Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/BkCfOAyCGeDGXBzB_CRhpnT85-o.roa
File:                     BkCfOAyCGeDGXBzB_CRhpnT85-o.roa (raw, json)
Hash identifier:          ZCOveNEcvLz0LB1AwVgKDEY4UTtWOnEKbeJWb81WBoE=
Subject key identifier:   06:40:9F:38:0C:82:19:E0:C6:5C:1C:C1:FC:24:61:A6:74:FC:E7:EA
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       0199672BB9072B0502053AF63E053B6C939E
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/BkCfOAyCGeDGXBzB_CRhpnT85-o.roa
Signing time:             Sat 20 Sep 2025 12:49:02 +0000
ROA not before:           Sat 20 Sep 2025 12:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202678
IP address blocks:        195.85.201.0/24 maxlen: 24
                          195.85.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:67:2b:b9:07:2b:05:02:05:3a:f6:3e:05:3b:6c:93:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Sep 20 12:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06409f380c8219e0c65c1cc1fc2461a674fce7ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:91:f6:bf:43:c5:45:6f:14:66:dc:15:6b:61:
                    63:99:0f:36:ea:3b:29:3d:4a:ac:60:0a:e2:a0:9e:
                    16:b5:0e:bf:e1:63:7f:16:bd:75:64:ba:7e:b0:ec:
                    14:89:e6:64:3a:77:44:3e:4c:b4:a0:66:2c:3e:04:
                    2b:ed:2e:7e:ef:92:f5:2c:6b:56:88:62:d0:6f:0d:
                    a3:fd:aa:9f:c6:fd:31:f8:43:9e:56:3a:4b:c9:47:
                    52:e9:9b:d6:8f:e4:79:f5:e1:8f:eb:13:05:24:de:
                    19:69:f8:be:be:10:24:0e:c8:09:a1:5c:c4:de:11:
                    22:99:a9:47:db:5b:a7:e0:b3:6a:58:9a:15:2e:0c:
                    b2:b3:e6:64:8a:23:78:c8:a4:bf:13:33:8b:55:9c:
                    0f:08:34:41:b5:c5:4a:20:df:ae:6e:ac:8e:ff:cb:
                    cc:5e:7d:e1:b4:38:3a:aa:92:3e:01:c2:57:d6:c6:
                    c7:f8:52:bf:71:51:35:3b:68:95:98:85:19:66:d1:
                    8a:13:f3:8f:c4:cd:bb:c1:b1:bb:ce:f6:8d:37:b6:
                    95:02:7d:65:82:d6:26:7c:37:98:93:c0:54:28:bf:
                    5c:be:d4:72:57:63:88:6d:53:f8:92:a4:06:39:13:
                    55:ae:42:6e:3f:a2:2f:44:00:b0:25:d7:ca:1d:ea:
                    3c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:40:9F:38:0C:82:19:E0:C6:5C:1C:C1:FC:24:61:A6:74:FC:E7:EA
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/BkCfOAyCGeDGXBzB_CRhpnT85-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.201.0/24
                  195.85.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:f5:95:35:9f:3d:04:5e:3c:1d:94:33:59:4e:2f:26:0d:da:
         0d:dd:3a:69:9f:35:f6:96:03:24:49:fd:e5:1f:b7:ac:28:28:
         56:a0:f5:e3:58:cf:6c:f1:47:5b:b1:85:04:35:df:a8:5f:c4:
         ac:75:48:e9:03:f2:10:26:ba:af:d1:69:b9:20:b8:ef:be:5f:
         a8:b0:84:8d:5a:22:47:84:b7:c6:48:ec:bc:60:3d:6f:cf:aa:
         a6:a3:9a:0b:13:dc:9b:fb:e6:bb:af:8e:73:a5:d7:a1:3d:a6:
         fd:fd:00:5f:ec:00:d8:17:89:ca:cc:b1:be:0b:e5:ff:22:63:
         0e:54:34:5f:36:5a:d3:1b:8a:33:f5:ad:c3:58:7f:66:94:f9:
         49:a8:51:a7:8f:ee:75:87:13:71:ad:36:4d:6e:e7:32:5f:9d:
         31:e0:e0:04:fd:e8:b4:60:4f:ec:3d:de:65:c0:73:d9:f2:7a:
         60:2d:2b:45:b9:89:9f:0d:54:84:ee:95:f0:72:b2:02:cd:d0:
         0f:f7:f0:9b:d9:24:4e:26:ef:ec:07:cf:da:98:44:22:09:88:
         09:37:d4:8a:db:52:a5:a1:8e:f3:e9:1a:be:12:af:e9:0d:cd:
         a3:4e:cf:f4:20:45:07:24:69:35:38:64:a8:1c:0e:7c:de:a9:
         0d:c2:00:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlnK7kHKwUCBTr2PgU7bJOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjUwOTIwMTI0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQwOWYzODBjODIxOWUwYzY1YzFjYzFmYzI0NjFhNjc0ZmNlN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpH2v0PFRW8UZtwVa2FjmQ826jsp
PUqsYArioJ4WtQ6/4WN/Fr11ZLp+sOwUieZkOndEPky0oGYsPgQr7S5+75L1LGtW
iGLQbw2j/aqfxv0x+EOeVjpLyUdS6ZvWj+R59eGP6xMFJN4Zafi+vhAkDsgJoVzE
3hEimalH21un4LNqWJoVLgyys+ZkiiN4yKS/EzOLVZwPCDRBtcVKIN+ubqyO/8vM
Xn3htDg6qpI+AcJX1sbH+FK/cVE1O2iVmIUZZtGKE/OPxM27wbG7zvaNN7aVAn1l
gtYmfDeYk8BUKL9cvtRyV2OIbVP4kqQGORNVrkJuP6IvRACwJdfKHeo8WQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAZAnzgMghngxlwcwfwkYaZ0/OfqMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvQmtDZk9BeUNHZURHWEJ6Ql9DUmhwblQ4NS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1XJAwQA
w1XNMA0GCSqGSIb3DQEBCwUAA4IBAQAA9ZU1nz0EXjwdlDNZTi8mDdoN3TppnzX2
lgMkSf3lH7esKChWoPXjWM9s8UdbsYUENd+oX8SsdUjpA/IQJrqv0Wm5ILjvvl+o
sISNWiJHhLfGSOy8YD1vz6qmo5oLE9yb++a7r45zpdehPab9/QBf7ADYF4nKzLG+
C+X/ImMOVDRfNlrTG4oz9a3DWH9mlPlJqFGnj+51hxNxrTZNbucyX50x4OAE/ei0
YE/sPd5lwHPZ8npgLStFuYmfDVSE7pXwcrICzdAP9/Cb2SROJu/sB8/amEQiCYgJ
N9SK21KloY7z6Rq+Eq/pDc2jTs/0IEUHJGk1OGSoHA583qkNwgCP
-----END CERTIFICATE-----