Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9YGUB9Sg_uZjgfqH_gS4DQKsj10.roa
File:                     9YGUB9Sg_uZjgfqH_gS4DQKsj10.roa (raw, json)
Hash identifier:          QeVY9Aj4jcXCe0GtIBwannFw+BIz9k+w9/g8QK+io8M=
Subject key identifier:   F5:81:94:07:D4:A0:FE:E6:63:81:FA:87:FE:04:B8:0D:02:AC:8F:5D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D67792B9E029112FB4F13CF297DD8216D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9YGUB9Sg_uZjgfqH_gS4DQKsj10.roa
Signing time:             Tue 07 Apr 2026 10:24:47 +0000
ROA not before:           Tue 07 Apr 2026 10:24:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42927
IP address blocks:        213.210.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:79:2b:9e:02:91:12:fb:4f:13:cf:29:7d:d8:21:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  7 10:24:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5819407d4a0fee66381fa87fe04b80d02ac8f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:48:a6:e6:7b:38:53:43:20:67:e0:e9:9d:56:
                    a2:df:a9:9e:f9:fe:3f:53:6c:f2:a0:d4:9d:8e:64:
                    4a:67:50:23:7a:af:ff:de:93:ef:f4:3c:60:d3:51:
                    d6:79:f2:f0:73:03:a3:b5:2e:74:a5:0a:d3:14:2f:
                    89:28:ac:c7:66:56:00:32:50:ff:4f:bf:90:17:c4:
                    f4:21:43:cc:9e:27:8d:f5:8a:5b:26:3b:84:d2:57:
                    66:14:91:ef:2e:11:91:79:9b:f7:29:24:3e:66:10:
                    53:05:cc:3f:e7:c8:d5:5d:b6:6b:35:f7:18:26:5a:
                    58:f4:4e:69:24:f9:fe:c9:05:d1:c6:a0:d3:6d:d2:
                    58:42:36:3a:6a:41:eb:63:0c:88:2f:09:e4:37:dc:
                    3c:b9:5f:e2:99:cb:ad:24:cd:df:2e:d5:78:26:f1:
                    92:95:f6:ef:b7:42:42:e8:1e:de:9b:c0:e1:1f:ad:
                    62:24:68:a6:fb:c8:c0:11:71:12:40:01:5d:83:30:
                    e5:47:bd:70:78:77:59:af:34:cb:cc:b3:13:9c:d0:
                    ce:d5:29:a0:68:31:f9:7f:09:e7:d4:ef:cf:f6:b3:
                    65:1b:ac:22:4f:81:4b:1f:fb:6e:e0:18:9b:2c:dd:
                    a7:24:ad:9e:d0:d8:e9:9f:50:fd:d0:c2:b4:d5:c7:
                    16:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:81:94:07:D4:A0:FE:E6:63:81:FA:87:FE:04:B8:0D:02:AC:8F:5D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9YGUB9Sg_uZjgfqH_gS4DQKsj10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:16:e5:9c:30:5d:3b:9a:5a:60:cf:9c:ea:5e:2b:13:bc:98:
         ea:a4:23:c0:47:7d:e3:49:72:ab:da:ec:c9:bd:53:16:6f:84:
         2b:b0:01:d7:1d:71:32:32:b2:24:27:0f:f9:50:b6:09:e0:1c:
         b1:9c:a6:70:42:72:24:d4:52:0d:23:46:75:23:be:ae:54:89:
         ed:2c:a8:28:d1:53:70:7a:73:12:06:fb:3f:df:e8:76:43:04:
         9e:a3:b1:e7:15:a1:ed:61:e5:4e:f0:5f:32:f5:5c:ae:b7:2a:
         33:09:0b:59:1c:be:8c:a2:e0:fb:01:98:c0:12:89:f8:fa:5f:
         be:12:04:9d:7a:7a:aa:86:ed:fa:d3:e2:34:7c:7d:41:59:7e:
         e5:c2:b2:89:fb:1f:40:38:50:4e:3a:8c:50:7e:37:71:76:d5:
         be:27:a2:55:8f:08:07:e6:a5:15:66:9b:4e:af:6a:8d:14:64:
         26:c8:a3:12:a0:cc:73:4e:21:d1:e5:0f:f8:51:ee:69:23:09:
         f2:d8:91:2d:60:f7:d8:2d:ba:a8:a3:28:09:87:29:85:e8:e6:
         d6:7d:98:72:02:e4:12:e3:92:d7:2a:41:b0:3a:ad:cd:1b:f9:
         e1:56:c0:ae:ac:a8:fa:b2:da:62:66:e6:53:50:41:14:5d:c1:
         99:85:24:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1neSueApES+08Tzyl92CFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDA3MTAyNDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTgxOTQwN2Q0YTBmZWU2NjM4MWZhODdmZTA0YjgwZDAyYWM4ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkim5ns4U0MgZ+DpnVai36me+f4/
U2zyoNSdjmRKZ1Ajeq//3pPv9Dxg01HWefLwcwOjtS50pQrTFC+JKKzHZlYAMlD/
T7+QF8T0IUPMnieN9YpbJjuE0ldmFJHvLhGReZv3KSQ+ZhBTBcw/58jVXbZrNfcY
JlpY9E5pJPn+yQXRxqDTbdJYQjY6akHrYwyILwnkN9w8uV/imcutJM3fLtV4JvGS
lfbvt0JC6B7em8DhH61iJGim+8jAEXESQAFdgzDlR71weHdZrzTLzLMTnNDO1Smg
aDH5fwnn1O/P9rNlG6wiT4FLH/tu4BibLN2nJK2e0Njpn1D90MK01ccWnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWBlAfUoP7mY4H6h/4EuA0CrI9dMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOVlHVUI5U2dfdVpqZ2ZxSF9nUzREUUtzajEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dIjMA0G
CSqGSIb3DQEBCwUAA4IBAQCMFuWcMF07mlpgz5zqXisTvJjqpCPAR33jSXKr2uzJ
vVMWb4QrsAHXHXEyMrIkJw/5ULYJ4ByxnKZwQnIk1FINI0Z1I76uVIntLKgo0VNw
enMSBvs/3+h2QwSeo7HnFaHtYeVO8F8y9VyutyozCQtZHL6MouD7AZjAEon4+l++
EgSdenqqhu360+I0fH1BWX7lwrKJ+x9AOFBOOoxQfjdxdtW+J6JVjwgH5qUVZptO
r2qNFGQmyKMSoMxzTiHR5Q/4Ue5pIwny2JEtYPfYLbqooygJhymF6ObWfZhyAuQS
45LXKkGwOq3NG/nhVsCurKj6stpiZuZTUEEUXcGZhSQY
-----END CERTIFICATE-----