Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/c_ipu6XD1-KiTHJqICy8PpGCt38.roa
File:                     c_ipu6XD1-KiTHJqICy8PpGCt38.roa (raw, json)
Hash identifier:          SMGj00A6ls7zDZlRXm4CoQW6UioH+JZ41dVcVN35QAw=
Subject key identifier:   73:F8:A9:BB:A5:C3:D7:E2:A2:4C:72:6A:20:2C:BC:3E:91:82:B7:7F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E2ACB755ECB09B9847677653889980746
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/c_ipu6XD1-KiTHJqICy8PpGCt38.roa
Signing time:             Fri 15 May 2026 08:40:37 +0000
ROA not before:           Fri 15 May 2026 08:40:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13537
IP address blocks:        213.210.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2a:cb:75:5e:cb:09:b9:84:76:77:65:38:89:98:07:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 15 08:40:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73f8a9bba5c3d7e2a24c726a202cbc3e9182b77f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6a:c7:8c:4e:9d:80:0c:f5:b1:b8:04:75:eb:
                    91:ab:9d:cd:02:d3:57:70:38:d3:e5:f5:0f:f4:94:
                    b2:05:e9:78:af:0f:f1:77:d7:14:21:9c:13:f3:fe:
                    a5:cc:63:54:7f:ee:80:21:db:a6:cb:44:cc:c4:dc:
                    d4:99:f0:3f:ae:f4:eb:28:a3:06:7c:32:c5:d8:3a:
                    dc:f0:3f:08:74:fd:af:11:73:0b:01:4a:35:55:47:
                    f2:e7:57:1f:aa:96:fc:22:f4:d9:7e:fa:31:27:4d:
                    97:e1:a4:99:b3:bd:ad:18:55:a2:75:39:7b:08:47:
                    a3:96:b3:49:d1:13:fa:a9:54:70:8a:ac:ca:94:5b:
                    dd:a2:f8:14:d4:99:8b:48:1f:97:00:81:12:6c:b0:
                    1b:6b:b5:ce:95:bd:b2:39:dd:2f:f4:25:b8:44:b1:
                    fb:04:62:9f:15:20:13:5c:11:e9:17:76:a1:c1:84:
                    7e:6f:71:83:16:4c:3f:3c:b3:4c:3b:59:f1:d5:a2:
                    c3:fe:fc:c9:19:24:77:dc:b8:e4:77:31:66:52:31:
                    ba:d3:fc:f4:95:8b:b0:5f:87:1b:3d:f5:48:95:e8:
                    80:bc:0a:4c:97:ea:99:18:c1:0d:ce:61:81:5c:c5:
                    c1:e9:05:56:d2:08:aa:96:a4:f9:63:d5:ab:f5:86:
                    c2:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:F8:A9:BB:A5:C3:D7:E2:A2:4C:72:6A:20:2C:BC:3E:91:82:B7:7F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/c_ipu6XD1-KiTHJqICy8PpGCt38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:6f:8f:ff:16:47:e1:df:6c:3f:d0:46:21:f8:fe:3e:a2:f0:
         36:bc:86:86:52:92:a7:39:f9:5e:28:fa:32:40:9f:53:0b:08:
         b8:56:c9:a0:43:06:81:d2:74:85:bb:ae:6b:1e:e1:b1:1b:58:
         1b:76:b6:4a:bf:fc:e2:9f:87:c9:f3:ba:1d:3e:4f:11:bd:da:
         49:1b:25:4b:6a:68:8c:5f:fb:a1:fb:2a:03:7c:00:84:85:fa:
         5f:5a:50:92:0e:6f:41:d3:77:46:8d:41:1a:c9:65:1f:60:d2:
         0b:67:5a:b8:55:6d:2e:0a:0c:85:ca:0b:62:57:44:50:27:4b:
         4a:1e:e0:a2:fc:39:40:39:da:ed:2c:51:ba:88:5b:9a:ab:a5:
         63:9f:43:1b:95:a1:59:d2:f8:fd:b5:7e:53:7c:6b:e8:f7:61:
         71:82:e8:7d:3e:ce:87:26:82:76:b5:a0:bf:20:41:6b:2f:a9:
         c3:34:2f:87:13:ba:6e:5c:8d:7b:7d:39:62:56:7d:cc:94:06:
         05:9d:c8:35:3a:72:7c:81:b6:50:22:d7:e6:40:14:d6:91:cd:
         86:dc:4a:90:6c:06:e8:c5:1e:9c:08:8c:8d:94:9c:1b:21:9a:
         9d:98:a8:ab:ce:85:ba:c2:03:72:eb:84:47:dc:5d:c6:45:31:
         f0:42:6d:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4qy3Veywm5hHZ3ZTiJmAdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTE1MDg0MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2Y4YTliYmE1YzNkN2UyYTI0YzcyNmEyMDJjYmMzZTkxODJiNzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WrHjE6dgAz1sbgEdeuRq53NAtNX
cDjT5fUP9JSyBel4rw/xd9cUIZwT8/6lzGNUf+6AIdumy0TMxNzUmfA/rvTrKKMG
fDLF2Drc8D8IdP2vEXMLAUo1VUfy51cfqpb8IvTZfvoxJ02X4aSZs72tGFWidTl7
CEejlrNJ0RP6qVRwiqzKlFvdovgU1JmLSB+XAIESbLAba7XOlb2yOd0v9CW4RLH7
BGKfFSATXBHpF3ahwYR+b3GDFkw/PLNMO1nx1aLD/vzJGSR33LjkdzFmUjG60/z0
lYuwX4cbPfVIleiAvApMl+qZGMENzmGBXMXB6QVW0giqlqT5Y9Wr9YbCzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHP4qbulw9fiokxyaiAsvD6Rgrd/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY19pcHU2WEQxLUtpVEhKcUlDeThQcEdDdDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dI1MA0G
CSqGSIb3DQEBCwUAA4IBAQCZb4//Fkfh32w/0EYh+P4+ovA2vIaGUpKnOfleKPoy
QJ9TCwi4VsmgQwaB0nSFu65rHuGxG1gbdrZKv/zin4fJ87odPk8RvdpJGyVLamiM
X/uh+yoDfACEhfpfWlCSDm9B03dGjUEayWUfYNILZ1q4VW0uCgyFygtiV0RQJ0tK
HuCi/DlAOdrtLFG6iFuaq6Vjn0MblaFZ0vj9tX5TfGvo92Fxguh9Ps6HJoJ2taC/
IEFrL6nDNC+HE7puXI17fTliVn3MlAYFncg1OnJ8gbZQItfmQBTWkc2G3EqQbAbo
xR6cCIyNlJwbIZqdmKirzoW6wgNy64RH3F3GRTHwQm2G
-----END CERTIFICATE-----