Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/XiH0gOSpoMJFdvBjBWzlMvnZ9hs.roa
File:                     XiH0gOSpoMJFdvBjBWzlMvnZ9hs.roa (raw, json)
Hash identifier:          yKr2N5bCM8GXpbIakJJERWtJOnyqKHMRYj21ZgduTJA=
Subject key identifier:   5E:21:F4:80:E4:A9:A0:C2:45:76:F0:63:05:6C:E5:32:F9:D9:F6:1B
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       01991871B5FD9BA13691D8CDC390EB882F3A
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/XiH0gOSpoMJFdvBjBWzlMvnZ9hs.roa
Signing time:             Fri 05 Sep 2025 05:55:29 +0000
ROA not before:           Fri 05 Sep 2025 05:55:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51722
IP address blocks:        195.85.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:18:71:b5:fd:9b:a1:36:91:d8:cd:c3:90:eb:88:2f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Sep  5 05:55:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e21f480e4a9a0c24576f063056ce532f9d9f61b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:41:ce:e5:a1:b8:77:e0:bb:8b:42:f6:eb:82:
                    98:7d:73:dc:a0:5c:14:cd:d1:ed:b2:66:28:50:32:
                    71:19:90:7f:95:81:7a:d6:07:a0:10:96:6c:21:c9:
                    0c:50:7b:41:f9:31:6b:1d:c1:7b:f9:48:cd:51:50:
                    e1:56:14:f6:67:8a:45:7b:87:37:21:92:b9:46:1b:
                    43:73:fb:b0:0c:f5:a9:02:e6:85:fd:19:cf:87:fa:
                    20:9c:e2:38:71:87:12:5e:f0:f6:3c:fe:0f:5d:47:
                    ac:8c:f1:f3:17:22:61:6e:64:f6:87:95:20:98:6f:
                    2e:f7:9a:9b:7e:74:75:b9:89:cc:b1:88:b6:22:f7:
                    e7:a1:c8:cf:fb:9e:d7:34:b8:43:6a:9b:93:4b:bc:
                    b2:17:3b:df:18:c4:92:aa:35:93:d2:d1:27:c0:5c:
                    aa:05:28:ae:0d:ed:25:41:17:10:76:b1:cb:e2:8e:
                    7d:75:43:dd:e2:b8:5a:80:c5:20:4c:8c:53:3d:b8:
                    0e:0c:6c:62:7d:33:07:c6:23:db:38:72:14:b6:ac:
                    ae:0b:9c:34:71:4f:44:ba:23:47:76:3d:d4:2c:6e:
                    c2:aa:44:c5:17:94:ff:3a:40:a7:4c:0d:e6:bf:e8:
                    da:f6:29:2e:4e:7f:15:fc:f5:73:9d:3d:43:1e:7c:
                    66:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:21:F4:80:E4:A9:A0:C2:45:76:F0:63:05:6C:E5:32:F9:D9:F6:1B
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/XiH0gOSpoMJFdvBjBWzlMvnZ9hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:cb:25:d9:d5:a3:ca:49:95:7f:a4:e5:21:07:ce:9f:47:21:
         5c:b2:47:19:9d:82:34:2e:ee:ed:71:e1:48:27:e2:e6:19:76:
         67:5c:31:d4:a3:23:f5:06:fe:92:ff:cb:cb:16:f1:56:d6:78:
         9c:b8:31:6f:d3:99:aa:0b:cb:a5:92:bf:c4:77:7d:74:4d:2f:
         09:92:6d:a3:43:ca:e8:77:36:0a:7c:9e:5c:5b:6e:cf:fa:17:
         d6:7d:65:fa:6a:64:2a:49:cc:1b:80:41:fe:d8:b6:54:b4:05:
         3d:96:17:88:53:70:47:bb:60:0f:8c:1d:73:a3:9b:ea:f4:58:
         bf:05:8d:08:c5:fa:21:fc:7f:f1:7b:ed:03:28:3c:dc:e9:90:
         71:75:f9:7a:e7:9a:ae:a8:e6:25:d1:25:48:63:52:ae:50:19:
         d2:43:84:9b:6e:b7:3d:6a:f5:31:be:60:ca:4e:f4:dc:ee:a9:
         4f:f2:de:0d:e5:8b:ff:e0:47:d9:51:82:15:18:b5:92:ec:d0:
         6c:ba:30:e9:e3:64:b5:1a:27:b8:6e:08:eb:bb:d9:10:cb:02:
         6d:a8:82:19:08:1f:80:51:34:85:7b:89:83:21:24:c5:b2:b8:
         46:a7:00:1c:9f:6c:07:b7:c4:d4:36:61:f9:7e:27:74:12:82:
         ea:d6:94:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkYcbX9m6E2kdjNw5DriC86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjUwOTA1MDU1NTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTIxZjQ4MGU0YTlhMGMyNDU3NmYwNjMwNTZjZTUzMmY5ZDlmNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0HO5aG4d+C7i0L264KYfXPcoFwU
zdHtsmYoUDJxGZB/lYF61gegEJZsIckMUHtB+TFrHcF7+UjNUVDhVhT2Z4pFe4c3
IZK5RhtDc/uwDPWpAuaF/RnPh/ognOI4cYcSXvD2PP4PXUesjPHzFyJhbmT2h5Ug
mG8u95qbfnR1uYnMsYi2IvfnocjP+57XNLhDapuTS7yyFzvfGMSSqjWT0tEnwFyq
BSiuDe0lQRcQdrHL4o59dUPd4rhagMUgTIxTPbgODGxifTMHxiPbOHIUtqyuC5w0
cU9EuiNHdj3ULG7CqkTFF5T/OkCnTA3mv+ja9ikuTn8V/PVznT1DHnxmjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4h9IDkqaDCRXbwYwVs5TL52fYbMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvWGlIMGdPU3BvTUpGZHZCakJXemxNdm5aOWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XJMA0G
CSqGSIb3DQEBCwUAA4IBAQA3yyXZ1aPKSZV/pOUhB86fRyFcskcZnYI0Lu7tceFI
J+LmGXZnXDHUoyP1Bv6S/8vLFvFW1nicuDFv05mqC8ulkr/Ed310TS8Jkm2jQ8ro
dzYKfJ5cW27P+hfWfWX6amQqScwbgEH+2LZUtAU9lheIU3BHu2APjB1zo5vq9Fi/
BY0Ixfoh/H/xe+0DKDzc6ZBxdfl655quqOYl0SVIY1KuUBnSQ4Sbbrc9avUxvmDK
TvTc7qlP8t4N5Yv/4EfZUYIVGLWS7NBsujDp42S1Gie4bgjru9kQywJtqIIZCB+A
UTSFe4mDISTFsrhGpwAcn2wHt8TUNmH5fid0EoLq1pQh
-----END CERTIFICATE-----