYHwK_RiuV0cdwGw.roa
Signing time:             Tue 28 Oct 2025 19:33:03 +0000
ROA not before:           Tue 28 Oct 2025 19:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202678
IP address blocks:        195.85.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2c:4f:42:b2:4e:3f:d2:3c:2d:0f:ea:65:dc:aa:e6:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Oct 28 19:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83309dbb807ad2e95b607c0afd18ae57471dc06c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9e:6a:64:8a:44:14:bf:ac:b8:02:19:32:59:
                    e9:95:4b:ae:2b:f6:f1:d8:0c:20:f9:ac:22:40:18:
                    9e:c2:75:56:b9:1f:1d:58:72:e0:71:51:7d:bb:b7:
                    92:1e:bc:76:7c:7e:c4:b6:55:ec:35:e4:18:1e:1f:
                    6c:fd:09:d9:fb:7e:3c:b7:21:a8:db:5a:1b:f5:e9:
                    14:84:3a:d0:07:81:68:43:85:b5:4f:77:e7:dd:04:
                    22:5b:22:27:40:75:84:f5:0d:8e:29:7d:22:36:9a:
                    3c:d1:2c:ca:35:21:43:5e:75:62:d3:45:0e:0e:b5:
                    f8:ca:84:44:90:9e:0a:f3:5e:5f:9a:27:36:e1:5f:
                    c0:63:ca:9d:05:aa:62:a0:67:66:7d:dd:b0:a9:84:
                    c8:9b:9e:1e:98:56:2d:2b:16:80:81:67:c7:18:49:
                    c3:1e:1a:7d:4b:32:56:78:b5:e4:e9:b6:7c:8f:43:
                    62:bc:06:42:00:5f:e5:88:dd:ac:4b:d5:e8:ce:5b:
                    48:0e:8c:0c:a7:e7:ed:70:dd:9d:12:f0:80:67:58:
                    3d:87:2e:12:ee:15:de:e1:72:cd:cb:9a:a0:e1:46:
                    a4:b8:b9:24:03:e8:2a:d6:ce:80:36:9e:48:d9:69:
                    71:1c:c0:ad:d7:1d:e4:e9:a2:fe:fc:4f:5a:7a:2b:
                    e9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:30:9D:BB:80:7A:D2:E9:5B:60:7C:0A:FD:18:AE:57:47:1D:C0:6C
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/gzCdu4B60ulbYHwK_RiuV0cdwGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:57:dd:55:29:88:f1:9e:ec:21:f1:cc:33:7c:ef:70:83:93:
         4a:76:d3:50:19:62:ce:f1:00:19:c7:4a:9e:4c:16:a6:50:99:
         bc:0f:7f:a8:3f:0e:c6:99:0c:a3:86:6c:3f:a5:42:fb:b0:9b:
         8c:9b:64:b8:8e:a3:94:14:32:96:c5:70:03:bb:c6:8a:51:00:
         8f:5c:18:28:6a:99:a9:70:31:9f:28:9a:3c:e4:14:f2:9b:dd:
         15:50:8a:84:b3:fa:c1:10:df:21:2f:43:f8:1c:eb:3e:34:9f:
         99:84:3f:d7:54:28:76:cf:d6:e6:d2:8b:56:07:d0:7d:51:79:
         f1:1d:a9:f7:99:35:d1:dd:25:b5:42:40:5e:4c:31:d2:27:3d:
         60:62:4d:c7:6a:02:67:e0:3f:ff:2f:61:e2:72:b4:3c:d6:ce:
         3c:51:bb:99:bc:76:1f:35:74:56:fc:65:c7:ec:45:71:a6:3b:
         5d:a6:d1:bb:c5:d9:52:08:6b:94:9d:75:e3:ee:13:c2:12:0f:
         89:8d:5a:24:14:4f:a3:aa:4e:4f:75:df:40:4a:79:68:5f:5e:
         b9:e4:95:1d:49:69:5b:9f:d3:fb:3b:39:49:41:95:15:25:b5:
         c5:25:d2:55:e2:86:73:cf:aa:c3:48:e3:3a:b5:f1:17:76:c8:
         f3:9f:ec:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZosT0KyTj/SPC0P6mXcquZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjUxMDI4MTkzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzMwOWRiYjgwN2FkMmU5NWI2MDdjMGFmZDE4YWU1NzQ3MWRjMDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ5qZIpEFL+suAIZMlnplUuuK/bx
2Awg+awiQBiewnVWuR8dWHLgcVF9u7eSHrx2fH7EtlXsNeQYHh9s/QnZ+348tyGo
21ob9ekUhDrQB4FoQ4W1T3fn3QQiWyInQHWE9Q2OKX0iNpo80SzKNSFDXnVi00UO
DrX4yoREkJ4K815fmic24V/AY8qdBapioGdmfd2wqYTIm54emFYtKxaAgWfHGEnD
Hhp9SzJWeLXk6bZ8j0NivAZCAF/liN2sS9XozltIDowMp+ftcN2dEvCAZ1g9hy4S
7hXe4XLNy5qg4UakuLkkA+gq1s6ANp5I2WlxHMCt1x3k6aL+/E9aeivpxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMwnbuAetLpW2B8Cv0YrldHHcBsMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvZ3pDZHU0QjYwdWxiWUh3S19SaXVWMGNkd0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XJMA0G
CSqGSIb3DQEBCwUAA4IBAQALV91VKYjxnuwh8cwzfO9wg5NKdtNQGWLO8QAZx0qe
TBamUJm8D3+oPw7GmQyjhmw/pUL7sJuMm2S4jqOUFDKWxXADu8aKUQCPXBgoapmp
cDGfKJo85BTym90VUIqEs/rBEN8hL0P4HOs+NJ+ZhD/XVCh2z9bm0otWB9B9UXnx
Han3mTXR3SW1QkBeTDHSJz1gYk3HagJn4D//L2HicrQ81s48UbuZvHYfNXRW/GXH
7EVxpjtdptG7xdlSCGuUnXXj7hPCEg+JjVokFE+jqk5Pdd9ASnloX1655JUdSWlb
n9P7OzlJQZUVJbXFJdJV4oZzz6rDSOM6tfEXdsjzn+xL
-----END CERTIFICATE-----