Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Iy9YHFUsKqatv7nhepb8cG-bR40.roa
File:                     Iy9YHFUsKqatv7nhepb8cG-bR40.roa (raw, json)
Hash identifier:          II6DmGXT8TTFARwPdJnQHhBPAg/VNqJE6BOpMhhw4Js=
Subject key identifier:   23:2F:58:1C:55:2C:2A:A6:AD:BF:B9:E1:7A:96:FC:70:6F:9B:47:8D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019A492183EDFB0FACCE62AF9FD67549EE8B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Iy9YHFUsKqatv7nhepb8cG-bR40.roa
Signing time:             Mon 03 Nov 2025 09:52:04 +0000
ROA not before:           Mon 03 Nov 2025 09:52:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204044
IP address blocks:        213.210.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:21:83:ed:fb:0f:ac:ce:62:af:9f:d6:75:49:ee:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  3 09:52:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=232f581c552c2aa6adbfb9e17a96fc706f9b478d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ab:73:bc:c2:7a:5e:0b:58:fa:81:0d:ee:f3:
                    01:da:e1:73:2c:b9:92:3b:72:f1:c4:a0:1a:a6:87:
                    5e:4e:a2:29:d6:c0:15:90:54:90:9f:9c:6a:f0:27:
                    0d:15:f4:f4:4d:20:e8:b3:0b:79:7e:af:d9:d5:f2:
                    e9:31:77:81:ef:88:3f:55:60:a1:0e:67:43:c1:3e:
                    17:36:22:3e:3b:58:59:6a:22:ee:40:ea:28:d4:1c:
                    80:e4:6b:42:29:e5:86:02:6c:ff:19:19:15:53:32:
                    3a:f8:75:9e:8a:37:c0:f4:9a:de:41:9e:6c:f4:32:
                    a5:3c:42:18:96:87:7d:f4:0b:2c:52:67:28:58:7f:
                    99:e0:39:11:0b:bc:64:8e:76:23:62:e6:b4:db:e1:
                    3a:f7:8f:ee:e1:a8:29:a4:ca:5e:a7:f8:c7:68:c2:
                    1f:9f:69:76:5c:50:ad:b2:82:d3:44:93:1f:0a:c6:
                    8b:70:30:7a:3a:72:9a:24:2f:e7:3d:99:85:aa:14:
                    36:5c:85:10:06:3d:da:0a:40:3d:5e:f6:7f:b2:15:
                    de:72:28:8d:d4:03:9d:4d:b8:46:77:8d:e4:ee:f5:
                    e0:7e:53:72:3b:46:f5:4a:86:f5:9b:f9:67:2c:77:
                    58:d0:e8:43:e9:1c:dc:a8:38:4c:bf:93:0c:96:02:
                    c9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2F:58:1C:55:2C:2A:A6:AD:BF:B9:E1:7A:96:FC:70:6F:9B:47:8D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Iy9YHFUsKqatv7nhepb8cG-bR40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:09:7b:5c:f1:e2:2f:4c:11:7f:4c:59:16:44:e4:10:16:2f:
         f4:4f:d7:f5:7c:00:c0:69:e8:a2:8a:84:f5:fa:58:54:99:91:
         12:5b:45:f8:97:03:b8:57:28:92:a4:39:ca:cc:69:28:49:a1:
         32:76:98:cd:1b:9b:22:53:ff:7e:43:7f:26:9e:ad:59:51:04:
         50:79:04:6e:43:3b:a8:64:3b:b7:50:4e:67:c9:5c:1b:9c:ee:
         8e:f3:c3:b5:6c:fc:4f:e0:25:23:03:a0:88:cc:b8:4d:06:e3:
         bf:f6:42:a8:45:91:1d:fb:28:1d:ba:5c:24:85:df:36:52:a0:
         d0:34:db:a5:9f:57:a2:65:35:11:01:d4:49:9b:07:3f:5e:25:
         20:4e:40:4b:23:b4:a5:6f:fd:3e:e0:d5:e9:7c:86:d8:8a:74:
         31:42:44:12:9f:3b:dd:59:6f:61:60:76:4c:29:ae:41:ae:e9:
         d6:c5:43:d4:94:9c:e2:e6:11:94:71:bb:be:9f:8e:08:11:4d:
         81:d3:fc:57:b4:76:53:18:69:0d:25:3c:3a:b0:50:b4:47:88:
         b6:78:0b:1a:42:68:b4:a7:4e:f4:83:14:d2:26:b5:e7:55:1b:
         04:2b:09:83:87:ca:c4:f2:74:1b:1e:23:8b:5e:06:6a:a3:62:
         7e:07:26:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpJIYPt+w+szmKvn9Z1Se6LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzJmNTgxYzU1MmMyYWE2YWRiZmI5ZTE3YTk2ZmM3MDZmOWI0NzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKtzvMJ6XgtY+oEN7vMB2uFzLLmS
O3LxxKAapodeTqIp1sAVkFSQn5xq8CcNFfT0TSDoswt5fq/Z1fLpMXeB74g/VWCh
DmdDwT4XNiI+O1hZaiLuQOoo1ByA5GtCKeWGAmz/GRkVUzI6+HWeijfA9JreQZ5s
9DKlPEIYlod99AssUmcoWH+Z4DkRC7xkjnYjYua02+E694/u4agppMpep/jHaMIf
n2l2XFCtsoLTRJMfCsaLcDB6OnKaJC/nPZmFqhQ2XIUQBj3aCkA9XvZ/shXeciiN
1AOdTbhGd43k7vXgflNyO0b1Sob1m/lnLHdY0OhD6RzcqDhMv5MMlgLJAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMvWBxVLCqmrb+54XqW/HBvm0eNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSXk5WUhGVXNLcWF0djduaGVwYjhjRy1iUjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dI6MA0G
CSqGSIb3DQEBCwUAA4IBAQBsCXtc8eIvTBF/TFkWROQQFi/0T9f1fADAaeiiioT1
+lhUmZESW0X4lwO4VyiSpDnKzGkoSaEydpjNG5siU/9+Q38mnq1ZUQRQeQRuQzuo
ZDu3UE5nyVwbnO6O88O1bPxP4CUjA6CIzLhNBuO/9kKoRZEd+ygdulwkhd82UqDQ
NNuln1eiZTURAdRJmwc/XiUgTkBLI7Slb/0+4NXpfIbYinQxQkQSnzvdWW9hYHZM
Ka5BrunWxUPUlJzi5hGUcbu+n44IEU2B0/xXtHZTGGkNJTw6sFC0R4i2eAsaQmi0
p070gxTSJrXnVRsEKwmDh8rE8nQbHiOLXgZqo2J+ByYf
-----END CERTIFICATE-----