Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/iKAMmC7ki6HHpNTvDFZD4XWk2Ks.roa
File:                     iKAMmC7ki6HHpNTvDFZD4XWk2Ks.roa (raw, json)
Hash identifier:          nhsWGmquRYsQBSCrfJ8cBdLnaWhN52jWsS9X7hFv8Hs=
Subject key identifier:   88:A0:0C:98:2E:E4:8B:A1:C7:A4:D4:EF:0C:56:43:E1:75:A4:D8:AB
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0198178ABFD01D59670261BA9298B2C7BF51
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/iKAMmC7ki6HHpNTvDFZD4XWk2Ks.roa
Signing time:             Thu 17 Jul 2025 08:40:25 +0000
ROA not before:           Thu 17 Jul 2025 08:40:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208370
IP address blocks:        78.128.115.0/24 maxlen: 24
                          79.124.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:8a:bf:d0:1d:59:67:02:61:ba:92:98:b2:c7:bf:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jul 17 08:40:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88a00c982ee48ba1c7a4d4ef0c5643e175a4d8ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e4:b0:94:97:06:af:5a:fa:0d:bd:f1:65:ca:
                    2d:09:f3:9c:16:5e:84:bb:1f:e5:26:08:19:fa:4b:
                    73:f0:8a:16:93:48:89:69:ec:17:7a:6e:4f:a5:04:
                    9b:57:85:0b:15:9b:ed:50:50:45:15:13:ec:87:04:
                    0e:64:90:7a:18:4c:88:a6:71:74:81:4c:79:e3:8a:
                    17:b9:eb:e2:40:e5:3c:85:90:7b:45:47:04:5e:be:
                    9c:ac:00:7a:ba:d2:84:2e:4b:96:55:4f:96:ec:97:
                    b9:92:d4:b8:be:1b:21:1b:2f:a4:d7:d2:c2:90:73:
                    f4:2c:3c:33:e1:9d:c8:82:b3:ec:28:23:bd:2c:56:
                    7d:fd:1b:7b:02:93:4c:bb:34:b5:55:ef:72:98:7e:
                    22:45:05:4c:b3:ee:3b:ce:af:16:fb:fb:bf:6f:52:
                    43:87:e3:0f:02:d7:13:75:88:ec:2a:27:16:0e:e1:
                    27:43:2b:35:68:1c:96:ed:b2:bf:19:b5:e2:f7:a5:
                    25:03:f1:c1:c7:31:ba:63:13:8a:fa:e5:fe:8e:c6:
                    92:ac:7b:c3:1d:4c:f7:f5:f0:3d:9e:a7:63:14:68:
                    9e:13:21:40:c8:96:2f:18:81:67:42:dc:34:f2:94:
                    33:01:33:ef:69:d0:f9:49:88:77:2d:af:ca:9c:ca:
                    05:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A0:0C:98:2E:E4:8B:A1:C7:A4:D4:EF:0C:56:43:E1:75:A4:D8:AB
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/iKAMmC7ki6HHpNTvDFZD4XWk2Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.115.0/24
                  79.124.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:4a:70:c8:c2:ef:60:4c:4a:b1:bd:e7:97:5a:22:24:89:7b:
         50:40:55:49:87:a5:a1:a2:93:a7:e1:66:37:42:a5:70:65:34:
         28:c8:9f:b9:c2:b3:4b:3c:31:62:c3:ee:5e:60:94:f4:a4:1d:
         dc:c3:bb:6e:7c:0e:c8:f5:45:5a:4e:9c:e2:35:9d:41:6a:96:
         0c:aa:5f:d4:d2:79:0c:26:24:85:e9:68:30:a6:4b:da:27:9a:
         ac:0b:fc:c2:b9:ff:75:05:7d:c2:41:3a:99:4c:88:62:78:8a:
         1d:64:95:f3:08:3f:b2:9f:08:8d:b7:21:95:d1:2d:00:92:06:
         4b:12:ee:fa:fb:bc:eb:bb:25:fc:19:1c:e6:87:6c:e9:26:98:
         03:49:86:9b:20:b2:0c:c7:98:43:74:aa:2e:ba:80:d1:13:83:
         49:33:10:ee:dd:89:9f:54:3a:97:fd:be:b3:22:20:4d:8d:d4:
         f6:07:72:8a:c3:b5:6c:75:9c:62:7d:ef:d7:34:98:46:66:86:
         80:26:f4:6a:f7:c7:39:37:cc:d8:bb:e1:61:6f:3d:89:9d:7a:
         a2:7f:3e:46:d7:0e:12:26:c1:bd:85:dc:84:d7:a1:02:16:98:
         b4:c0:76:0e:c2:1a:d3:3e:90:9f:c9:92:b0:60:a2:c4:f5:f5:
         f2:f8:9c:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgXir/QHVlnAmG6kpiyx79RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwNzE3MDg0MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGEwMGM5ODJlZTQ4YmExYzdhNGQ0ZWYwYzU2NDNlMTc1YTRkOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOSwlJcGr1r6Db3xZcotCfOcFl6E
ux/lJggZ+ktz8IoWk0iJaewXem5PpQSbV4ULFZvtUFBFFRPshwQOZJB6GEyIpnF0
gUx544oXueviQOU8hZB7RUcEXr6crAB6utKELkuWVU+W7Je5ktS4vhshGy+k19LC
kHP0LDwz4Z3IgrPsKCO9LFZ9/Rt7ApNMuzS1Ve9ymH4iRQVMs+47zq8W+/u/b1JD
h+MPAtcTdYjsKicWDuEnQys1aByW7bK/GbXi96UlA/HBxzG6YxOK+uX+jsaSrHvD
HUz39fA9nqdjFGieEyFAyJYvGIFnQtw08pQzATPvadD5SYh3La/KnMoFtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIigDJgu5Iuhx6TU7wxWQ+F1pNirMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvaUtBTW1DN2tpNkhIcE5UdkRGWkQ0WFdrMktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAToBzAwQA
T3xOMA0GCSqGSIb3DQEBCwUAA4IBAQA5SnDIwu9gTEqxveeXWiIkiXtQQFVJh6Wh
opOn4WY3QqVwZTQoyJ+5wrNLPDFiw+5eYJT0pB3cw7tufA7I9UVaTpziNZ1BapYM
ql/U0nkMJiSF6WgwpkvaJ5qsC/zCuf91BX3CQTqZTIhieIodZJXzCD+ynwiNtyGV
0S0AkgZLEu76+7zruyX8GRzmh2zpJpgDSYabILIMx5hDdKouuoDRE4NJMxDu3Ymf
VDqX/b6zIiBNjdT2B3KKw7VsdZxife/XNJhGZoaAJvRq98c5N8zYu+Fhbz2JnXqi
fz5G1w4SJsG9hdyE16ECFpi0wHYOwhrTPpCfyZKwYKLE9fXy+Jxq
-----END CERTIFICATE-----