Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v0yQZyUbx2gAqqi6hFIvfQjixYY.roa
File:                     v0yQZyUbx2gAqqi6hFIvfQjixYY.roa (raw, json)
Hash identifier:          4P70Tc6zMdWJZgnEphvxdBIuiMou5pBySctXkwklPLY=
Subject key identifier:   BF:4C:90:67:25:1B:C7:68:00:AA:A8:BA:84:52:2F:7D:08:E2:C5:86
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EB12B1B485871138749BC0FC66F9C15A3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v0yQZyUbx2gAqqi6hFIvfQjixYY.roa
Signing time:             Wed 10 Jun 2026 10:54:12 +0000
ROA not before:           Wed 10 Jun 2026 10:54:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        213.210.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:2b:1b:48:58:71:13:87:49:bc:0f:c6:6f:9c:15:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 10 10:54:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf4c9067251bc76800aaa8ba84522f7d08e2c586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:53:c8:22:a3:9a:d3:62:79:7b:f2:23:2d:a1:
                    f5:a9:bd:a9:72:ff:ea:d0:af:6f:88:1c:60:72:d9:
                    bd:73:3c:fd:34:81:0c:ea:d7:07:31:04:47:f0:1e:
                    c6:91:09:74:ed:38:ac:89:a4:48:bb:80:8d:60:c5:
                    23:3c:5f:60:72:6d:94:ef:ec:a0:20:e3:c3:63:aa:
                    02:78:fc:1f:f1:79:b9:80:57:94:bf:ab:2e:7f:f3:
                    9a:87:33:1d:a5:87:4c:f1:eb:e1:b6:91:97:96:f0:
                    7f:29:a3:9e:2a:0e:74:ac:3b:33:a3:ec:6c:03:91:
                    d7:7e:8b:29:21:ba:f8:84:4e:8c:cf:e8:23:f7:f2:
                    b7:25:0a:46:1a:2d:bc:3c:8f:ff:29:af:0f:54:af:
                    ef:37:80:ac:37:f6:16:af:04:c0:c6:67:8c:45:55:
                    e8:e7:59:34:56:5f:85:38:ad:20:4b:7a:ae:94:7c:
                    4d:9e:89:25:70:71:3e:32:8d:13:1f:e8:53:02:3e:
                    89:22:6e:c3:2b:cf:3c:c4:60:2f:1b:84:27:30:6b:
                    d6:5c:9e:77:1e:2e:e8:18:f1:a3:81:1c:04:28:07:
                    b9:9b:d0:5a:2e:d8:ed:0a:14:75:36:4b:a8:c9:4d:
                    c6:94:1c:bd:d2:96:f8:65:d7:56:bf:5b:8b:aa:61:
                    eb:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4C:90:67:25:1B:C7:68:00:AA:A8:BA:84:52:2F:7D:08:E2:C5:86
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v0yQZyUbx2gAqqi6hFIvfQjixYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:28:ac:01:53:a2:36:82:08:a5:a0:0f:78:5f:0c:94:9c:0f:
         c3:90:5d:f5:a1:f5:2d:ac:82:c7:ca:dc:0e:6b:54:1b:50:21:
         90:92:b0:c4:d1:3d:b1:f2:36:18:c8:b4:01:0b:a4:31:be:15:
         eb:5c:63:4a:51:dd:59:94:44:f9:31:20:c5:ba:58:15:03:4e:
         bc:6c:c1:56:cd:88:e6:11:6e:b5:34:eb:48:3a:60:20:5d:1c:
         c6:53:7d:a1:e7:1f:c8:b1:3a:7a:87:41:59:64:40:e7:49:e2:
         95:85:bb:e6:68:b5:f0:76:26:e1:8f:48:a9:c9:d9:38:ab:65:
         28:7c:0b:2d:7c:3a:f7:72:7c:fb:86:35:e7:80:c2:7f:16:13:
         4a:be:a7:5d:78:68:ec:40:d2:67:2b:09:e4:6c:df:89:ac:fd:
         c7:57:aa:8b:94:87:bf:8d:78:f0:08:dc:0e:ae:77:45:c8:db:
         2e:bc:98:29:a1:59:62:76:56:95:2c:74:8c:61:9e:19:28:ce:
         1f:6a:1b:cf:ca:d0:1a:59:21:41:6a:45:f3:01:9a:fe:98:82:
         6b:2d:d4:a6:7b:5d:15:67:92:81:b9:b1:51:a6:0b:76:ff:26:
         d8:a5:a7:6f:e4:7a:b5:b7:e7:5c:1d:7b:94:15:47:20:84:a7:
         b0:d4:16:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6xKxtIWHETh0m8D8ZvnBWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjEwMTA1NDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRjOTA2NzI1MWJjNzY4MDBhYWE4YmE4NDUyMmY3ZDA4ZTJjNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31PIIqOa02J5e/IjLaH1qb2pcv/q
0K9viBxgctm9czz9NIEM6tcHMQRH8B7GkQl07TisiaRIu4CNYMUjPF9gcm2U7+yg
IOPDY6oCePwf8Xm5gFeUv6suf/OahzMdpYdM8evhtpGXlvB/KaOeKg50rDszo+xs
A5HXfospIbr4hE6Mz+gj9/K3JQpGGi28PI//Ka8PVK/vN4CsN/YWrwTAxmeMRVXo
51k0Vl+FOK0gS3qulHxNnoklcHE+Mo0TH+hTAj6JIm7DK888xGAvG4QnMGvWXJ53
Hi7oGPGjgRwEKAe5m9BaLtjtChR1NkuoyU3GlBy90pb4ZddWv1uLqmHrGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9MkGclG8doAKqouoRSL30I4sWGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdjB5UVp5VWJ4MmdBcXFpNmhGSXZmUWppeFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dIcMA0G
CSqGSIb3DQEBCwUAA4IBAQCUKKwBU6I2ggiloA94XwyUnA/DkF31ofUtrILHytwO
a1QbUCGQkrDE0T2x8jYYyLQBC6QxvhXrXGNKUd1ZlET5MSDFulgVA068bMFWzYjm
EW61NOtIOmAgXRzGU32h5x/IsTp6h0FZZEDnSeKVhbvmaLXwdibhj0ipydk4q2Uo
fAstfDr3cnz7hjXngMJ/FhNKvqddeGjsQNJnKwnkbN+JrP3HV6qLlIe/jXjwCNwO
rndFyNsuvJgpoVlidlaVLHSMYZ4ZKM4fahvPytAaWSFBakXzAZr+mIJrLdSme10V
Z5KBubFRpgt2/ybYpadv5Hq1t+dcHXuUFUcghKew1BYR
-----END CERTIFICATE-----