Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/K0A1Fvag5wQBZRIEPtaUVvgpD3A.roa
File:                     K0A1Fvag5wQBZRIEPtaUVvgpD3A.roa (raw, json)
Hash identifier:          gyUwS3I2bK0n8nOPkM1qVwO/v11ITk+rE5ggoeNpr1Y=
Subject key identifier:   2B:40:35:16:F6:A0:E7:04:01:65:12:04:3E:D6:94:56:F8:29:0F:70
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       01987E906634DCB863DF77389FF82D145874
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/K0A1Fvag5wQBZRIEPtaUVvgpD3A.roa
Signing time:             Wed 06 Aug 2025 08:47:29 +0000
ROA not before:           Wed 06 Aug 2025 08:47:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47690
IP address blocks:        213.110.68.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 23:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:90:66:34:dc:b8:63:df:77:38:9f:f8:2d:14:58:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Aug  6 08:47:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b403516f6a0e704016512043ed69456f8290f70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:44:1d:9f:7b:77:76:cb:32:29:65:a6:f4:de:
                    7a:2b:a7:a0:64:7f:78:51:1c:d8:4d:24:45:73:91:
                    9f:62:9a:eb:ab:7d:9c:ab:cb:93:82:c3:03:28:5c:
                    87:e6:88:d6:21:97:2e:d9:96:f3:90:ee:9f:38:5e:
                    4a:89:a4:c6:4a:4c:9e:ba:5c:ea:f4:68:da:40:a4:
                    41:b0:8f:e9:ee:6a:20:ae:2d:2c:42:8a:5e:01:8b:
                    0e:3a:df:61:d9:7a:ae:c7:82:1b:61:50:f4:3e:30:
                    09:d6:b2:0f:64:c0:a4:0c:75:97:7f:2a:a4:16:86:
                    6f:ad:f9:c8:06:d0:e1:c4:06:6b:ab:09:00:0c:51:
                    17:21:bf:37:b4:30:27:17:ab:83:62:74:89:66:06:
                    75:5a:e5:74:b8:65:80:64:40:65:e2:2d:ff:88:d0:
                    36:c9:18:b2:2e:c7:4c:1b:a0:12:b1:6a:14:59:4e:
                    65:78:3c:7b:62:39:2b:ce:02:5f:c2:94:d4:40:31:
                    1e:2a:28:8a:59:bf:9f:e6:29:e4:3e:76:d5:14:8f:
                    94:48:bb:28:3d:71:7c:a6:8e:96:8a:37:16:15:dc:
                    f2:c5:cf:b1:d9:9f:e0:91:ea:cf:c1:94:7d:45:f7:
                    ec:c6:6a:9e:c2:9d:88:7c:fe:37:bc:33:8d:76:c3:
                    1b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:40:35:16:F6:A0:E7:04:01:65:12:04:3E:D6:94:56:F8:29:0F:70
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/K0A1Fvag5wQBZRIEPtaUVvgpD3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:dd:80:ed:ce:aa:4a:aa:eb:d7:0f:cb:97:13:84:33:23:c3:
         e0:b5:7c:89:11:38:86:4f:c9:6e:75:b1:19:65:6d:d4:0b:e2:
         38:ae:8c:51:fb:4e:0e:10:9c:4b:c5:59:f7:7e:65:bf:60:05:
         9b:2e:b6:5a:e3:9f:b1:df:59:db:ee:d0:e3:b7:25:a7:d7:dd:
         22:17:45:c9:4f:d3:8e:d1:3a:01:1f:73:16:58:da:a8:db:aa:
         ef:14:f7:30:68:a7:23:f1:69:2f:99:38:12:33:be:64:1a:91:
         dc:88:76:56:e0:fa:c2:44:73:47:90:88:4c:98:77:da:01:4d:
         1d:e7:c7:0a:7a:de:43:ca:fd:ba:fc:09:8c:5e:30:23:2b:80:
         9b:7c:c0:d1:d9:5b:fc:53:60:49:f4:aa:ec:e2:84:62:20:ad:
         33:bd:5d:18:6b:70:ee:f9:91:56:36:38:7e:78:7a:57:38:d7:
         99:30:03:5f:f4:ec:89:4c:48:77:38:c9:d0:fe:b0:ff:90:e1:
         47:53:47:f5:b2:9c:da:e2:c3:5b:14:94:b2:d6:30:81:86:a2:
         c6:52:fb:c2:13:2b:d7:9a:91:ac:0d:f2:07:81:cb:dc:31:c0:
         4a:2d:52:9a:95:06:da:ad:fa:f0:06:02:8d:9c:3d:99:64:62:
         f8:5e:69:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh+kGY03Lhj33c4n/gtFFh0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwODA2MDg0NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjQwMzUxNmY2YTBlNzA0MDE2NTEyMDQzZWQ2OTQ1NmY4MjkwZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0Qdn3t3dssyKWWm9N56K6egZH94
URzYTSRFc5GfYprrq32cq8uTgsMDKFyH5ojWIZcu2ZbzkO6fOF5KiaTGSkyeulzq
9GjaQKRBsI/p7mogri0sQopeAYsOOt9h2Xqux4IbYVD0PjAJ1rIPZMCkDHWXfyqk
FoZvrfnIBtDhxAZrqwkADFEXIb83tDAnF6uDYnSJZgZ1WuV0uGWAZEBl4i3/iNA2
yRiyLsdMG6ASsWoUWU5leDx7YjkrzgJfwpTUQDEeKiiKWb+f5inkPnbVFI+USLso
PXF8po6WijcWFdzyxc+x2Z/gkerPwZR9Rffsxmqewp2IfP43vDONdsMbywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtANRb2oOcEAWUSBD7WlFb4KQ9wMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvSzBBMUZ2YWc1d1FCWlJJRVB0YVVWdmdwRDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1W5EMA0G
CSqGSIb3DQEBCwUAA4IBAQAp3YDtzqpKquvXD8uXE4QzI8PgtXyJETiGT8ludbEZ
ZW3UC+I4roxR+04OEJxLxVn3fmW/YAWbLrZa45+x31nb7tDjtyWn190iF0XJT9OO
0ToBH3MWWNqo26rvFPcwaKcj8WkvmTgSM75kGpHciHZW4PrCRHNHkIhMmHfaAU0d
58cKet5Dyv26/AmMXjAjK4CbfMDR2Vv8U2BJ9Krs4oRiIK0zvV0Ya3Du+ZFWNjh+
eHpXONeZMANf9OyJTEh3OMnQ/rD/kOFHU0f1spza4sNbFJSy1jCBhqLGUvvCEyvX
mpGsDfIHgcvcMcBKLVKalQbarfrwBgKNnD2ZZGL4XmmS
-----END CERTIFICATE-----