Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/fFjYHOwlBy5Glp0QNxrS3eHSmDs.roa
File:                     fFjYHOwlBy5Glp0QNxrS3eHSmDs.roa (raw, json)
Hash identifier:          P4yBBJcJBQmjrtoV/buNE0xVxB0wdXG8IXNtAy6RL8Y=
Subject key identifier:   7C:58:D8:1C:EC:25:07:2E:46:96:9D:10:37:1A:D2:DD:E1:D2:98:3B
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       0199EBC1ED4A7DA88B045DB8F32FE272DA1C
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/fFjYHOwlBy5Glp0QNxrS3eHSmDs.roa
Signing time:             Thu 16 Oct 2025 06:42:58 +0000
ROA not before:           Thu 16 Oct 2025 06:42:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        213.110.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:eb:c1:ed:4a:7d:a8:8b:04:5d:b8:f3:2f:e2:72:da:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Oct 16 06:42:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c58d81cec25072e46969d10371ad2dde1d2983b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c3:a9:63:38:85:d6:d2:b0:8e:f7:4d:5b:7b:
                    8b:d6:d6:74:3f:fc:48:a3:12:05:61:27:50:b1:88:
                    92:8d:3f:23:79:d1:de:a9:a8:1f:01:83:47:9f:5b:
                    25:d2:58:5f:86:c4:c8:9b:79:c8:bc:82:e8:2e:de:
                    a3:9b:74:bc:51:ce:8f:88:08:f1:fc:79:95:8b:af:
                    ed:39:4c:4e:89:b4:02:c6:36:fb:0a:ed:1b:9d:12:
                    08:54:f6:30:45:df:22:4a:43:c6:31:bf:5a:c6:16:
                    02:30:c3:25:3f:60:5c:a7:f0:42:54:8a:0f:a9:78:
                    35:1e:b0:42:b9:97:dd:f1:b2:18:4a:55:6e:15:26:
                    87:78:c4:4f:eb:11:c5:97:c0:b6:23:c4:f3:d3:41:
                    14:19:06:b7:21:e0:5b:d4:d9:0d:e2:9a:58:4d:03:
                    36:37:72:93:d3:56:4b:a0:85:4e:bd:94:84:d6:a8:
                    73:f7:a9:ee:ce:32:bf:6f:54:87:c0:62:71:9a:49:
                    33:d4:3b:a5:87:d1:eb:63:08:e5:47:c5:40:cb:27:
                    cc:61:3a:80:d8:a8:f2:10:d0:d4:f1:76:1c:e5:d8:
                    7f:8c:82:67:97:a3:a6:e7:e7:53:7b:8d:59:8a:d8:
                    14:d8:04:e1:2d:63:74:bc:a5:d2:63:59:45:9a:89:
                    88:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:58:D8:1C:EC:25:07:2E:46:96:9D:10:37:1A:D2:DD:E1:D2:98:3B
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/fFjYHOwlBy5Glp0QNxrS3eHSmDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:e6:1b:86:c0:5e:70:5a:cb:02:ec:9d:98:66:67:1c:5e:e4:
         7f:e2:1c:fe:0a:a3:8e:d7:bd:3e:ca:1a:b2:c7:42:58:50:4e:
         82:c9:81:88:1f:08:a9:a3:dc:28:9c:94:bc:b0:96:2c:6c:f3:
         f0:8c:bf:6f:ff:7e:9f:b7:1c:d1:cd:cd:1e:ff:c6:1e:2a:cc:
         61:81:c0:bd:d2:55:73:7f:4d:cf:51:bc:53:67:99:0c:17:08:
         ce:f0:ab:23:61:01:53:2b:82:a2:60:ef:ad:4c:22:a4:e2:4c:
         9f:b5:ee:a6:ac:a7:75:60:c8:ae:f4:7a:88:0e:09:ca:15:21:
         cf:29:05:ee:53:ed:03:65:60:46:c4:00:62:0f:4c:28:83:57:
         e4:c6:f3:5d:85:2a:93:e5:94:42:85:94:fb:07:9b:34:62:f3:
         91:f1:ec:c1:11:9d:21:48:fe:85:ab:22:5b:cc:1b:90:1b:1a:
         c1:79:75:d0:5f:7d:9b:12:5a:80:60:4b:1c:bd:00:a3:be:0e:
         a4:09:97:4e:91:1f:75:2b:20:a8:c8:dc:2d:bd:2d:c6:8a:1b:
         f0:63:86:f3:a5:63:d0:d6:0b:8c:52:47:0a:7a:76:34:c5:f3:
         0d:f0:d4:4a:ef:77:d1:00:18:10:26:a5:b3:54:d7:af:ef:ea:
         b6:58:07:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnrwe1KfaiLBF248y/ictocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUxMDE2MDY0MjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzU4ZDgxY2VjMjUwNzJlNDY5NjlkMTAzNzFhZDJkZGUxZDI5ODNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMOpYziF1tKwjvdNW3uL1tZ0P/xI
oxIFYSdQsYiSjT8jedHeqagfAYNHn1sl0lhfhsTIm3nIvILoLt6jm3S8Uc6PiAjx
/HmVi6/tOUxOibQCxjb7Cu0bnRIIVPYwRd8iSkPGMb9axhYCMMMlP2Bcp/BCVIoP
qXg1HrBCuZfd8bIYSlVuFSaHeMRP6xHFl8C2I8Tz00EUGQa3IeBb1NkN4ppYTQM2
N3KT01ZLoIVOvZSE1qhz96nuzjK/b1SHwGJxmkkz1Dulh9HrYwjlR8VAyyfMYTqA
2KjyENDU8XYc5dh/jIJnl6Om5+dTe41ZitgU2AThLWN0vKXSY1lFmomIowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxY2BzsJQcuRpadEDca0t3h0pg7MB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvZkZqWUhPd2xCeTVHbHAwUU54clMzZUhTbURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1W5EMA0G
CSqGSIb3DQEBCwUAA4IBAQAg5huGwF5wWssC7J2YZmccXuR/4hz+CqOO170+yhqy
x0JYUE6CyYGIHwipo9wonJS8sJYsbPPwjL9v/36ftxzRzc0e/8YeKsxhgcC90lVz
f03PUbxTZ5kMFwjO8KsjYQFTK4KiYO+tTCKk4kyfte6mrKd1YMiu9HqIDgnKFSHP
KQXuU+0DZWBGxABiD0wog1fkxvNdhSqT5ZRChZT7B5s0YvOR8ezBEZ0hSP6FqyJb
zBuQGxrBeXXQX32bElqAYEscvQCjvg6kCZdOkR91KyCoyNwtvS3GihvwY4bzpWPQ
1guMUkcKenY0xfMN8NRK73fRABgQJqWzVNev7+q2WAe1
-----END CERTIFICATE-----