Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/ZjiYZgyUyGbsMqMk6TlW1sfkzSw.roa
File:                     ZjiYZgyUyGbsMqMk6TlW1sfkzSw.roa (raw, json)
Hash identifier:          SquU6V0h1qjRAFh6dK52pQTVF5CX1sx9oQRtEcOh8ks=
Subject key identifier:   66:38:98:66:0C:94:C8:66:EC:32:A3:24:E9:39:56:D6:C7:E4:CD:2C
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019E870895023AE27639603EE9EBB9A760B2
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/ZjiYZgyUyGbsMqMk6TlW1sfkzSw.roa
Signing time:             Tue 02 Jun 2026 06:32:27 +0000
ROA not before:           Tue 02 Jun 2026 06:32:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        213.110.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:08:95:02:3a:e2:76:39:60:3e:e9:eb:b9:a7:60:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jun  2 06:32:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=663898660c94c866ec32a324e93956d6c7e4cd2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7c:5f:19:a0:34:73:9c:8a:97:8d:57:a0:78:
                    9b:3c:b0:4f:4b:63:c2:20:91:d5:8c:2e:c7:75:f1:
                    df:b1:1c:a8:b8:33:d8:2a:5a:66:8b:c2:b9:72:c7:
                    74:c0:f5:f7:5f:41:15:0f:5e:fa:60:29:e1:ba:d3:
                    83:6e:8a:0b:68:82:a0:fd:26:6d:9f:36:fb:9f:db:
                    4d:e6:f5:ba:19:58:7d:3b:a5:3a:6b:ca:db:8e:65:
                    e8:9b:0a:a9:58:9c:6a:bc:ac:26:be:c6:73:7a:ab:
                    8b:d2:3d:0e:53:a2:88:30:d7:9c:c0:ed:fe:f2:23:
                    1c:8e:33:1b:7c:3a:e8:15:31:9f:12:4c:1f:b9:eb:
                    71:ee:66:d0:31:73:88:b5:1e:a7:60:d2:b9:e6:17:
                    1d:24:27:7c:38:52:54:c9:b1:1b:fe:60:ad:bb:51:
                    22:64:08:b9:ef:31:08:a2:ae:65:dc:f1:a0:ad:52:
                    64:1b:bd:e1:30:d4:2e:b5:7c:58:1a:6a:cd:1a:de:
                    8d:f2:5b:1d:73:6a:d6:2b:78:00:be:2c:0a:a1:84:
                    4b:21:6c:17:2b:70:b8:cf:0e:3c:7a:47:a9:8e:1b:
                    47:35:80:56:b2:7b:19:e8:0a:81:5f:1f:d1:67:af:
                    8a:28:c4:1a:bc:78:94:c2:25:1c:a1:d3:2a:3f:1e:
                    6c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:38:98:66:0C:94:C8:66:EC:32:A3:24:E9:39:56:D6:C7:E4:CD:2C
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/ZjiYZgyUyGbsMqMk6TlW1sfkzSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:22:a8:b0:12:d8:0c:ff:25:3c:7f:4c:3c:1d:9a:c6:32:13:
         76:ea:c9:a6:6d:07:d1:71:36:9c:ed:ed:80:01:95:a3:10:ff:
         91:c6:62:46:c0:be:21:8b:22:39:8e:7f:d3:d7:4b:27:cf:f3:
         db:d5:6d:fe:d3:72:ca:9c:7a:b0:51:65:ab:f0:9a:88:13:9c:
         7f:53:bf:e9:eb:08:bf:9e:06:6b:66:55:c8:ad:db:87:7e:3b:
         d4:78:da:83:c4:c7:81:da:bf:18:7c:1b:8d:04:9b:0f:d8:eb:
         63:a7:7c:22:9c:8c:c2:a6:db:08:c5:98:85:f2:ab:f1:51:be:
         7b:3c:0b:9c:dd:67:67:09:08:d2:68:3d:6d:00:84:33:52:87:
         f1:6f:88:e6:9f:d3:a2:20:0a:ac:c6:24:24:61:8c:83:a6:c8:
         31:74:44:67:cf:94:a1:b3:95:61:f4:9e:54:57:69:9b:96:c3:
         cc:b6:ee:fb:94:09:d1:c4:25:f7:ad:43:b3:2c:c5:9e:77:f4:
         b4:3a:fe:d7:16:a5:f1:cb:fc:b4:19:6f:cd:59:e1:5b:a6:29:
         8b:a7:82:be:a4:74:4b:75:fc:74:9e:3e:15:0b:c3:86:a2:fb:
         7f:a0:c0:29:e8:90:15:f7:31:f4:1f:ec:b7:bd:4d:72:61:61:
         5a:f7:f6:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6HCJUCOuJ2OWA+6eu5p2CyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNjAyMDYzMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjM4OTg2NjBjOTRjODY2ZWMzMmEzMjRlOTM5NTZkNmM3ZTRjZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHxfGaA0c5yKl41XoHibPLBPS2PC
IJHVjC7HdfHfsRyouDPYKlpmi8K5csd0wPX3X0EVD176YCnhutODbooLaIKg/SZt
nzb7n9tN5vW6GVh9O6U6a8rbjmXomwqpWJxqvKwmvsZzequL0j0OU6KIMNecwO3+
8iMcjjMbfDroFTGfEkwfuetx7mbQMXOItR6nYNK55hcdJCd8OFJUybEb/mCtu1Ei
ZAi57zEIoq5l3PGgrVJkG73hMNQutXxYGmrNGt6N8lsdc2rWK3gAviwKoYRLIWwX
K3C4zw48ekepjhtHNYBWsnsZ6AqBXx/RZ6+KKMQavHiUwiUcodMqPx5sbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGY4mGYMlMhm7DKjJOk5VtbH5M0sMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvWmppWVpneVV5R2JzTXFNazZUbFcxc2ZrelN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1W5EMA0G
CSqGSIb3DQEBCwUAA4IBAQAYIqiwEtgM/yU8f0w8HZrGMhN26smmbQfRcTac7e2A
AZWjEP+RxmJGwL4hiyI5jn/T10snz/Pb1W3+03LKnHqwUWWr8JqIE5x/U7/p6wi/
ngZrZlXIrduHfjvUeNqDxMeB2r8YfBuNBJsP2Otjp3winIzCptsIxZiF8qvxUb57
PAuc3WdnCQjSaD1tAIQzUofxb4jmn9OiIAqsxiQkYYyDpsgxdERnz5Shs5Vh9J5U
V2mblsPMtu77lAnRxCX3rUOzLMWed/S0Ov7XFqXxy/y0GW/NWeFbpimLp4K+pHRL
dfx0nj4VC8OGovt/oMAp6JAV9zH0H+y3vU1yYWFa9/a2
-----END CERTIFICATE-----