Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/RwaLZN3D24qbiSCNdxPzEDghRuQ.roa
File:                     RwaLZN3D24qbiSCNdxPzEDghRuQ.roa (raw, json)
Hash identifier:          qOkoBLXEXIyoyxyFGdEFpZ14lfMYf3mog4DQoGo1xtU=
Subject key identifier:   47:06:8B:64:DD:C3:DB:8A:9B:89:20:8D:77:13:F3:10:38:21:46:E4
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       01994D9D8F622FF1B25B398F9BDA5F7A3480
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/RwaLZN3D24qbiSCNdxPzEDghRuQ.roa
Signing time:             Mon 15 Sep 2025 13:43:15 +0000
ROA not before:           Mon 15 Sep 2025 13:43:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12993
IP address blocks:        213.110.66.0/24 maxlen: 24
                          213.110.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Oct 2025 00:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4d:9d:8f:62:2f:f1:b2:5b:39:8f:9b:da:5f:7a:34:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Sep 15 13:43:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47068b64ddc3db8a9b89208d7713f310382146e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f5:74:77:93:d7:3a:aa:3b:83:ab:ee:58:a6:
                    ce:f6:cc:b0:6b:eb:c7:19:98:a7:7e:63:2c:7c:84:
                    6c:47:88:b8:4f:42:4b:4b:c3:82:c6:40:83:d1:00:
                    67:cd:f9:51:12:dd:38:88:d6:89:bf:49:e6:20:8d:
                    7d:17:fa:93:ac:61:a2:cd:71:38:8f:b3:67:d0:ce:
                    f1:70:24:4d:b0:02:e6:70:d3:d3:64:d5:ca:52:30:
                    87:0d:d2:e9:6e:77:84:ed:22:f7:17:f6:98:e1:69:
                    e5:eb:e6:af:99:93:12:50:a4:95:d6:9b:c0:97:fa:
                    c8:d0:87:f5:2b:76:bd:67:95:66:7d:d2:ff:e7:ac:
                    0a:7d:27:ba:aa:f8:f4:2a:53:57:fd:d3:3c:35:67:
                    b6:08:aa:f8:ab:8a:30:b0:ed:40:18:9a:2e:54:30:
                    3e:65:f3:c2:0d:b0:a0:de:55:fa:f8:20:a4:73:26:
                    9b:b2:02:de:18:ab:1e:2a:77:6f:17:ea:f9:41:f8:
                    94:ec:ea:fc:59:b1:f6:cc:be:a9:e4:67:36:95:2f:
                    be:f0:23:50:ce:f2:ab:46:5b:32:d0:b2:95:ec:b1:
                    8a:a9:2c:06:3a:46:4e:2c:03:17:1e:e4:5a:1a:db:
                    53:b4:22:3d:ab:8e:ab:18:19:b9:44:ed:b8:56:10:
                    47:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:06:8B:64:DD:C3:DB:8A:9B:89:20:8D:77:13:F3:10:38:21:46:E4
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/RwaLZN3D24qbiSCNdxPzEDghRuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:cb:14:11:64:f3:61:b2:d1:06:b9:84:7d:1e:23:b9:45:d3:
         42:e6:ba:82:0c:ec:e3:ed:12:a2:1b:78:7e:1c:2b:62:21:5d:
         15:b3:ad:de:98:a6:e8:f6:fb:a9:d3:e8:fd:c2:14:3d:0f:ec:
         45:2c:82:91:0c:45:3c:b7:7b:e8:55:b3:fd:99:ad:87:4f:32:
         73:46:2e:6c:d2:4f:2b:48:60:94:74:ed:18:e0:00:51:44:62:
         d9:af:e1:9b:b5:a2:81:26:06:e4:1c:58:1a:da:09:77:e1:76:
         87:9f:50:4c:44:2c:a9:43:52:33:3e:fc:21:08:b7:a7:fd:f2:
         08:46:c5:10:af:01:eb:95:02:85:d0:d6:eb:38:d5:a6:27:74:
         aa:71:b6:4c:36:9b:16:e7:58:83:bc:4c:cb:af:68:3f:af:10:
         fa:31:c2:bc:89:fa:aa:e3:3f:9d:f0:a3:1a:ad:2a:58:de:9d:
         bd:a8:06:2f:ea:36:86:38:03:fb:42:93:2e:03:f6:a0:1e:03:
         66:dc:d1:66:82:44:2c:ba:3d:5b:8b:cd:6d:56:33:dc:a3:c9:
         90:f7:a9:49:30:ec:a1:eb:92:65:08:73:fd:e5:4a:a9:9a:b9:
         ff:f5:64:96:f3:29:e5:ec:66:dc:7d:02:66:e6:94:a8:0c:06:
         b6:87:03:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlNnY9iL/GyWzmPm9pfejSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwOTE1MTM0MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzA2OGI2NGRkYzNkYjhhOWI4OTIwOGQ3NzEzZjMxMDM4MjE0NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/V0d5PXOqo7g6vuWKbO9sywa+vH
GZinfmMsfIRsR4i4T0JLS8OCxkCD0QBnzflREt04iNaJv0nmII19F/qTrGGizXE4
j7Nn0M7xcCRNsALmcNPTZNXKUjCHDdLpbneE7SL3F/aY4Wnl6+avmZMSUKSV1pvA
l/rI0If1K3a9Z5VmfdL/56wKfSe6qvj0KlNX/dM8NWe2CKr4q4owsO1AGJouVDA+
ZfPCDbCg3lX6+CCkcyabsgLeGKseKndvF+r5QfiU7Or8WbH2zL6p5Gc2lS++8CNQ
zvKrRlsy0LKV7LGKqSwGOkZOLAMXHuRaGttTtCI9q46rGBm5RO24VhBHJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcGi2Tdw9uKm4kgjXcT8xA4IUbkMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvUndhTFpOM0QyNHFiaVNDTmR4UHpFRGdoUnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1W5CMA0G
CSqGSIb3DQEBCwUAA4IBAQBhyxQRZPNhstEGuYR9HiO5RdNC5rqCDOzj7RKiG3h+
HCtiIV0Vs63emKbo9vup0+j9whQ9D+xFLIKRDEU8t3voVbP9ma2HTzJzRi5s0k8r
SGCUdO0Y4ABRRGLZr+GbtaKBJgbkHFga2gl34XaHn1BMRCypQ1IzPvwhCLen/fII
RsUQrwHrlQKF0NbrONWmJ3SqcbZMNpsW51iDvEzLr2g/rxD6McK8ifqq4z+d8KMa
rSpY3p29qAYv6jaGOAP7QpMuA/agHgNm3NFmgkQsuj1bi81tVjPco8mQ96lJMOyh
65JlCHP95Uqpmrn/9WSW8ynl7GbcfQJm5pSoDAa2hwNp
-----END CERTIFICATE-----