Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/L7m61v5Oit8FTok1RoiyzTFnq7o.roa
File:                     L7m61v5Oit8FTok1RoiyzTFnq7o.roa (raw, json)
Hash identifier:          P1Aj4D3KqbneoJ6379+M7ExwE46oUhWnudNKLTSPhPE=
Subject key identifier:   2F:B9:BA:D6:FE:4E:8A:DF:05:4E:89:35:46:88:B2:CD:31:67:AB:BA
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D23607F6C4D7537A3B34B87C457F6733B
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/L7m61v5Oit8FTok1RoiyzTFnq7o.roa
Signing time:             Wed 25 Mar 2026 05:03:39 +0000
ROA not before:           Wed 25 Mar 2026 05:03:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19318
IP address blocks:        5.175.218.0/24 maxlen: 24
                          5.175.219.0/24 maxlen: 24
                          5.231.41.0/24 maxlen: 24
                          5.231.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:23:60:7f:6c:4d:75:37:a3:b3:4b:87:c4:57:f6:73:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar 25 05:03:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2fb9bad6fe4e8adf054e89354688b2cd3167abba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:30:cf:cd:b4:65:a3:4c:a8:1e:dd:7e:87:9b:
                    2f:e7:75:78:cd:4a:18:77:68:29:78:81:a8:2d:b5:
                    03:a3:19:9c:76:05:b9:94:41:84:4c:2b:b8:f6:6b:
                    c5:a8:94:15:a7:bd:d7:03:cf:dc:45:5f:76:18:e5:
                    87:92:3c:cc:d9:5f:b6:e4:38:33:e3:51:c9:33:36:
                    d4:d9:35:7c:46:c6:d8:21:4f:b9:48:4b:bd:cd:ac:
                    e5:62:4e:98:e4:6b:a1:32:d8:07:64:de:55:5a:ad:
                    93:5c:82:e7:38:02:ab:dd:8c:28:a7:27:9e:d0:08:
                    ab:04:6c:f0:cc:e3:05:a1:09:77:77:47:96:79:3c:
                    f5:b8:be:0b:cb:5f:c1:1e:2d:10:60:35:67:ce:52:
                    f1:79:67:d7:6e:68:bc:da:c1:96:b4:7f:f3:e7:44:
                    96:aa:d1:50:6b:9e:c9:2b:09:96:8c:d2:3d:e1:90:
                    3d:1d:41:58:bd:80:ff:b4:fb:a2:c4:0d:71:aa:5c:
                    06:49:9d:1a:3a:f7:97:55:d8:b5:c8:6f:a4:26:34:
                    0c:e4:06:39:d0:7b:24:04:6d:72:5c:5b:07:15:80:
                    15:b9:61:29:13:ba:41:12:63:3a:75:00:ba:96:a8:
                    94:b8:6a:20:dd:03:6b:b6:bb:40:1b:67:8a:57:3c:
                    d1:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B9:BA:D6:FE:4E:8A:DF:05:4E:89:35:46:88:B2:CD:31:67:AB:BA
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/L7m61v5Oit8FTok1RoiyzTFnq7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.218.0/23
                  5.231.41.0/24
                  5.231.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:84:70:d6:48:04:28:85:09:d5:e9:fd:22:80:ed:8b:df:20:
         a9:f2:e2:bf:b9:58:2e:53:09:7c:97:1d:50:e6:f1:66:4c:43:
         b2:13:97:ab:ee:93:d8:2f:da:d4:b7:1e:20:17:f4:5c:04:8c:
         c2:8a:02:7d:82:e1:ab:7d:bb:ef:ac:d5:a9:22:f1:54:a0:80:
         9d:46:da:c0:db:b6:f4:e9:f8:20:75:8e:97:b9:4e:40:78:5d:
         aa:d8:24:ee:b3:24:c1:2b:80:8e:36:2e:cd:13:25:43:7d:dc:
         99:b5:9b:f1:bc:59:83:cf:a2:72:cf:a0:c2:6c:a6:ac:09:04:
         ea:4b:87:3c:31:d1:08:93:cd:b4:1c:e2:fd:69:93:ad:75:4b:
         51:51:07:1e:22:41:2d:61:0d:7f:07:ab:1e:5c:00:0c:60:83:
         a7:b8:4d:04:18:da:d4:57:af:b1:23:50:11:e7:15:c3:90:6a:
         b4:2c:19:86:21:7a:43:71:ea:cf:51:8a:2d:44:cf:b3:7f:1e:
         40:2e:8b:a5:ae:15:9b:8a:76:bc:55:e2:1a:af:80:49:8a:75:
         35:04:c7:05:75:f3:5c:0a:ef:7e:bc:d3:86:ac:2c:77:22:ac:
         ca:1f:82:0a:2a:ea:59:a8:0a:70:9c:eb:01:b3:b8:9f:06:9d:
         f6:8f:cc:f6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0jYH9sTXU3o7NLh8RX9nM7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMzI1MDUwMzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmI5YmFkNmZlNGU4YWRmMDU0ZTg5MzU0Njg4YjJjZDMxNjdhYmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDDPzbRlo0yoHt1+h5sv53V4zUoY
d2gpeIGoLbUDoxmcdgW5lEGETCu49mvFqJQVp73XA8/cRV92GOWHkjzM2V+25Dgz
41HJMzbU2TV8RsbYIU+5SEu9zazlYk6Y5GuhMtgHZN5VWq2TXILnOAKr3Ywopyee
0AirBGzwzOMFoQl3d0eWeTz1uL4Ly1/BHi0QYDVnzlLxeWfXbmi82sGWtH/z50SW
qtFQa57JKwmWjNI94ZA9HUFYvYD/tPuixA1xqlwGSZ0aOveXVdi1yG+kJjQM5AY5
0HskBG1yXFsHFYAVuWEpE7pBEmM6dQC6lqiUuGog3QNrtrtAG2eKVzzRqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC+5utb+TorfBU6JNUaIss0xZ6u6MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvTDdtNjF2NU9pdDhGVG9rMVJvaXl6VEZucTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBBa/aAwQA
BecpAwQABefwMA0GCSqGSIb3DQEBCwUAA4IBAQAQhHDWSAQohQnV6f0igO2L3yCp
8uK/uVguUwl8lx1Q5vFmTEOyE5er7pPYL9rUtx4gF/RcBIzCigJ9guGrfbvvrNWp
IvFUoICdRtrA27b06fggdY6XuU5AeF2q2CTusyTBK4CONi7NEyVDfdyZtZvxvFmD
z6Jyz6DCbKasCQTqS4c8MdEIk820HOL9aZOtdUtRUQceIkEtYQ1/B6seXAAMYIOn
uE0EGNrUV6+xI1AR5xXDkGq0LBmGIXpDcerPUYotRM+zfx5ALoulrhWbina8VeIa
r4BJinU1BMcFdfNcCu9+vNOGrCx3IqzKH4IKKupZqApwnOsBs7ifBp32j8z2
-----END CERTIFICATE-----