Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/icudSN5Z3pmwkgX86QMOjEn0zko.roa
File:                     icudSN5Z3pmwkgX86QMOjEn0zko.roa (raw, json)
Hash identifier:          6gwaFX0G2dkkEOWltEHlxl1Dd/7KD7lCNjstFZPf6Yw=
Subject key identifier:   89:CB:9D:48:DE:59:DE:99:B0:92:05:FC:E9:03:0E:8C:49:F4:CE:4A
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0198EADA320E1036B8F2E80AC9F69E9315EF
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/icudSN5Z3pmwkgX86QMOjEn0zko.roa
Signing time:             Wed 27 Aug 2025 09:27:04 +0000
ROA not before:           Wed 27 Aug 2025 09:27:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62390
IP address blocks:        82.115.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 14:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:da:32:0e:10:36:b8:f2:e8:0a:c9:f6:9e:93:15:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug 27 09:27:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89cb9d48de59de99b09205fce9030e8c49f4ce4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ee:cf:87:ff:ad:28:b4:ae:75:a8:d2:a5:8a:
                    18:20:ae:dc:3e:9b:7b:de:1e:af:6f:95:6c:e9:ad:
                    ae:af:cb:25:72:4e:66:49:e0:cd:1d:26:66:4b:55:
                    8a:13:29:1f:a0:69:cc:7b:f2:d4:45:e8:a4:fa:ed:
                    f3:29:60:59:c9:4c:f5:f9:9b:34:a7:97:e0:18:b5:
                    b3:fc:da:65:a1:42:58:36:dd:05:6a:4e:60:c7:87:
                    2d:31:78:2d:87:c9:c4:cc:75:34:7f:8a:1c:61:b0:
                    af:9c:43:92:a2:35:75:d3:67:ff:ad:3c:6e:85:65:
                    3c:ae:3a:ff:09:39:09:d6:20:51:26:52:e6:4e:04:
                    eb:82:18:16:20:2e:b3:1d:e4:57:5f:44:02:ab:66:
                    b0:f6:da:a3:04:cb:80:6f:9e:d7:10:76:f7:66:8f:
                    4c:3a:53:d7:51:ef:27:a3:05:f7:38:4b:88:5e:c6:
                    90:e2:ad:f4:7e:ac:27:3d:df:49:25:ca:59:22:34:
                    e7:3b:aa:cc:97:65:7e:5f:d1:23:2d:c0:91:4d:31:
                    5b:12:3d:79:c2:4d:24:eb:bb:98:12:d3:cb:f8:be:
                    37:95:fd:0d:59:83:ff:7b:07:67:75:a9:f7:04:a3:
                    9c:2a:9e:94:66:eb:70:52:b0:f9:61:30:f7:e3:59:
                    bc:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:CB:9D:48:DE:59:DE:99:B0:92:05:FC:E9:03:0E:8C:49:F4:CE:4A
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/icudSN5Z3pmwkgX86QMOjEn0zko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:4c:af:0d:22:ea:83:3f:23:7d:43:2f:9e:2b:f3:8d:bb:70:
         c6:70:d1:b9:09:12:ce:1b:8e:9d:9a:f8:02:21:a4:19:e8:e8:
         b2:0a:11:48:86:f9:23:08:88:da:dd:59:34:9e:b1:40:4e:57:
         ec:9a:bf:c4:d2:a4:f3:a6:c0:ea:ae:63:95:97:10:0d:db:bc:
         ec:d5:97:d2:10:e2:dc:98:62:53:b9:47:d9:21:31:34:4b:78:
         ce:df:df:51:84:5c:e8:61:d1:c7:4d:fe:f2:1d:93:34:d7:02:
         44:72:18:7c:1a:61:3b:80:3d:0e:60:4e:13:47:84:93:e4:1c:
         7b:61:2c:4f:7c:95:1b:40:cc:44:9e:fa:bb:64:7d:9f:8d:5e:
         aa:83:7c:f5:86:c8:c9:58:1a:77:6d:56:8c:f7:ab:d4:67:09:
         2e:ef:c0:a0:87:39:67:a2:05:94:06:2c:7b:de:68:49:aa:17:
         a9:fa:d1:43:ac:23:90:7a:7f:f4:b9:17:c0:5f:45:b6:56:92:
         8b:97:83:b1:ee:4e:f5:ce:aa:25:db:7f:c1:97:1d:4c:75:1e:
         c3:f8:06:ed:df:3b:99:52:b5:53:76:0f:43:a2:f1:57:67:1b:
         8f:02:0b:6a:4d:fe:39:3b:85:75:df:7a:9d:bf:a6:65:41:fc:
         71:b6:af:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjq2jIOEDa48ugKyfaekxXvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwODI3MDkyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWNiOWQ0OGRlNTlkZTk5YjA5MjA1ZmNlOTAzMGU4YzQ5ZjRjZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1e7Ph/+tKLSudajSpYoYIK7cPpt7
3h6vb5Vs6a2ur8slck5mSeDNHSZmS1WKEykfoGnMe/LUReik+u3zKWBZyUz1+Zs0
p5fgGLWz/NploUJYNt0Fak5gx4ctMXgth8nEzHU0f4ocYbCvnEOSojV102f/rTxu
hWU8rjr/CTkJ1iBRJlLmTgTrghgWIC6zHeRXX0QCq2aw9tqjBMuAb57XEHb3Zo9M
OlPXUe8nowX3OEuIXsaQ4q30fqwnPd9JJcpZIjTnO6rMl2V+X9EjLcCRTTFbEj15
wk0k67uYEtPL+L43lf0NWYP/ewdndan3BKOcKp6UZutwUrD5YTD341m8nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInLnUjeWd6ZsJIF/OkDDoxJ9M5KMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvaWN1ZFNONVozcG13a2dYODZRTU9qRW4wemtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnMAMA0G
CSqGSIb3DQEBCwUAA4IBAQBCTK8NIuqDPyN9Qy+eK/ONu3DGcNG5CRLOG46dmvgC
IaQZ6OiyChFIhvkjCIja3Vk0nrFATlfsmr/E0qTzpsDqrmOVlxAN27zs1ZfSEOLc
mGJTuUfZITE0S3jO399RhFzoYdHHTf7yHZM01wJEchh8GmE7gD0OYE4TR4ST5Bx7
YSxPfJUbQMxEnvq7ZH2fjV6qg3z1hsjJWBp3bVaM96vUZwku78CghzlnogWUBix7
3mhJqhep+tFDrCOQen/0uRfAX0W2VpKLl4Ox7k71zqol23/Blx1MdR7D+Abt3zuZ
UrVTdg9DovFXZxuPAgtqTf45O4V133qdv6ZlQfxxtq8P
-----END CERTIFICATE-----