Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QxtpRCe9QfeR7Y_WZ464GOgjuek.roa
File:                     QxtpRCe9QfeR7Y_WZ464GOgjuek.roa (raw, json)
Hash identifier:          GZlqL0VCiz7OpNx6FtPt05gzsMePxfySgbxVYEDviNs=
Subject key identifier:   43:1B:69:44:27:BD:41:F7:91:ED:8F:D6:67:8E:B8:18:E8:23:B9:E9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0195ADFA32AB8BF58C6AFB1BD2A6830350C5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QxtpRCe9QfeR7Y_WZ464GOgjuek.roa
Signing time:             Wed 19 Mar 2025 10:36:50 +0000
ROA not before:           Wed 19 Mar 2025 10:36:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200131
IP address blocks:        213.210.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ad:fa:32:ab:8b:f5:8c:6a:fb:1b:d2:a6:83:03:50:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 19 10:36:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=431b694427bd41f791ed8fd6678eb818e823b9e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:05:b4:e9:95:2e:d9:44:3e:ca:e1:82:af:d4:
                    09:3e:e4:b9:ce:e7:95:26:7a:95:72:08:67:75:9b:
                    63:3f:b8:9f:ef:17:f9:df:86:b4:bc:23:ce:d5:27:
                    de:4c:e5:28:31:31:5b:46:9b:43:b3:4a:6b:b0:f2:
                    51:99:eb:fa:37:2d:b2:8f:79:3d:62:2d:20:96:79:
                    00:7b:9c:17:9e:e5:24:dc:9c:13:74:96:9b:5b:36:
                    25:6c:aa:0f:58:b0:02:b3:8b:93:f5:dd:80:2d:9d:
                    1a:36:4a:58:4b:aa:c3:00:3f:9f:09:85:3c:8e:03:
                    4b:73:58:1b:39:76:7a:3c:b9:d0:a8:69:67:23:10:
                    8d:ba:b3:ad:f6:d4:ff:8e:e8:2a:65:72:21:bf:5c:
                    e6:4b:af:e0:08:a4:a0:b8:18:74:43:83:5a:2b:56:
                    a9:df:c2:e3:2c:5a:26:27:a1:7b:cc:ae:98:ba:59:
                    83:d5:0a:9a:1f:60:b9:36:33:66:d1:9c:b4:7b:5f:
                    39:87:65:18:7b:17:41:09:3f:cc:c5:92:ea:e1:60:
                    69:cc:a1:34:21:50:7d:50:ba:37:92:8a:15:d0:9f:
                    c9:5c:7c:06:d3:d5:39:14:2e:86:1a:8b:48:fa:46:
                    8e:43:df:f6:66:95:b7:c7:8b:a0:d2:26:28:61:22:
                    b7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:1B:69:44:27:BD:41:F7:91:ED:8F:D6:67:8E:B8:18:E8:23:B9:E9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QxtpRCe9QfeR7Y_WZ464GOgjuek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:ea:9b:ac:6d:2d:f2:53:5e:cf:d5:d4:30:71:c1:c4:9f:7c:
         d2:f0:b0:a3:55:bd:f2:91:34:72:5d:15:5c:08:74:e8:70:a2:
         7c:56:bc:7b:9d:b1:22:0f:2e:7f:d4:33:81:fd:d1:53:b9:5a:
         76:63:3f:ec:53:d7:da:a9:12:0a:db:04:d7:3b:63:4d:b6:ec:
         42:52:1b:2a:35:d6:4b:54:bb:bf:8a:fb:14:68:02:ad:94:a8:
         d2:ef:0d:7c:ff:70:af:9c:1f:5d:7e:2f:a9:ce:11:b0:85:a4:
         4e:95:a7:a5:3d:71:36:f2:7f:32:e9:ad:f0:39:58:b3:f7:1d:
         90:ea:d4:df:3b:e8:b2:59:2c:ca:3b:4f:31:72:b3:3d:ad:03:
         a2:63:f8:a6:40:80:db:0c:b7:eb:ff:ab:8d:b1:1c:a8:60:65:
         31:49:6a:46:ac:4e:a9:58:9c:ed:c4:7f:d1:62:b5:98:bf:ab:
         05:5e:d9:6d:1d:c6:b8:14:75:22:94:8b:a1:93:25:24:91:72:
         86:fa:6f:08:51:1b:14:54:dd:73:4c:71:42:6c:1e:78:ff:96:
         12:84:73:b7:39:a1:5a:91:08:9d:9e:47:31:65:27:a7:40:50:
         49:d6:8f:e8:33:e1:ed:da:14:76:79:fb:d0:c6:0a:55:14:7f:
         ac:41:49:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWt+jKri/WMavsb0qaDA1DFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMzE5MTAzNjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzFiNjk0NDI3YmQ0MWY3OTFlZDhmZDY2NzhlYjgxOGU4MjNiOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgW06ZUu2UQ+yuGCr9QJPuS5zueV
JnqVcghndZtjP7if7xf534a0vCPO1SfeTOUoMTFbRptDs0prsPJRmev6Ny2yj3k9
Yi0glnkAe5wXnuUk3JwTdJabWzYlbKoPWLACs4uT9d2ALZ0aNkpYS6rDAD+fCYU8
jgNLc1gbOXZ6PLnQqGlnIxCNurOt9tT/jugqZXIhv1zmS6/gCKSguBh0Q4NaK1ap
38LjLFomJ6F7zK6YulmD1QqaH2C5NjNm0Zy0e185h2UYexdBCT/MxZLq4WBpzKE0
IVB9ULo3kooV0J/JXHwG09U5FC6GGotI+kaOQ9/2ZpW3x4ug0iYoYSK38wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMbaUQnvUH3ke2P1meOuBjoI7npMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUXh0cFJDZTlRZmVSN1lfV1o0NjRHT2dqdWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dIoMA0G
CSqGSIb3DQEBCwUAA4IBAQCh6pusbS3yU17P1dQwccHEn3zS8LCjVb3ykTRyXRVc
CHTocKJ8Vrx7nbEiDy5/1DOB/dFTuVp2Yz/sU9faqRIK2wTXO2NNtuxCUhsqNdZL
VLu/ivsUaAKtlKjS7w18/3CvnB9dfi+pzhGwhaROlaelPXE28n8y6a3wOViz9x2Q
6tTfO+iyWSzKO08xcrM9rQOiY/imQIDbDLfr/6uNsRyoYGUxSWpGrE6pWJztxH/R
YrWYv6sFXtltHca4FHUilIuhkyUkkXKG+m8IURsUVN1zTHFCbB54/5YShHO3OaFa
kQidnkcxZSenQFBJ1o/oM+Ht2hR2efvQxgpVFH+sQUl+
-----END CERTIFICATE-----