Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/iKhGCzGlkdUH-YeR40es_shy-iQ.roa
File:                     iKhGCzGlkdUH-YeR40es_shy-iQ.roa (raw, json)
Hash identifier:          UctZx1wGvAAr9xLOczqP8p1as4JR/y4gz7WSAX7sYrE=
Subject key identifier:   88:A8:46:0B:31:A5:91:D5:07:F9:87:91:E3:47:AC:FE:C8:72:FA:24
Certificate issuer:       /CN=f709528b8828b4d826355e2c52237d642071cd54
Certificate serial:       0197C19DA1920900B5576EDB69FB8BAA3FF2
Authority key identifier: F7:09:52:8B:88:28:B4:D8:26:35:5E:2C:52:23:7D:64:20:71:CD:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/iKhGCzGlkdUH-YeR40es_shy-iQ.roa
Signing time:             Mon 30 Jun 2025 16:13:42 +0000
ROA not before:           Mon 30 Jun 2025 16:13:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215759
IP address blocks:        185.79.18.0/24 maxlen: 24
                          2a14:6680::/48 maxlen: 48
                          2a14:6680:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c1:9d:a1:92:09:00:b5:57:6e:db:69:fb:8b:aa:3f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f709528b8828b4d826355e2c52237d642071cd54
        Validity
            Not Before: Jun 30 16:13:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88a8460b31a591d507f98791e347acfec872fa24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7c:41:3f:eb:64:8a:d9:cb:e6:36:13:23:a7:
                    dc:5e:82:73:de:2e:8f:07:85:71:00:8f:e2:94:e8:
                    a7:5a:89:4d:7d:22:25:6f:51:27:3c:86:44:5f:9f:
                    7a:0a:39:e2:3f:ed:0d:6a:94:c4:33:e6:4f:78:87:
                    d0:df:9b:3e:c3:0f:ff:7f:31:10:1b:86:68:74:c5:
                    32:82:ea:2b:5f:cb:0b:e4:90:2e:72:05:6a:1a:2c:
                    ad:f0:16:59:1c:42:c6:d7:b8:b4:fb:3e:a2:8f:db:
                    73:a2:64:6d:05:87:1c:d3:27:4f:85:21:e1:59:04:
                    09:20:0a:6b:2b:9e:6e:a1:38:c5:18:19:0e:92:fa:
                    f7:da:80:3d:01:52:ef:4d:a6:79:49:97:2d:0f:25:
                    dc:cb:9f:a3:7a:de:19:a5:e2:aa:79:0c:d6:10:38:
                    6f:d4:eb:b5:1b:8a:ab:0c:86:79:58:93:0b:1b:00:
                    7c:63:1b:2b:21:40:5f:30:19:d7:cb:3e:44:81:d1:
                    6b:d5:75:76:9d:7d:2a:22:9a:3e:0c:a4:3b:b7:d3:
                    29:5d:86:fa:af:4b:6c:e4:09:29:c4:9f:57:ea:5e:
                    c8:ba:03:99:96:6c:66:8f:37:79:47:f1:7d:61:9b:
                    77:54:01:a7:9f:9b:60:51:ec:50:b7:8a:9f:e1:73:
                    ce:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A8:46:0B:31:A5:91:D5:07:F9:87:91:E3:47:AC:FE:C8:72:FA:24
            X509v3 Authority Key Identifier:
                keyid:F7:09:52:8B:88:28:B4:D8:26:35:5E:2C:52:23:7D:64:20:71:CD:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/iKhGCzGlkdUH-YeR40es_shy-iQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.18.0/24
                IPv6:
                  2a14:6680::/48
                  2a14:6680:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:0c:e2:11:19:c6:39:f8:28:22:11:63:86:f5:36:69:e3:dd:
         2b:41:c2:48:34:33:7d:40:7b:2e:ba:14:83:7b:75:77:6d:53:
         85:09:94:1b:16:fb:fc:64:d9:15:49:41:ff:c5:20:82:b2:b5:
         70:3a:fb:4f:1b:ea:be:82:96:54:c6:72:96:29:96:e4:2c:13:
         70:c7:cd:5d:ff:1a:ce:25:98:7a:8c:14:41:c8:31:47:44:66:
         ea:a4:cc:e8:7d:ef:6e:38:d3:ba:f5:c8:c5:df:db:b3:c4:ce:
         22:dc:d4:57:68:c3:27:6c:4a:30:8d:9f:5d:42:b8:2d:d4:79:
         53:21:ec:fd:1a:2d:a2:a9:ce:60:1b:b1:64:64:4c:49:a1:60:
         8a:b5:92:cd:12:20:71:68:2c:12:81:a0:9a:c1:ee:cc:25:47:
         fc:be:36:e7:95:7d:21:e7:5e:86:c6:70:cf:34:b6:7e:b7:8f:
         4b:58:be:ce:b5:2e:df:a9:ce:2e:be:4a:ea:2b:f9:56:14:56:
         5c:79:38:86:7d:b1:d3:19:7a:46:28:13:1d:98:4b:fb:5c:71:
         9a:62:83:d1:34:ef:7c:57:45:b4:a7:b2:e9:05:96:78:09:91:
         bb:e1:40:04:fd:93:35:c8:40:37:e9:14:4f:22:8c:d2:46:34:
         38:d4:e8:fb
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZfBnaGSCQC1V27bafuLqj/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MDk1MjhiODgyOGI0ZDgyNjM1NWUyYzUyMjM3ZDY0MjA3
MWNkNTQwHhcNMjUwNjMwMTYxMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGE4NDYwYjMxYTU5MWQ1MDdmOTg3OTFlMzQ3YWNmZWM4NzJmYTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3xBP+tkitnL5jYTI6fcXoJz3i6P
B4VxAI/ilOinWolNfSIlb1EnPIZEX596CjniP+0NapTEM+ZPeIfQ35s+ww//fzEQ
G4ZodMUyguorX8sL5JAucgVqGiyt8BZZHELG17i0+z6ij9tzomRtBYcc0ydPhSHh
WQQJIAprK55uoTjFGBkOkvr32oA9AVLvTaZ5SZctDyXcy5+jet4ZpeKqeQzWEDhv
1Ou1G4qrDIZ5WJMLGwB8YxsrIUBfMBnXyz5EgdFr1XV2nX0qIpo+DKQ7t9MpXYb6
r0ts5AkpxJ9X6l7IugOZlmxmjzd5R/F9YZt3VAGnn5tgUexQt4qf4XPO8wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIioRgsxpZHVB/mHkeNHrP7IcvokMB8GA1UdIwQY
MBaAFPcJUouIKLTYJjVeLFIjfWQgcc1UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXdsU2k0Z290TmdtTlY0c1VpTjlaQ0J4elZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8yZDlkODAtYjhiZi00NjVhLWEyOTEt
OWY3NGZhY2FlOGYxLzEvaUtoR0N6R2xrZFVILVllUjQwZXNfc2h5LWlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8yZDlkODAtYjhiZi00NjVhLWEyOTEtOWY3NGZhY2FlOGYx
LzEvOXdsU2k0Z290TmdtTlY0c1VpTjlaQ0J4elZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAuU8SMBgE
AgACMBIDBwAqFGaAAAADBwAqFGaAABIwDQYJKoZIhvcNAQELBQADggEBAJkM4hEZ
xjn4KCIRY4b1Nmnj3StBwkg0M31Aey66FIN7dXdtU4UJlBsW+/xk2RVJQf/FIIKy
tXA6+08b6r6CllTGcpYpluQsE3DHzV3/Gs4lmHqMFEHIMUdEZuqkzOh9724407r1
yMXf27PEziLc1FdowydsSjCNn11CuC3UeVMh7P0aLaKpzmAbsWRkTEmhYIq1ks0S
IHFoLBKBoJrB7swlR/y+NueVfSHnXobGcM80tn63j0tYvs61Lt+pzi6+Suor+VYU
Vlx5OIZ9sdMZekYoEx2YS/tccZpig9E073xXRbSnsukFlngJkbvhQAT9kzXIQDfp
FE8ijNJGNDjU6Ps=
-----END CERTIFICATE-----