Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Ki2AqHAiVlZde-OgqwQq6oVrzXg.roa
File:                     Ki2AqHAiVlZde-OgqwQq6oVrzXg.roa (raw, json)
Hash identifier:          ebF9ElvbE0fA6gfcdhS+7ToE+6rhBq1lX1SpUHxMBFs=
Subject key identifier:   2A:2D:80:A8:70:22:56:56:5D:7B:E3:A0:AB:04:2A:EA:85:6B:CD:78
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       01994DAEF64C87B70DD3ABE4CD74AAE6B359
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Ki2AqHAiVlZde-OgqwQq6oVrzXg.roa
Signing time:             Mon 15 Sep 2025 14:02:15 +0000
ROA not before:           Mon 15 Sep 2025 14:02:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214669
IP address blocks:        82.115.2.0/24 maxlen: 24
                          82.115.10.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 07:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4d:ae:f6:4c:87:b7:0d:d3:ab:e4:cd:74:aa:e6:b3:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Sep 15 14:02:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a2d80a8702256565d7be3a0ab042aea856bcd78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:55:bd:96:47:ec:62:e9:54:46:91:da:30:d6:
                    79:0b:ea:9c:fe:a6:2e:67:a1:a6:08:5c:4b:8e:12:
                    21:f9:aa:03:0a:d5:02:c7:44:0f:8a:9a:27:24:be:
                    2c:1d:9e:32:f0:9a:7c:96:c9:14:c7:32:1e:a1:b1:
                    1f:01:cd:f2:f6:c0:37:79:41:64:19:bc:8a:4f:3b:
                    8b:2d:9d:2a:9a:63:5e:a6:8d:d4:15:73:c9:3f:85:
                    71:d8:b0:43:9d:5c:12:31:f9:56:97:60:67:da:2a:
                    d3:6d:02:74:a1:5b:60:d8:4c:aa:1d:66:87:01:52:
                    20:06:41:17:c6:8f:53:5d:56:4d:f5:97:09:a4:7a:
                    a3:d6:e9:be:ca:72:a7:f2:b7:98:66:c0:f8:74:53:
                    49:55:d3:5f:31:51:44:ea:37:69:e5:5d:36:dd:4a:
                    19:14:22:03:c2:82:2a:77:c4:49:dd:0f:1e:d6:df:
                    ed:b0:84:b6:4a:2c:9d:59:a9:b0:e8:9b:a6:d5:7a:
                    bc:c7:6b:e9:e3:cf:c0:54:7f:87:79:82:91:a9:72:
                    8f:fc:1e:de:51:1f:11:f7:d6:55:c0:b5:11:c7:bf:
                    55:ca:98:ee:85:01:81:d9:32:f7:d5:17:71:4d:6c:
                    7d:c1:7d:08:4f:2f:cd:ed:0e:ce:a4:45:69:5b:d4:
                    c2:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:2D:80:A8:70:22:56:56:5D:7B:E3:A0:AB:04:2A:EA:85:6B:CD:78
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Ki2AqHAiVlZde-OgqwQq6oVrzXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.2.0/24
                  82.115.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:00:cc:de:06:9c:67:a3:5c:ac:c0:07:8d:25:a1:1e:6a:ef:
         a2:b1:44:c7:64:15:18:f2:14:23:fb:9c:e7:a8:7e:37:9a:66:
         45:79:87:31:6e:25:dc:f2:93:67:17:47:4f:25:20:50:a9:73:
         31:97:56:15:51:4c:51:7e:36:fc:4e:dc:f7:ed:21:d3:95:6a:
         9a:93:6a:0b:42:b2:9b:e9:8e:be:50:16:47:dd:49:83:06:65:
         2b:ff:8e:38:0d:04:65:6e:87:e8:d3:79:0b:1d:21:5a:ad:62:
         c0:82:b4:86:2b:1c:f8:29:9b:fc:fc:2d:86:3c:03:49:b0:d7:
         0d:e4:fb:e0:47:9f:ea:8b:90:4e:b9:66:1d:c9:0f:d3:15:9e:
         95:4d:b5:c7:5a:91:7e:76:6a:95:13:07:25:98:a9:93:77:cd:
         fd:f8:43:04:4f:f1:32:da:f6:92:a2:be:5c:42:b1:51:53:a8:
         68:a9:d6:3f:91:86:a8:41:1d:fd:c0:95:07:5f:1f:78:ae:21:
         92:7e:fe:68:12:19:93:b7:06:a2:2c:64:61:9c:78:6e:9a:4f:
         34:05:f2:3f:68:75:c1:74:77:24:83:56:65:85:18:e2:08:de:
         1d:15:44:22:63:b9:72:17:48:1d:95:74:c1:c7:fc:4f:04:c1:
         a3:d6:cf:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlNrvZMh7cN06vkzXSq5rNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwOTE1MTQwMjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTJkODBhODcwMjI1NjU2NWQ3YmUzYTBhYjA0MmFlYTg1NmJjZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1W9lkfsYulURpHaMNZ5C+qc/qYu
Z6GmCFxLjhIh+aoDCtUCx0QPiponJL4sHZ4y8Jp8lskUxzIeobEfAc3y9sA3eUFk
GbyKTzuLLZ0qmmNepo3UFXPJP4Vx2LBDnVwSMflWl2Bn2irTbQJ0oVtg2EyqHWaH
AVIgBkEXxo9TXVZN9ZcJpHqj1um+ynKn8reYZsD4dFNJVdNfMVFE6jdp5V023UoZ
FCIDwoIqd8RJ3Q8e1t/tsIS2SiydWamw6Jum1Xq8x2vp48/AVH+HeYKRqXKP/B7e
UR8R99ZVwLURx79VypjuhQGB2TL31RdxTWx9wX0ITy/N7Q7OpEVpW9TCQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCotgKhwIlZWXXvjoKsEKuqFa814MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvS2kyQXFIQWlWbFpkZS1PZ3F3UXE2b1ZyelhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUnMCAwQB
UnMKMA0GCSqGSIb3DQEBCwUAA4IBAQBAAMzeBpxno1yswAeNJaEeau+isUTHZBUY
8hQj+5znqH43mmZFeYcxbiXc8pNnF0dPJSBQqXMxl1YVUUxRfjb8Ttz37SHTlWqa
k2oLQrKb6Y6+UBZH3UmDBmUr/444DQRlbofo03kLHSFarWLAgrSGKxz4KZv8/C2G
PANJsNcN5PvgR5/qi5BOuWYdyQ/TFZ6VTbXHWpF+dmqVEwclmKmTd839+EMET/Ey
2vaSor5cQrFRU6hoqdY/kYaoQR39wJUHXx94riGSfv5oEhmTtwaiLGRhnHhumk80
BfI/aHXBdHckg1ZlhRjiCN4dFUQiY7lyF0gdlXTBx/xPBMGj1s9+
-----END CERTIFICATE-----