Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/DU8r3sc4ossJcNLkYBCHA96dRpA.roa
File:                     DU8r3sc4ossJcNLkYBCHA96dRpA.roa (raw, json)
Hash identifier:          r1JwJEoiU/JtSYwyekoAXXxNXR1urkakhqMVKFaKbKU=
Subject key identifier:   0D:4F:2B:DE:C7:38:A2:CB:09:70:D2:E4:60:10:87:03:DE:9D:46:90
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       01997B187353BF9391FE5B9D55F0BC4DB231
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/DU8r3sc4ossJcNLkYBCHA96dRpA.roa
Signing time:             Wed 24 Sep 2025 09:40:23 +0000
ROA not before:           Wed 24 Sep 2025 09:40:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        176.103.192.0/21 maxlen: 21
                          213.110.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:18:73:53:bf:93:91:fe:5b:9d:55:f0:bc:4d:b2:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Sep 24 09:40:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d4f2bdec738a2cb0970d2e460108703de9d4690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:80:9e:71:d4:f1:27:0e:db:35:0f:e0:5f:9b:
                    5e:aa:ff:aa:dc:c7:44:1d:38:f3:39:cf:13:12:ad:
                    71:c4:44:5a:5a:22:08:ea:36:cf:2b:dc:2a:23:30:
                    f9:30:4e:a3:ea:b9:da:3d:22:54:47:5e:bf:5d:85:
                    72:de:ad:d4:33:3a:72:7e:c0:1d:3d:2b:17:73:fa:
                    0c:4d:21:3c:58:54:29:0f:cb:6a:70:29:e1:42:7f:
                    92:bf:8b:29:87:b5:6a:4a:6a:82:88:5f:12:ed:47:
                    02:89:78:fa:61:3f:1b:ab:af:79:bd:96:e2:8b:7b:
                    f7:d8:61:9b:f5:bd:e6:e4:53:34:98:7e:ad:f9:1a:
                    3c:d6:43:31:d4:5c:50:cb:7b:4d:2b:66:b6:fa:21:
                    23:60:6f:1d:97:97:de:4a:0f:f5:2d:2f:b9:ee:ed:
                    1b:b4:f6:49:fc:a0:68:f4:80:55:48:ee:28:76:5f:
                    6e:bd:17:bd:d7:ae:f2:2e:95:4f:6b:2c:7d:05:ff:
                    2a:d3:0b:ef:81:3d:a5:ed:79:62:3c:e2:95:40:4a:
                    22:58:14:b3:c5:46:ea:b0:7e:df:35:44:3a:51:59:
                    f1:ca:e9:87:49:50:34:2c:b7:b6:e0:ab:4d:e8:b1:
                    07:fe:7f:f6:92:dd:d6:7b:22:af:ed:e9:07:e2:c0:
                    99:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:4F:2B:DE:C7:38:A2:CB:09:70:D2:E4:60:10:87:03:DE:9D:46:90
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/DU8r3sc4ossJcNLkYBCHA96dRpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.192.0/21
                  213.110.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:9f:21:96:bf:37:cb:02:b0:aa:f9:9a:08:f0:a0:c1:bd:76:
         61:47:2f:8d:c2:04:55:d9:7b:fa:1d:8d:65:d6:0f:da:73:82:
         41:e7:a2:8c:9e:c2:05:c6:af:be:64:51:ff:be:4d:3e:9c:c2:
         14:76:41:45:b4:4d:f5:0b:40:c0:1c:a4:4c:5e:c8:4a:09:01:
         80:a0:b6:f0:0c:60:56:ad:1d:77:4e:91:0e:fa:4d:97:d5:65:
         43:7c:3a:d7:1b:c6:63:75:80:51:c6:f0:96:d5:b8:78:85:ab:
         c3:3c:d4:32:56:3d:1a:02:b8:ad:2c:1f:03:45:b8:4b:32:42:
         59:7b:7f:6d:12:61:9c:13:ac:7b:77:83:b1:8e:20:0f:2d:6a:
         e5:f2:f3:36:ab:11:7a:c3:99:97:b1:63:e8:ad:17:9c:3a:e1:
         b6:a9:97:10:39:21:2e:85:6e:d7:bb:ef:4b:99:93:d3:88:e5:
         1f:cd:50:54:3b:76:c2:88:44:cf:6e:f6:d3:27:fe:82:58:b5:
         e8:75:99:93:bc:9e:fa:c5:49:cc:a1:e6:6a:13:71:42:b4:2a:
         3c:95:6e:71:06:6d:d0:b3:f3:86:e7:49:27:92:31:16:db:4d:
         8b:40:57:df:ce:83:80:b3:86:0e:c9:ac:6c:76:ca:6b:cb:6e:
         5d:bf:62:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl7GHNTv5OR/ludVfC8TbIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwOTI0MDk0MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDRmMmJkZWM3MzhhMmNiMDk3MGQyZTQ2MDEwODcwM2RlOWQ0NjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqICecdTxJw7bNQ/gX5teqv+q3MdE
HTjzOc8TEq1xxERaWiII6jbPK9wqIzD5ME6j6rnaPSJUR16/XYVy3q3UMzpyfsAd
PSsXc/oMTSE8WFQpD8tqcCnhQn+Sv4sph7VqSmqCiF8S7UcCiXj6YT8bq695vZbi
i3v32GGb9b3m5FM0mH6t+Ro81kMx1FxQy3tNK2a2+iEjYG8dl5feSg/1LS+57u0b
tPZJ/KBo9IBVSO4odl9uvRe9167yLpVPayx9Bf8q0wvvgT2l7XliPOKVQEoiWBSz
xUbqsH7fNUQ6UVnxyumHSVA0LLe24KtN6LEH/n/2kt3WeyKv7ekH4sCZMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA1PK97HOKLLCXDS5GAQhwPenUaQMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvRFU4cjNzYzRvc3NKY05Ma1lCQ0hBOTZkUnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDsGfAAwQC
1W5IMA0GCSqGSIb3DQEBCwUAA4IBAQBhnyGWvzfLArCq+ZoI8KDBvXZhRy+NwgRV
2Xv6HY1l1g/ac4JB56KMnsIFxq++ZFH/vk0+nMIUdkFFtE31C0DAHKRMXshKCQGA
oLbwDGBWrR13TpEO+k2X1WVDfDrXG8ZjdYBRxvCW1bh4havDPNQyVj0aAritLB8D
RbhLMkJZe39tEmGcE6x7d4OxjiAPLWrl8vM2qxF6w5mXsWPorRecOuG2qZcQOSEu
hW7Xu+9LmZPTiOUfzVBUO3bCiETPbvbTJ/6CWLXodZmTvJ76xUnMoeZqE3FCtCo8
lW5xBm3Qs/OG50knkjEW202LQFffzoOAs4YOyaxsdspry25dv2IQ
-----END CERTIFICATE-----