Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MLRDRsaXA5NCELkkokJC737Mrd4.roa
File:                     MLRDRsaXA5NCELkkokJC737Mrd4.roa (raw, json)
Hash identifier:          dI6SbyLJ6XTnO05A9n4JebtPxVfmzsB2X1y2gkea7/I=
Subject key identifier:   30:B4:43:46:C6:97:03:93:42:10:B9:24:A2:42:42:EF:7E:CC:AD:DE
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019DB7374CA1D79F498710891C93B7973580
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MLRDRsaXA5NCELkkokJC737Mrd4.roa
Signing time:             Wed 22 Apr 2026 22:02:27 +0000
ROA not before:           Wed 22 Apr 2026 22:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198997
IP address blocks:        5.175.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b7:37:4c:a1:d7:9f:49:87:10:89:1c:93:b7:97:35:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 22 22:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30b44346c69703934210b924a24242ef7eccadde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5a:9d:b5:dd:af:0d:ae:73:74:17:73:60:89:
                    4c:c5:29:a7:38:24:50:6f:9a:9f:b8:a4:af:83:85:
                    1b:ea:2e:6b:e5:22:42:82:41:69:d9:89:84:99:28:
                    5f:eb:29:eb:5b:bb:87:56:dd:ab:4f:8f:ec:e7:37:
                    10:18:30:69:91:42:06:1a:36:7c:25:21:6a:a1:0a:
                    f1:5b:45:4e:9a:d7:d3:10:da:3b:86:05:47:ff:6e:
                    a7:03:81:03:66:90:70:86:18:e6:5d:89:7c:bb:46:
                    19:82:ec:00:4f:ba:2c:d7:c5:fa:00:1c:02:8c:15:
                    62:0c:48:c0:99:ba:bc:fe:8a:2e:7a:97:98:60:5b:
                    99:5c:22:2a:95:11:7c:f5:f4:9d:09:0c:2f:0d:f7:
                    41:9b:3f:c9:7d:87:4a:10:2e:7e:1a:d4:f8:4e:fd:
                    62:ca:80:2a:fc:20:25:80:7e:bb:bd:0b:82:98:13:
                    8d:38:b0:88:59:70:4d:c9:f0:63:67:4d:b9:61:8e:
                    69:1c:c2:5f:fa:e1:01:ca:71:75:27:e0:fe:b6:be:
                    6d:ac:8e:65:1b:ee:a4:fe:0f:0f:da:00:8e:69:18:
                    c4:ee:62:74:63:d6:14:f4:61:2e:d3:b8:9a:fd:cf:
                    5a:38:6d:3f:11:8e:cd:50:f2:62:2b:c1:98:02:8b:
                    d0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:B4:43:46:C6:97:03:93:42:10:B9:24:A2:42:42:EF:7E:CC:AD:DE
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MLRDRsaXA5NCELkkokJC737Mrd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:50:01:24:ba:c3:e8:d4:aa:f6:1b:49:83:c7:5e:e6:a3:b8:
         77:c5:d8:0b:f0:eb:f5:35:39:33:f3:e1:c8:75:d7:4b:3c:5a:
         76:ba:a6:f8:f5:5a:70:6e:48:d6:51:9d:a0:86:3f:74:29:a5:
         03:53:9f:98:00:24:56:d8:4f:9a:91:4b:9f:66:4a:6e:ff:83:
         ce:e6:06:de:ca:f7:ca:ef:8d:1a:3a:3a:67:fb:6c:6c:16:31:
         e5:48:d7:24:02:c0:4b:ed:c6:d2:c7:c8:a1:cc:f2:35:d0:ff:
         4c:42:30:c9:32:e9:e2:65:e4:62:20:ff:9b:67:b4:49:2a:8b:
         cc:55:ce:cf:42:bf:63:f8:7c:fb:90:d5:58:3d:ca:d4:b6:e2:
         5a:e3:0d:2c:e1:71:3c:cb:be:db:a9:f8:b0:6e:4d:a5:b9:9d:
         4e:44:a4:8a:bd:eb:f0:d7:a7:02:32:e0:eb:92:c0:a6:84:0f:
         38:f9:be:35:47:2b:9e:40:02:04:c5:7b:f9:40:ab:9b:f0:1f:
         b0:78:ad:78:46:5a:03:42:5d:fa:c7:99:aa:e0:ce:26:42:d9:
         06:ec:0c:ac:a5:02:97:44:ce:bb:8f:6a:b5:8f:07:60:f6:4d:
         51:de:a8:ee:2a:bf:3f:f6:48:22:e7:c7:45:0d:e7:6d:92:59:
         4e:5a:f7:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ23N0yh159JhxCJHJO3lzWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDIyMjIwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGI0NDM0NmM2OTcwMzkzNDIxMGI5MjRhMjQyNDJlZjdlY2NhZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVqdtd2vDa5zdBdzYIlMxSmnOCRQ
b5qfuKSvg4Ub6i5r5SJCgkFp2YmEmShf6ynrW7uHVt2rT4/s5zcQGDBpkUIGGjZ8
JSFqoQrxW0VOmtfTENo7hgVH/26nA4EDZpBwhhjmXYl8u0YZguwAT7os18X6ABwC
jBViDEjAmbq8/oouepeYYFuZXCIqlRF89fSdCQwvDfdBmz/JfYdKEC5+GtT4Tv1i
yoAq/CAlgH67vQuCmBONOLCIWXBNyfBjZ025YY5pHMJf+uEBynF1J+D+tr5trI5l
G+6k/g8P2gCOaRjE7mJ0Y9YU9GEu07ia/c9aOG0/EY7NUPJiK8GYAovQWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDC0Q0bGlwOTQhC5JKJCQu9+zK3eMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvTUxSRFJzYVhBNU5DRUxra29rSkM3MzdNcmQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/2MA0G
CSqGSIb3DQEBCwUAA4IBAQDWUAEkusPo1Kr2G0mDx17mo7h3xdgL8Ov1NTkz8+HI
dddLPFp2uqb49VpwbkjWUZ2ghj90KaUDU5+YACRW2E+akUufZkpu/4PO5gbeyvfK
740aOjpn+2xsFjHlSNckAsBL7cbSx8ihzPI10P9MQjDJMuniZeRiIP+bZ7RJKovM
Vc7PQr9j+Hz7kNVYPcrUtuJa4w0s4XE8y77bqfiwbk2luZ1ORKSKvevw16cCMuDr
ksCmhA84+b41RyueQAIExXv5QKub8B+weK14RloDQl36x5mq4M4mQtkG7AyspQKX
RM67j2q1jwdg9k1R3qjuKr8/9kgi58dFDedtkllOWvfh
-----END CERTIFICATE-----