Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/cBODpnstJEahdgyKBdPPcprqjuM.roa
File:                     cBODpnstJEahdgyKBdPPcprqjuM.roa (raw, json)
Hash identifier:          3cEAgLPYKWsTQZ+bcZEZH12X2epex4/tLpkeAuOD6Vw=
Subject key identifier:   70:13:83:A6:7B:2D:24:46:A1:76:0C:8A:05:D3:CF:72:9A:EA:8E:E3
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       0199187376555754E1BFF760EAB61E0B7E30
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/cBODpnstJEahdgyKBdPPcprqjuM.roa
Signing time:             Fri 05 Sep 2025 05:57:23 +0000
ROA not before:           Fri 05 Sep 2025 05:57:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202678
IP address blocks:        195.85.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:18:73:76:55:57:54:e1:bf:f7:60:ea:b6:1e:0b:7e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Sep  5 05:57:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=701383a67b2d2446a1760c8a05d3cf729aea8ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:da:e8:0c:bb:ad:36:87:2c:7a:f0:6c:c1:07:
                    24:bd:55:a0:ac:5f:af:3b:d1:49:f2:4e:48:57:b8:
                    bd:b9:d2:aa:39:ff:80:b0:1f:84:57:a3:13:f2:2b:
                    0f:0f:94:a5:f3:4a:c2:05:19:32:f3:d3:a8:b7:6b:
                    cd:1a:99:5f:9a:c5:fa:90:b6:30:97:f7:37:b5:de:
                    17:d6:22:29:35:e1:75:d6:20:1f:e8:a7:fe:e7:e5:
                    02:a1:c6:d5:c8:74:94:5e:07:f5:15:1f:e5:16:58:
                    d5:64:d0:52:09:5c:e9:67:c7:1f:52:a8:85:31:97:
                    47:c1:ed:2a:1c:ed:dd:2d:1d:16:75:f2:10:64:23:
                    5b:5e:05:c1:cd:79:02:d3:14:54:95:e5:02:cd:21:
                    ee:33:b6:67:69:69:0a:96:64:d9:32:6e:6b:dc:fe:
                    75:39:a9:25:87:a1:f4:6f:7b:84:91:10:9c:a0:a0:
                    b7:d5:01:3b:f2:d1:c2:1d:dc:0b:f6:1f:6d:19:fa:
                    c3:fa:64:ea:59:4f:f2:aa:95:77:78:46:63:f9:99:
                    c6:56:d0:55:30:a7:6b:86:5f:37:c2:51:54:c6:03:
                    53:95:27:d9:9f:dc:c3:ab:7d:13:51:46:70:57:c8:
                    97:7d:aa:f2:0e:f0:97:99:a0:5c:dc:b1:1c:7c:e8:
                    24:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:13:83:A6:7B:2D:24:46:A1:76:0C:8A:05:D3:CF:72:9A:EA:8E:E3
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/cBODpnstJEahdgyKBdPPcprqjuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:9b:65:b4:d2:a9:61:90:32:72:a1:f1:0c:c9:29:12:9c:06:
         24:8b:66:c8:73:19:de:1a:a5:18:a0:3e:c2:0e:68:0b:01:24:
         67:b2:1a:b1:d1:6c:aa:82:cf:48:0d:a1:2c:22:21:b4:13:af:
         52:b7:0c:4d:60:de:75:2d:f8:59:19:2a:0e:07:a1:7a:62:a2:
         0f:f6:59:9d:91:21:be:01:f8:52:af:93:23:62:4a:99:f3:09:
         20:33:e6:75:23:06:1d:be:01:7a:c6:e2:29:b9:9a:46:60:1e:
         e0:b9:f9:4c:bf:8c:d3:42:4e:af:06:dd:b9:03:26:45:7e:74:
         9a:de:cf:40:7a:ee:53:3b:81:a2:91:f0:81:e5:30:e9:e5:90:
         65:bc:b5:3c:bb:8c:04:57:99:5a:99:b2:96:c5:83:fd:84:70:
         8a:7f:88:23:6b:bb:2f:8a:39:e6:b2:1a:2d:fa:38:c0:f7:65:
         0c:e8:93:1a:2f:46:13:2b:14:20:aa:78:0b:7e:32:bf:46:6c:
         82:f1:0b:20:2a:44:00:79:4a:0a:75:c9:8f:be:81:f8:a8:5d:
         a9:24:58:2f:14:a9:c9:2f:d2:1f:02:31:98:25:0c:18:34:90:
         15:f1:3a:09:71:e7:a3:73:9a:4b:fd:38:88:89:44:2b:11:48:
         34:d0:5e:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkYc3ZVV1Thv/dg6rYeC34wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjUwOTA1MDU1NzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDEzODNhNjdiMmQyNDQ2YTE3NjBjOGEwNWQzY2Y3MjlhZWE4ZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9roDLutNocsevBswQckvVWgrF+v
O9FJ8k5IV7i9udKqOf+AsB+EV6MT8isPD5Sl80rCBRky89Oot2vNGplfmsX6kLYw
l/c3td4X1iIpNeF11iAf6Kf+5+UCocbVyHSUXgf1FR/lFljVZNBSCVzpZ8cfUqiF
MZdHwe0qHO3dLR0WdfIQZCNbXgXBzXkC0xRUleUCzSHuM7ZnaWkKlmTZMm5r3P51
Oaklh6H0b3uEkRCcoKC31QE78tHCHdwL9h9tGfrD+mTqWU/yqpV3eEZj+ZnGVtBV
MKdrhl83wlFUxgNTlSfZn9zDq30TUUZwV8iXfaryDvCXmaBc3LEcfOgkeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHATg6Z7LSRGoXYMigXTz3Ka6o7jMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvY0JPRHBuc3RKRWFoZGd5S0JkUFBjcHJxanVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XNMA0G
CSqGSIb3DQEBCwUAA4IBAQAlm2W00qlhkDJyofEMySkSnAYki2bIcxneGqUYoD7C
DmgLASRnshqx0Wyqgs9IDaEsIiG0E69StwxNYN51LfhZGSoOB6F6YqIP9lmdkSG+
AfhSr5MjYkqZ8wkgM+Z1IwYdvgF6xuIpuZpGYB7guflMv4zTQk6vBt25AyZFfnSa
3s9Aeu5TO4GikfCB5TDp5ZBlvLU8u4wEV5lambKWxYP9hHCKf4gja7svijnmshot
+jjA92UM6JMaL0YTKxQgqngLfjK/RmyC8QsgKkQAeUoKdcmPvoH4qF2pJFgvFKnJ
L9IfAjGYJQwYNJAV8ToJceejc5pL/TiIiUQrEUg00F4u
-----END CERTIFICATE-----