Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/xpGPm8doChOtU-RLJwfI6J2_2pE.roa
File:                     xpGPm8doChOtU-RLJwfI6J2_2pE.roa (raw, json)
Hash identifier:          Q+zp0nrHHDLtwJs9nHZ2VnA34/82Rp5NA50n42Hv6uk=
Subject key identifier:   C6:91:8F:9B:C7:68:0A:13:AD:53:E4:4B:27:07:C8:E8:9D:BF:DA:91
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       019A2C4F420DDD88B5696C42A6E165553A4E
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/xpGPm8doChOtU-RLJwfI6J2_2pE.roa
Signing time:             Tue 28 Oct 2025 19:33:02 +0000
ROA not before:           Tue 28 Oct 2025 19:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51722
IP address blocks:        195.85.201.0/24 maxlen: 24
                          195.85.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2c:4f:42:0d:dd:88:b5:69:6c:42:a6:e1:65:55:3a:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Oct 28 19:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6918f9bc7680a13ad53e44b2707c8e89dbfda91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:12:cf:48:aa:f8:57:69:74:13:b1:c2:92:7b:
                    a4:96:46:e4:c8:f0:66:8b:4e:06:fd:32:4c:59:e2:
                    ab:28:5a:c9:63:35:0d:ae:b2:22:5d:d9:6b:84:e5:
                    6f:7b:f4:e7:98:7b:ff:cd:e1:8a:a8:8c:e3:ad:d1:
                    2d:cc:a5:f6:50:6f:aa:6d:af:1e:c7:fb:28:6e:9a:
                    99:9c:31:57:d9:bf:3c:fc:14:a0:a1:ff:76:ba:74:
                    46:a2:92:30:ed:07:3d:bf:e0:33:62:9b:ef:4b:10:
                    4b:6d:da:f3:de:24:b9:38:c3:4b:05:7f:a8:4a:42:
                    40:f0:5e:ba:e7:15:6d:e4:66:6a:e4:f3:57:3a:de:
                    b7:12:44:61:a5:e3:5e:0a:10:ff:ff:0b:07:d6:de:
                    c7:e8:73:b4:9d:72:2d:21:91:21:c9:78:17:b4:2e:
                    a4:6d:de:c1:8a:91:46:2c:b0:6f:d0:12:01:14:e6:
                    67:3f:2a:ee:e9:42:da:2e:f8:d6:89:3b:c1:bf:30:
                    78:f3:a8:cd:25:15:b2:30:12:9d:08:20:93:91:53:
                    e8:24:56:ff:ce:b9:af:7f:bd:52:ed:c3:e4:9f:bc:
                    5e:43:65:32:7b:9d:3a:37:6a:16:34:3f:60:b3:5f:
                    56:56:43:25:82:22:d7:b4:3c:87:52:84:e7:cd:e6:
                    df:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:91:8F:9B:C7:68:0A:13:AD:53:E4:4B:27:07:C8:E8:9D:BF:DA:91
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/xpGPm8doChOtU-RLJwfI6J2_2pE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.201.0/24
                  195.85.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:35:c9:27:af:95:45:c0:4f:9d:9e:15:e1:75:87:1c:d6:8b:
         82:99:4a:81:a9:73:23:82:c3:3d:76:d4:87:31:32:e0:52:b8:
         2c:1e:10:9b:89:28:95:fb:e2:70:5c:95:5d:a2:80:19:a5:17:
         42:92:f4:b4:79:85:1e:20:fe:c4:60:4f:74:8a:15:3d:2c:eb:
         cf:6f:d7:a5:35:c2:9f:04:1e:56:f3:83:b9:dd:f7:5f:de:29:
         46:79:b8:de:60:78:9e:bc:0e:47:90:cb:33:53:d4:4c:08:42:
         31:e5:7e:3d:b8:9d:42:6d:ea:c7:75:a8:9b:f6:8b:6f:b7:a9:
         18:8a:eb:c8:1f:78:0f:dc:3a:55:96:11:53:96:ef:80:bf:95:
         bf:ff:52:f5:78:68:b2:e8:c9:82:d5:37:cc:cd:50:41:7e:8f:
         a5:3a:5e:f9:a6:0e:7b:2e:6e:a1:4e:da:8b:64:58:18:4a:7c:
         1c:ac:84:fb:fd:96:b1:cb:b2:b4:4a:41:56:6f:22:c3:34:48:
         81:27:da:c6:09:3e:ec:74:83:a8:2e:83:03:84:28:01:60:ce:
         31:31:62:af:6f:4e:0d:7f:94:65:aa:3c:00:04:dd:cc:84:bb:
         fa:40:93:99:03:04:3d:a8:63:b5:af:f6:6a:01:c7:c6:71:ae:
         60:55:8d:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZosT0IN3Yi1aWxCpuFlVTpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjUxMDI4MTkzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjkxOGY5YmM3NjgwYTEzYWQ1M2U0NGIyNzA3YzhlODlkYmZkYTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRLPSKr4V2l0E7HCknuklkbkyPBm
i04G/TJMWeKrKFrJYzUNrrIiXdlrhOVve/TnmHv/zeGKqIzjrdEtzKX2UG+qba8e
x/sobpqZnDFX2b88/BSgof92unRGopIw7Qc9v+AzYpvvSxBLbdrz3iS5OMNLBX+o
SkJA8F665xVt5GZq5PNXOt63EkRhpeNeChD//wsH1t7H6HO0nXItIZEhyXgXtC6k
bd7BipFGLLBv0BIBFOZnPyru6ULaLvjWiTvBvzB486jNJRWyMBKdCCCTkVPoJFb/
zrmvf71S7cPkn7xeQ2Uye506N2oWND9gs19WVkMlgiLXtDyHUoTnzebf3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMaRj5vHaAoTrVPkSycHyOidv9qRMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEveHBHUG04ZG9DaE90VS1STEp3Zkk2SjJfMnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1XJAwQA
w1XNMA0GCSqGSIb3DQEBCwUAA4IBAQAPNcknr5VFwE+dnhXhdYcc1ouCmUqBqXMj
gsM9dtSHMTLgUrgsHhCbiSiV++JwXJVdooAZpRdCkvS0eYUeIP7EYE90ihU9LOvP
b9elNcKfBB5W84O53fdf3ilGebjeYHievA5HkMszU9RMCEIx5X49uJ1CberHdaib
9otvt6kYiuvIH3gP3DpVlhFTlu+Av5W//1L1eGiy6MmC1TfMzVBBfo+lOl75pg57
Lm6hTtqLZFgYSnwcrIT7/Zaxy7K0SkFWbyLDNEiBJ9rGCT7sdIOoLoMDhCgBYM4x
MWKvb04Nf5RlqjwABN3MhLv6QJOZAwQ9qGO1r/ZqAcfGca5gVY0C
-----END CERTIFICATE-----