Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/IQXTtVHze1IXoXyJqdh9nwPWeHs.roa
File:                     IQXTtVHze1IXoXyJqdh9nwPWeHs.roa (raw, json)
Hash identifier:          siOcI04XjEZl0t1nX+KyiRbWYR5EN6LmCvslwid92wA=
Subject key identifier:   21:05:D3:B5:51:F3:7B:52:17:A1:7C:89:A9:D8:7D:9F:03:D6:78:7B
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       0196C52A1045463BDE79E546E4A7C81DCDAF
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/IQXTtVHze1IXoXyJqdh9nwPWeHs.roa
Signing time:             Mon 12 May 2025 15:43:10 +0000
ROA not before:           Mon 12 May 2025 15:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202678
IP address blocks:        195.85.201.0/24 maxlen: 24
                          195.85.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c5:2a:10:45:46:3b:de:79:e5:46:e4:a7:c8:1d:cd:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: May 12 15:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2105d3b551f37b5217a17c89a9d87d9f03d6787b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:70:1f:9f:09:f8:fd:e5:eb:6d:50:e5:9e:e7:
                    80:c7:9f:68:e9:85:ec:90:3b:e0:d6:90:07:73:33:
                    12:fd:16:35:79:91:66:0b:a9:f1:cb:da:d0:ff:d8:
                    e1:3f:10:9a:d8:a4:0f:74:8a:07:f5:b9:c3:4d:1f:
                    d6:c5:0c:bf:39:be:55:84:40:58:60:4a:b1:1c:c1:
                    69:a5:c5:af:1c:66:05:23:62:31:65:8d:f5:4b:7d:
                    ea:c8:86:4f:cd:f3:a3:6f:36:fc:42:3f:37:d2:dd:
                    a5:07:ad:8d:67:f9:e4:c9:3c:38:2b:20:84:7f:04:
                    63:27:45:93:e0:e2:15:67:69:c7:1f:ac:e3:5e:16:
                    f1:d2:b4:70:63:0d:b4:52:3a:e4:aa:5e:6d:f3:d2:
                    0b:0f:41:5e:00:41:58:06:ee:7d:de:3e:ca:8f:d2:
                    2a:53:90:30:39:ae:cb:f8:78:5d:78:71:22:53:0c:
                    28:f4:f1:6f:b9:a9:cd:7e:29:38:a0:d3:55:2d:5d:
                    af:75:50:04:25:97:e8:53:8c:3b:55:06:5f:8d:16:
                    41:e7:fb:68:92:4e:b8:1b:69:3b:8c:d8:fd:aa:b3:
                    01:a4:6e:66:21:ad:a4:d1:32:b0:3d:b2:f8:45:cf:
                    17:cb:a6:d7:97:1e:7e:7a:92:80:fb:4e:d3:06:0d:
                    26:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:05:D3:B5:51:F3:7B:52:17:A1:7C:89:A9:D8:7D:9F:03:D6:78:7B
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/IQXTtVHze1IXoXyJqdh9nwPWeHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.201.0/24
                  195.85.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:7d:59:14:1a:c9:1f:9c:e5:df:17:57:c7:5a:55:ab:d8:23:
         13:72:a7:ce:a0:a8:aa:47:f8:63:f3:27:a1:f2:76:1c:aa:b2:
         3f:54:f3:a7:92:88:05:d2:d7:60:4e:93:62:d6:1f:5a:61:f2:
         69:fd:93:f7:a2:8d:8e:18:2e:04:70:68:ab:90:53:61:a2:23:
         05:a0:fd:b0:bf:84:9f:b2:71:28:e5:b0:4c:eb:55:42:f3:6d:
         3b:ed:16:e9:37:ed:0e:95:2b:2a:2e:94:d2:07:e7:1e:a3:33:
         cf:6e:97:05:03:2d:2b:d5:27:c3:e2:16:ee:8c:a0:df:4d:4a:
         d0:08:17:fe:c9:22:64:79:1c:79:21:33:72:e1:73:07:41:7b:
         6b:8b:2e:0e:21:85:7e:2e:c5:5d:3d:ad:82:1b:bc:b4:d4:6d:
         35:9d:34:88:64:3e:12:a9:1d:0a:83:94:8f:0f:f7:a3:29:c7:
         2d:63:96:30:93:ee:36:67:d0:e0:cb:65:9d:07:6b:35:5a:2e:
         d6:40:91:c5:90:9a:47:43:50:b5:f5:56:7a:a7:6c:b7:88:5f:
         95:bd:89:e4:f2:12:40:93:9e:7a:a0:41:f8:fe:6b:3c:1e:cf:
         3d:c2:a8:eb:c0:d3:bf:1e:74:2d:85:64:18:6f:a1:70:f6:00:
         42:c8:84:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbFKhBFRjveeeVG5KfIHc2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjUwNTEyMTU0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTA1ZDNiNTUxZjM3YjUyMTdhMTdjODlhOWQ4N2Q5ZjAzZDY3ODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXAfnwn4/eXrbVDlnueAx59o6YXs
kDvg1pAHczMS/RY1eZFmC6nxy9rQ/9jhPxCa2KQPdIoH9bnDTR/WxQy/Ob5VhEBY
YEqxHMFppcWvHGYFI2IxZY31S33qyIZPzfOjbzb8Qj830t2lB62NZ/nkyTw4KyCE
fwRjJ0WT4OIVZ2nHH6zjXhbx0rRwYw20Ujrkql5t89ILD0FeAEFYBu593j7Kj9Iq
U5AwOa7L+HhdeHEiUwwo9PFvuanNfik4oNNVLV2vdVAEJZfoU4w7VQZfjRZB5/to
kk64G2k7jNj9qrMBpG5mIa2k0TKwPbL4Rc8Xy6bXlx5+epKA+07TBg0mAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCEF07VR83tSF6F8ianYfZ8D1nh7MB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvSVFYVHRWSHplMUlYb1h5SnFkaDlud1BXZUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1XJAwQA
w1XNMA0GCSqGSIb3DQEBCwUAA4IBAQA/fVkUGskfnOXfF1fHWlWr2CMTcqfOoKiq
R/hj8yeh8nYcqrI/VPOnkogF0tdgTpNi1h9aYfJp/ZP3oo2OGC4EcGirkFNhoiMF
oP2wv4SfsnEo5bBM61VC82077RbpN+0OlSsqLpTSB+ceozPPbpcFAy0r1SfD4hbu
jKDfTUrQCBf+ySJkeRx5ITNy4XMHQXtriy4OIYV+LsVdPa2CG7y01G01nTSIZD4S
qR0Kg5SPD/ejKcctY5Ywk+42Z9Dgy2WdB2s1Wi7WQJHFkJpHQ1C19VZ6p2y3iF+V
vYnk8hJAk556oEH4/ms8Hs89wqjrwNO/HnQthWQYb6Fw9gBCyITX
-----END CERTIFICATE-----