Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/q9K5X-x5m3r2gOyHks1WDwyq-7Q.roa
File:                     q9K5X-x5m3r2gOyHks1WDwyq-7Q.roa (raw, json)
Hash identifier:          y0PtBOWuJ4HDoeaCO6HZcOEzqPu8pe2J9jjSvPgHyiU=
Subject key identifier:   AB:D2:B9:5F:EC:79:9B:7A:F6:80:EC:87:92:CD:56:0F:0C:AA:FB:B4
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019D85B4A0087E0C6B51B114FF6717FE0393
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/q9K5X-x5m3r2gOyHks1WDwyq-7Q.roa
Signing time:             Mon 13 Apr 2026 07:18:20 +0000
ROA not before:           Mon 13 Apr 2026 07:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     147003
IP address blocks:        213.110.70.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:85:b4:a0:08:7e:0c:6b:51:b1:14:ff:67:17:fe:03:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Apr 13 07:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abd2b95fec799b7af680ec8792cd560f0caafbb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:63:ff:88:6a:ed:10:5a:b4:9b:5d:28:93:c2:
                    b5:8a:99:e6:b8:0c:c7:fb:46:40:20:e1:6d:74:c0:
                    03:33:94:66:da:db:7c:23:17:04:ea:24:b4:d0:88:
                    e8:d1:91:3a:fe:7f:f3:83:2a:1e:47:d7:b1:3f:65:
                    e5:5f:08:5a:34:35:8e:13:78:64:34:f3:c8:96:35:
                    94:e6:99:e7:13:c5:31:5b:e8:76:91:f5:93:b1:b4:
                    29:17:ee:23:64:3d:88:5d:a7:c7:ca:b7:a4:76:e4:
                    59:02:16:42:e4:ee:42:6c:a2:53:95:47:91:0c:17:
                    70:f0:69:33:22:02:45:b1:1b:42:1d:1f:cc:ce:ab:
                    dc:0d:01:dc:42:f2:22:b9:3a:87:cf:7a:89:37:67:
                    7f:16:c8:73:ac:d3:25:ed:fd:b8:cf:df:12:7e:6c:
                    dc:ac:e5:dc:c0:41:7c:00:43:0a:53:26:63:61:c7:
                    14:e5:a9:31:b5:fe:de:96:3f:d0:9e:68:f0:d4:ff:
                    41:f7:81:03:d7:7b:12:61:0c:d6:ce:ac:ec:9d:bb:
                    98:d5:0b:c1:be:44:19:6c:2a:f9:5e:58:5e:08:47:
                    2b:8f:d0:19:f9:f0:2f:66:98:f6:78:b5:83:a4:27:
                    07:59:d1:af:ad:c9:2d:84:52:bb:b9:8f:a9:71:55:
                    3b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D2:B9:5F:EC:79:9B:7A:F6:80:EC:87:92:CD:56:0F:0C:AA:FB:B4
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/q9K5X-x5m3r2gOyHks1WDwyq-7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:6d:87:4e:29:db:e7:1d:e6:2d:52:9d:7a:c4:04:68:ba:ee:
         6f:26:10:4c:3e:4c:b5:98:35:51:b7:39:38:86:5e:c5:1d:3a:
         8d:17:80:3b:c6:7e:bc:49:13:c3:21:56:c4:40:02:2f:d6:ad:
         9c:57:39:37:cd:77:c9:13:45:34:6b:d1:9d:b4:0a:9f:32:d9:
         81:7b:8f:7c:ce:fa:91:35:c8:48:1c:2c:ae:94:29:e7:0c:cf:
         54:23:a5:7a:88:7a:20:23:62:5e:5e:98:4f:fc:cb:a3:1b:21:
         e9:51:e5:eb:34:23:97:68:97:0f:70:be:0b:ee:56:58:86:61:
         d6:93:ad:88:fa:e1:2a:f6:dc:b0:57:d5:25:09:18:4b:ea:bb:
         46:d5:1a:5c:b9:c3:96:eb:c5:1f:d6:fb:38:10:1b:17:b7:5d:
         aa:2a:44:cd:60:8f:fa:25:25:df:f6:38:2a:6b:3f:e0:6f:08:
         b6:99:27:7a:fc:92:1c:db:a4:7c:1a:08:04:b6:8a:1a:27:7f:
         b4:e7:cc:7a:66:dc:26:a2:aa:78:d0:9e:af:f2:2b:41:01:68:
         66:e0:20:f7:97:d1:34:28:54:97:d1:2b:2f:89:75:77:f3:d2:
         26:72:cb:c8:1b:0c:e2:dc:29:8f:86:c4:61:e5:b4:72:98:33:
         f5:4d:31:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2FtKAIfgxrUbEU/2cX/gOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNDEzMDcxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQyYjk1ZmVjNzk5YjdhZjY4MGVjODc5MmNkNTYwZjBjYWFmYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02P/iGrtEFq0m10ok8K1ipnmuAzH
+0ZAIOFtdMADM5Rm2tt8IxcE6iS00Ijo0ZE6/n/zgyoeR9exP2XlXwhaNDWOE3hk
NPPIljWU5pnnE8UxW+h2kfWTsbQpF+4jZD2IXafHyrekduRZAhZC5O5CbKJTlUeR
DBdw8GkzIgJFsRtCHR/MzqvcDQHcQvIiuTqHz3qJN2d/FshzrNMl7f24z98Sfmzc
rOXcwEF8AEMKUyZjYccU5akxtf7elj/Qnmjw1P9B94ED13sSYQzWzqzsnbuY1QvB
vkQZbCr5XlheCEcrj9AZ+fAvZpj2eLWDpCcHWdGvrckthFK7uY+pcVU7sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvSuV/seZt69oDsh5LNVg8Mqvu0MB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvcTlLNVgteDVtM3IyZ095SGtzMVdEd3lxLTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1W5GMA0G
CSqGSIb3DQEBCwUAA4IBAQAsbYdOKdvnHeYtUp16xARouu5vJhBMPky1mDVRtzk4
hl7FHTqNF4A7xn68SRPDIVbEQAIv1q2cVzk3zXfJE0U0a9GdtAqfMtmBe498zvqR
NchIHCyulCnnDM9UI6V6iHogI2JeXphP/MujGyHpUeXrNCOXaJcPcL4L7lZYhmHW
k62I+uEq9tywV9UlCRhL6rtG1RpcucOW68Uf1vs4EBsXt12qKkTNYI/6JSXf9jgq
az/gbwi2mSd6/JIc26R8GggEtooaJ3+058x6Ztwmoqp40J6v8itBAWhm4CD3l9E0
KFSX0SsviXV389ImcsvIGwzi3CmPhsRh5bRymDP1TTF+
-----END CERTIFICATE-----