Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-fgkW2HSayL4-O4ivz4KjEYw1mQ.roa
File:                     1-fgkW2HSayL4-O4ivz4KjEYw1mQ.roa (raw, json)
Hash identifier:          Z52m57zwpLGf5MRwqZr43hpBwzl27ze+r8RHo2kFN08=
Subject key identifier:   F9:F8:24:5B:61:D2:6B:22:F8:F8:EE:22:BF:3E:0A:8C:46:30:D6:64
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D20A8B210A361E4159A8514CC5F9401C8
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-fgkW2HSayL4-O4ivz4KjEYw1mQ.roa
Signing time:             Tue 24 Mar 2026 16:23:39 +0000
ROA not before:           Tue 24 Mar 2026 16:23:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24875
IP address blocks:        5.231.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:51:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:a8:b2:10:a3:61:e4:15:9a:85:14:cc:5f:94:01:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar 24 16:23:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9f8245b61d26b22f8f8ee22bf3e0a8c4630d664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e9:3d:5f:fa:5a:9a:35:6d:02:0f:88:07:4d:
                    f3:16:69:3a:9a:26:e7:c4:86:a2:1b:07:bb:22:01:
                    f4:37:b2:89:16:55:be:05:4b:48:ae:2c:4e:54:b8:
                    d3:6d:59:3c:56:ee:b3:30:da:e6:5c:2e:a9:68:0e:
                    c7:d0:3f:2a:bd:9f:68:b3:0d:23:e9:c6:be:f2:fb:
                    17:f0:a3:99:e5:d0:56:9e:cb:28:25:f4:07:0e:f2:
                    e8:fa:2c:73:27:ab:b6:15:5d:86:d4:ae:16:53:ae:
                    fe:b7:f3:c5:b6:3e:e0:af:9c:80:ce:97:8f:5a:3c:
                    6d:35:d5:be:11:1c:ac:db:bb:0f:4c:4f:a1:0c:f0:
                    a3:59:06:55:d7:56:7f:5c:7b:29:31:5f:ad:55:ba:
                    24:36:0f:0d:6b:1b:a9:77:e4:60:5c:cf:14:68:28:
                    76:af:e1:33:33:a3:25:f8:7b:ce:c4:44:8a:30:d3:
                    11:37:64:be:b0:82:79:dd:8a:48:ea:fd:b2:c1:e4:
                    0f:c8:fe:42:f7:51:42:43:75:0a:c5:b3:3d:9b:3a:
                    0a:a8:35:8a:d9:fe:f1:42:94:fc:ca:d6:1e:9b:dc:
                    70:68:f8:ca:ba:93:ec:1b:18:78:c6:f3:31:4e:f6:
                    06:6c:57:a7:5d:e2:59:b7:f7:46:35:81:e7:d7:20:
                    8d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F8:24:5B:61:D2:6B:22:F8:F8:EE:22:BF:3E:0A:8C:46:30:D6:64
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-fgkW2HSayL4-O4ivz4KjEYw1mQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:66:49:b2:b4:c5:5e:64:8b:c9:87:aa:b7:c2:ec:c1:e6:f3:
         d4:74:68:1f:c4:43:df:d5:77:bb:20:68:7e:9a:2b:e7:07:c1:
         1e:fd:ca:ae:b0:d7:55:a9:e7:bc:c0:00:e0:60:c5:60:3d:ec:
         3f:1a:68:68:58:29:ab:a5:54:26:0f:54:3e:fe:8d:47:51:5d:
         07:15:58:bd:96:eb:13:cc:78:3a:f7:29:f6:6b:36:4e:8c:8d:
         a8:2c:ab:97:a5:b8:95:03:ad:69:20:d9:05:d6:23:cd:0d:44:
         66:5e:a9:8a:a9:4e:93:36:6f:94:7a:97:de:55:eb:21:1a:5f:
         aa:05:0e:7d:a1:57:7c:02:1c:30:71:4b:0c:b6:f4:86:9e:3c:
         22:2a:1e:1b:8e:bd:dd:3a:52:cd:d3:cc:eb:26:ee:8c:81:2d:
         02:29:91:33:b0:8c:cf:da:03:2c:c4:e1:e8:d3:a5:f5:77:f3:
         00:e8:91:92:d4:d5:63:35:23:f8:3f:a6:47:4f:87:12:6f:51:
         c3:47:31:1f:6c:98:78:6e:45:43:7e:1b:5d:8a:28:bb:67:22:
         8e:22:40:77:3d:0d:36:86:8e:b7:ce:88:45:4f:fd:f4:ea:e9:
         f7:a2:22:d1:03:9d:98:78:c7:ff:05:56:a2:19:7e:a7:bf:41:
         19:71:ba:31
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0gqLIQo2HkFZqFFMxflAHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMzI0MTYyMzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWY4MjQ1YjYxZDI2YjIyZjhmOGVlMjJiZjNlMGE4YzQ2MzBkNjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArek9X/pamjVtAg+IB03zFmk6mibn
xIaiGwe7IgH0N7KJFlW+BUtIrixOVLjTbVk8Vu6zMNrmXC6paA7H0D8qvZ9osw0j
6ca+8vsX8KOZ5dBWnssoJfQHDvLo+ixzJ6u2FV2G1K4WU67+t/PFtj7gr5yAzpeP
WjxtNdW+ERys27sPTE+hDPCjWQZV11Z/XHspMV+tVbokNg8Naxupd+RgXM8UaCh2
r+EzM6Ml+HvOxESKMNMRN2S+sIJ53YpI6v2yweQPyP5C91FCQ3UKxbM9mzoKqDWK
2f7xQpT8ytYem9xwaPjKupPsGxh4xvMxTvYGbFenXeJZt/dGNYHn1yCN+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn4JFth0msi+PjuIr8+CoxGMNZkMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMS1mZ2tXMkhTYXlMNC1PNGl2ejRLakVZdzFtUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTAvOTY1ODM3LTUyY2ItNDZiNC1hZWRiLWUxYmQ4OGQzZmQw
Ny8xL1BtQ1hhWWFHNFZWZlVmYklnN3hhV0ZTYkkySS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXnOjAN
BgkqhkiG9w0BAQsFAAOCAQEAC2ZJsrTFXmSLyYeqt8Lswebz1HRoH8RD39V3uyBo
fpor5wfBHv3KrrDXVannvMAA4GDFYD3sPxpoaFgpq6VUJg9UPv6NR1FdBxVYvZbr
E8x4Ovcp9ms2ToyNqCyrl6W4lQOtaSDZBdYjzQ1EZl6piqlOkzZvlHqX3lXrIRpf
qgUOfaFXfAIcMHFLDLb0hp48IioeG4693TpSzdPM6ybujIEtAimRM7CMz9oDLMTh
6NOl9XfzAOiRktTVYzUj+D+mR0+HEm9Rw0cxH2yYeG5FQ34bXYoou2cijiJAdz0N
NoaOt86IRU/99Orp96Ii0QOdmHjH/wVWohl+p79BGXG6MQ==
-----END CERTIFICATE-----