Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/uj4j6cfJ7bOcHn5Z6sqT_zROd8E.roa
File:                     uj4j6cfJ7bOcHn5Z6sqT_zROd8E.roa (raw, json)
Hash identifier:          P13gsQor+N4Emp0P4NO+P2Eyz4EQ9E4uMhkwNyYMsOA=
Subject key identifier:   BA:3E:23:E9:C7:C9:ED:B3:9C:1E:7E:59:EA:CA:93:FF:34:4E:77:C1
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019D85B49F99337288B2A3530C2F9B6DDD07
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/uj4j6cfJ7bOcHn5Z6sqT_zROd8E.roa
Signing time:             Mon 13 Apr 2026 07:18:20 +0000
ROA not before:           Mon 13 Apr 2026 07:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51847
IP address blocks:        213.110.70.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:85:b4:9f:99:33:72:88:b2:a3:53:0c:2f:9b:6d:dd:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Apr 13 07:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba3e23e9c7c9edb39c1e7e59eaca93ff344e77c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:17:d5:5d:b4:d9:f0:07:46:82:bc:d9:22:ec:
                    48:99:76:2d:1c:66:e1:21:7d:47:c1:a1:95:eb:dc:
                    dd:34:e1:e0:88:53:0f:58:56:30:77:d7:62:20:69:
                    6a:40:06:f6:5a:90:98:f2:56:cb:98:c6:e0:e4:d6:
                    78:d6:46:8a:49:10:3b:c8:55:59:b7:00:32:78:a7:
                    b6:2f:d2:81:2f:47:49:a6:7e:74:00:be:f8:19:a2:
                    18:27:4a:3b:8b:e0:32:cd:05:74:15:71:42:fc:6e:
                    32:29:c4:c8:b8:0b:1a:74:6d:79:23:0e:eb:7d:09:
                    ba:f6:cc:bf:40:70:40:e2:eb:a4:f2:7b:10:87:12:
                    2e:fd:79:90:d3:e7:84:aa:1b:51:23:68:7d:ab:c0:
                    c0:94:56:8d:ed:ef:ed:8c:85:d1:56:61:52:7f:1c:
                    65:83:20:da:ea:b8:5a:32:2d:2a:30:d3:a4:79:6b:
                    dd:90:16:e9:85:b5:25:a7:f6:6e:1c:18:e1:fe:50:
                    6f:c6:3e:7a:08:6f:e7:61:71:53:0a:7e:70:9c:03:
                    4a:be:31:29:43:00:22:71:18:95:e7:55:a4:80:58:
                    6e:c5:9c:55:4d:94:1b:3b:0e:35:bc:25:27:31:e8:
                    5b:9f:4d:3b:43:2a:ec:4c:df:69:33:29:dd:de:54:
                    70:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:3E:23:E9:C7:C9:ED:B3:9C:1E:7E:59:EA:CA:93:FF:34:4E:77:C1
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/uj4j6cfJ7bOcHn5Z6sqT_zROd8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:02:59:93:7a:c5:9f:91:ab:af:29:a6:ed:34:24:91:b1:4a:
         89:c9:81:d3:b7:a0:9c:08:2b:9f:02:51:80:04:36:04:e7:48:
         49:7f:8b:2b:0d:31:48:74:b1:c8:cb:82:99:00:9d:c5:44:ae:
         f0:e5:05:6c:c4:56:75:cf:51:ce:58:92:1d:9e:b4:11:71:21:
         82:1b:da:ad:53:b3:90:7d:47:f3:2e:bd:6b:aa:71:de:c9:dc:
         61:28:24:e9:cb:cd:b5:49:9f:3b:e8:18:78:48:2f:82:b3:3e:
         35:28:b3:85:8a:a7:74:d2:cc:91:8f:d5:50:38:ed:8b:89:40:
         66:97:ff:6f:1d:15:14:43:98:e9:fd:ee:ef:32:de:87:1d:e9:
         ae:c2:55:ab:cc:a1:90:e9:4c:ce:ef:e0:de:f8:d3:ca:45:52:
         86:6a:d9:08:51:a0:aa:17:c5:80:27:39:f1:09:1e:31:89:22:
         c7:b6:d8:ed:66:24:6d:19:f7:cc:fe:0b:67:5b:14:90:fb:ad:
         d6:16:c1:49:92:eb:82:9a:c0:8f:66:b8:68:f6:f3:e9:20:a6:
         4d:f3:cb:74:7b:83:ae:d6:81:35:4a:f2:7b:74:31:85:01:e1:
         2f:91:1a:6c:a9:c3:29:39:69:82:a7:3e:bb:3e:50:ab:91:dc:
         f2:7f:fb:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2FtJ+ZM3KIsqNTDC+bbd0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNDEzMDcxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTNlMjNlOWM3YzllZGIzOWMxZTdlNTllYWNhOTNmZjM0NGU3N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hfVXbTZ8AdGgrzZIuxImXYtHGbh
IX1HwaGV69zdNOHgiFMPWFYwd9diIGlqQAb2WpCY8lbLmMbg5NZ41kaKSRA7yFVZ
twAyeKe2L9KBL0dJpn50AL74GaIYJ0o7i+AyzQV0FXFC/G4yKcTIuAsadG15Iw7r
fQm69sy/QHBA4uuk8nsQhxIu/XmQ0+eEqhtRI2h9q8DAlFaN7e/tjIXRVmFSfxxl
gyDa6rhaMi0qMNOkeWvdkBbphbUlp/ZuHBjh/lBvxj56CG/nYXFTCn5wnANKvjEp
QwAicRiV51WkgFhuxZxVTZQbOw41vCUnMehbn007QyrsTN9pMynd3lRw6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLo+I+nHye2znB5+WerKk/80TnfBMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvdWo0ajZjZko3Yk9jSG41WjZzcVRfelJPZDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1W5GMA0G
CSqGSIb3DQEBCwUAA4IBAQAHAlmTesWfkauvKabtNCSRsUqJyYHTt6CcCCufAlGA
BDYE50hJf4srDTFIdLHIy4KZAJ3FRK7w5QVsxFZ1z1HOWJIdnrQRcSGCG9qtU7OQ
fUfzLr1rqnHeydxhKCTpy821SZ876Bh4SC+Csz41KLOFiqd00syRj9VQOO2LiUBm
l/9vHRUUQ5jp/e7vMt6HHemuwlWrzKGQ6UzO7+De+NPKRVKGatkIUaCqF8WAJznx
CR4xiSLHttjtZiRtGffM/gtnWxSQ+63WFsFJkuuCmsCPZrho9vPpIKZN88t0e4Ou
1oE1SvJ7dDGFAeEvkRpsqcMpOWmCpz67PlCrkdzyf/uO
-----END CERTIFICATE-----