Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iKDDsOY9AjJR0GrG6XaUtVMkIu0.roa
File:                     iKDDsOY9AjJR0GrG6XaUtVMkIu0.roa (raw, json)
Hash identifier:          6LY2WEaxHY8O2uDAcCis4FVtcoz3vZgsfcv7an1e9D0=
Subject key identifier:   88:A0:C3:B0:E6:3D:02:32:51:D0:6A:C6:E9:76:94:B5:53:24:22:ED
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0197AC7683ABEC43F3A2A7C7A9A11E252583
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iKDDsOY9AjJR0GrG6XaUtVMkIu0.roa
Signing time:             Thu 26 Jun 2025 13:38:57 +0000
ROA not before:           Thu 26 Jun 2025 13:38:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215081
IP address blocks:        82.115.0.0/24 maxlen: 24
                          178.173.240.0/24 maxlen: 24
                          188.253.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 02:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ac:76:83:ab:ec:43:f3:a2:a7:c7:a9:a1:1e:25:25:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jun 26 13:38:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88a0c3b0e63d023251d06ac6e97694b5532422ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e8:b5:49:d7:54:ef:76:df:7e:69:24:82:11:
                    fa:0a:22:01:b1:14:9e:f1:7e:ba:48:3e:53:bb:3c:
                    da:5e:78:c7:67:04:cf:03:ae:ef:1b:d4:e9:e2:38:
                    6c:3a:8f:39:55:4f:af:8d:3d:7c:a2:64:a5:b7:42:
                    f9:23:a4:03:a5:aa:f0:3f:c6:30:0b:b1:27:cb:97:
                    d3:a3:8d:27:a8:34:21:22:c4:65:0c:e3:b7:92:14:
                    f5:c0:2e:59:5d:2a:d3:f4:05:d1:db:15:38:32:7b:
                    b2:4d:0b:ab:5c:5d:99:9c:4c:37:30:5b:19:3d:62:
                    10:5a:f5:57:ad:5f:c9:06:e9:32:b2:84:3b:c3:cf:
                    94:2f:fe:e3:fd:dd:0d:e6:4a:c4:12:b0:fd:1b:61:
                    e4:f2:3f:f3:5e:3c:1b:12:48:c5:68:25:a6:80:66:
                    2c:1b:04:d4:43:89:8a:87:d9:40:9c:48:7b:7d:f4:
                    ae:e3:e2:ef:8d:ce:c2:e3:74:57:3b:60:84:2e:5b:
                    a4:f0:fd:86:74:57:1c:e4:8d:16:1c:7f:99:8d:3a:
                    12:64:4b:2f:ee:e2:54:11:f5:81:d4:1a:3f:b9:74:
                    8e:90:28:b9:44:2c:4e:1a:e9:f2:12:64:cb:36:02:
                    64:f4:f6:c1:e9:51:c1:b2:29:18:d3:39:d0:fa:c2:
                    df:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A0:C3:B0:E6:3D:02:32:51:D0:6A:C6:E9:76:94:B5:53:24:22:ED
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iKDDsOY9AjJR0GrG6XaUtVMkIu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.0.0/24
                  178.173.240.0/24
                  188.253.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:a3:b5:05:3d:3d:40:cf:91:f0:07:7d:5f:f3:61:4f:8f:17:
         5a:95:c0:05:2d:93:e3:e0:fa:27:79:0e:3c:56:cc:0a:43:1a:
         38:56:f9:c2:9e:55:dd:2c:d8:16:8b:77:69:09:c1:1f:0c:61:
         ab:c8:e5:d2:68:b6:87:f7:7a:4a:1d:ae:9a:93:a4:59:17:9c:
         13:45:e2:89:bd:dc:95:ee:1b:df:f7:6a:cb:4a:b5:18:45:0f:
         51:ef:3f:9e:d9:ee:5c:85:7f:a2:d7:20:66:25:81:65:cb:68:
         a2:dd:25:ba:06:c7:2a:d7:ec:63:27:22:72:80:58:62:a2:e8:
         63:d1:ae:4a:9f:93:49:17:93:cc:a2:14:ca:fa:8d:88:5d:d5:
         47:4f:30:e6:3b:2e:7e:c8:60:e2:8f:11:0e:b9:00:69:29:3f:
         ae:01:da:93:fb:7c:08:f8:87:18:b4:b6:cd:2a:c4:36:5f:33:
         3d:1c:83:36:06:ed:4c:55:7d:20:6d:69:30:8b:33:de:9b:62:
         d8:7b:13:11:d9:6c:3d:43:69:82:38:d9:67:38:fb:46:45:40:
         a6:2d:a9:27:ca:47:f8:5f:8c:64:4f:e3:85:54:03:eb:62:cc:
         1a:8d:a3:00:07:d6:fc:31:74:47:ae:b4:63:db:39:16:c2:82:
         89:5e:cf:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZesdoOr7EPzoqfHqaEeJSWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNjI2MTMzODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGEwYzNiMGU2M2QwMjMyNTFkMDZhYzZlOTc2OTRiNTUzMjQyMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOi1SddU73bffmkkghH6CiIBsRSe
8X66SD5TuzzaXnjHZwTPA67vG9Tp4jhsOo85VU+vjT18omSlt0L5I6QDparwP8Yw
C7Eny5fTo40nqDQhIsRlDOO3khT1wC5ZXSrT9AXR2xU4MnuyTQurXF2ZnEw3MFsZ
PWIQWvVXrV/JBukysoQ7w8+UL/7j/d0N5krEErD9G2Hk8j/zXjwbEkjFaCWmgGYs
GwTUQ4mKh9lAnEh7ffSu4+Lvjc7C43RXO2CELluk8P2GdFcc5I0WHH+ZjToSZEsv
7uJUEfWB1Bo/uXSOkCi5RCxOGunyEmTLNgJk9PbB6VHBsikY0znQ+sLfuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIigw7DmPQIyUdBqxul2lLVTJCLtMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvaUtERHNPWTlBakpSMEdyRzZYYVV0Vk1rSXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUnMAAwQA
sq3wAwQAvP0JMA0GCSqGSIb3DQEBCwUAA4IBAQDXo7UFPT1Az5HwB31f82FPjxda
lcAFLZPj4PoneQ48VswKQxo4VvnCnlXdLNgWi3dpCcEfDGGryOXSaLaH93pKHa6a
k6RZF5wTReKJvdyV7hvf92rLSrUYRQ9R7z+e2e5chX+i1yBmJYFly2ii3SW6Bscq
1+xjJyJygFhiouhj0a5Kn5NJF5PMohTK+o2IXdVHTzDmOy5+yGDijxEOuQBpKT+u
AdqT+3wI+IcYtLbNKsQ2XzM9HIM2Bu1MVX0gbWkwizPem2LYexMR2Ww9Q2mCONln
OPtGRUCmLaknykf4X4xkT+OFVAPrYswajaMAB9b8MXRHrrRj2zkWwoKJXs+H
-----END CERTIFICATE-----