Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/AU4pJEgj6WCviZ2QJJdCQH2gbpw.roa
File:                     AU4pJEgj6WCviZ2QJJdCQH2gbpw.roa (raw, json)
Hash identifier:          TC1IhDPtH+BGNVruTwqyE+T+g7XpQfKzSMZ9r7v5voI=
Subject key identifier:   01:4E:29:24:48:23:E9:60:AF:89:9D:90:24:97:42:40:7D:A0:6E:9C
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019D90166731D80B7F3C664D0C305925735B
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/AU4pJEgj6WCviZ2QJJdCQH2gbpw.roa
Signing time:             Wed 15 Apr 2026 07:41:20 +0000
ROA not before:           Wed 15 Apr 2026 07:41:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        109.229.223.0/24 maxlen: 24
                          213.110.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:16:67:31:d8:0b:7f:3c:66:4d:0c:30:59:25:73:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Apr 15 07:41:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=014e29244823e960af899d90249742407da06e9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:34:6f:ed:a6:66:eb:49:13:4a:c5:49:ec:51:
                    f7:35:23:e4:03:e7:96:1a:a9:11:6e:10:eb:40:4a:
                    3e:5f:4f:20:93:77:6b:5f:3b:ce:af:8b:62:79:f7:
                    02:6b:14:ee:19:38:e9:5f:ff:4b:07:36:00:ba:c2:
                    a5:9d:38:e3:2f:c2:75:a2:db:c8:6e:95:d3:64:35:
                    c5:fc:a0:32:15:34:ef:94:64:11:fb:81:0d:f8:99:
                    9c:d5:b7:4a:c3:1d:e7:fc:4c:12:4c:21:06:20:3f:
                    59:78:e9:b0:27:25:16:63:e1:bc:40:65:71:4d:72:
                    0d:6b:15:ce:92:61:c0:c0:48:4e:e7:9a:b1:4e:3a:
                    a1:37:08:ac:43:94:e6:80:4f:26:11:48:62:7a:ae:
                    44:dd:3b:ab:39:b9:b8:d0:ca:55:39:12:73:ce:26:
                    5e:b9:c9:13:f0:4b:cd:91:1e:98:40:84:ae:af:11:
                    9d:1d:e9:60:36:04:82:51:91:68:d3:9a:b4:83:de:
                    df:75:77:45:1c:6f:02:6a:ef:2f:ce:43:7c:54:2d:
                    db:f0:9c:17:ef:75:ac:b8:6a:ab:ee:cb:34:b1:e0:
                    18:30:00:1e:a3:b4:de:fc:b1:d0:10:93:8a:46:77:
                    27:01:57:33:3b:80:00:e2:be:78:1b:7c:e5:52:d4:
                    1e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:4E:29:24:48:23:E9:60:AF:89:9D:90:24:97:42:40:7D:A0:6E:9C
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/AU4pJEgj6WCviZ2QJJdCQH2gbpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.229.223.0/24
                  213.110.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:7c:4f:23:9a:73:2b:41:b4:28:81:97:2a:7a:31:d7:9c:95:
         db:ef:58:d7:ed:61:01:c7:4b:76:3e:05:98:fb:f9:ae:7a:26:
         42:1a:9d:52:72:f7:d8:11:af:2c:26:fe:92:87:2b:4d:7c:02:
         d0:1b:ec:39:07:dd:6f:06:28:4b:7d:72:52:1c:f6:94:6d:35:
         98:58:e4:2e:c5:91:cf:e1:b4:a0:9f:5a:a2:ae:dc:bb:8f:96:
         f5:41:b6:09:4e:9b:6a:92:e2:5a:2e:d8:cf:da:65:14:f2:67:
         d3:b3:28:eb:8f:a4:f3:db:37:da:4c:c9:f2:70:45:2c:c2:17:
         6d:92:d6:5f:f4:b8:13:65:01:ac:e6:9d:b3:50:17:99:da:a1:
         10:01:f6:78:4f:ce:97:fb:aa:c5:8b:27:91:06:8a:15:e5:f8:
         5b:13:33:d0:81:a1:52:b9:05:f5:59:64:84:16:cc:d7:59:34:
         eb:07:22:22:a3:08:b2:a0:ef:5f:c1:be:04:51:e8:d3:47:3f:
         84:3f:73:9b:b2:79:57:0b:fe:68:7a:e6:c1:e6:cb:2d:88:31:
         5d:1c:18:b3:a1:a2:c2:4f:ab:7c:fc:f5:62:8f:69:2f:63:5b:
         09:c8:a0:c9:04:86:c5:01:99:15:c5:e7:70:fd:96:b8:26:ea:
         55:60:2a:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2QFmcx2At/PGZNDDBZJXNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNDE1MDc0MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTRlMjkyNDQ4MjNlOTYwYWY4OTlkOTAyNDk3NDI0MDdkYTA2ZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDRv7aZm60kTSsVJ7FH3NSPkA+eW
GqkRbhDrQEo+X08gk3drXzvOr4tiefcCaxTuGTjpX/9LBzYAusKlnTjjL8J1otvI
bpXTZDXF/KAyFTTvlGQR+4EN+Jmc1bdKwx3n/EwSTCEGID9ZeOmwJyUWY+G8QGVx
TXINaxXOkmHAwEhO55qxTjqhNwisQ5TmgE8mEUhieq5E3TurObm40MpVORJzziZe
uckT8EvNkR6YQISurxGdHelgNgSCUZFo05q0g97fdXdFHG8Cau8vzkN8VC3b8JwX
73WsuGqr7ss0seAYMAAeo7Te/LHQEJOKRncnAVczO4AA4r54G3zlUtQedwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAFOKSRII+lgr4mdkCSXQkB9oG6cMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvQVU0cEpFZ2o2V0N2aVoyUUpKZENRSDJnYnB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbeXfAwQC
1W5EMA0GCSqGSIb3DQEBCwUAA4IBAQCVfE8jmnMrQbQogZcqejHXnJXb71jX7WEB
x0t2PgWY+/mueiZCGp1ScvfYEa8sJv6ShytNfALQG+w5B91vBihLfXJSHPaUbTWY
WOQuxZHP4bSgn1qirty7j5b1QbYJTptqkuJaLtjP2mUU8mfTsyjrj6Tz2zfaTMny
cEUswhdtktZf9LgTZQGs5p2zUBeZ2qEQAfZ4T86X+6rFiyeRBooV5fhbEzPQgaFS
uQX1WWSEFszXWTTrByIiowiyoO9fwb4EUejTRz+EP3ObsnlXC/5oeubB5sstiDFd
HBizoaLCT6t8/PVij2kvY1sJyKDJBIbFAZkVxedw/Za4JupVYCrq
-----END CERTIFICATE-----