Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/XNBU30T_3OO9l7YfL7Uh8eqmlFg.roa
File:                     XNBU30T_3OO9l7YfL7Uh8eqmlFg.roa (raw, json)
Hash identifier:          y7aN4GofidSEQwiM3qdZH87IwkozVtCw2mprLpZn5OI=
Subject key identifier:   5C:D0:54:DF:44:FF:DC:E3:BD:97:B6:1F:2F:B5:21:F1:EA:A6:94:58
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D1EDC9DEFD16343FC67FBA3B401B04C48
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/XNBU30T_3OO9l7YfL7Uh8eqmlFg.roa
Signing time:             Tue 24 Mar 2026 08:01:07 +0000
ROA not before:           Tue 24 Mar 2026 08:01:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204464
IP address blocks:        5.175.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1e:dc:9d:ef:d1:63:43:fc:67:fb:a3:b4:01:b0:4c:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar 24 08:01:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5cd054df44ffdce3bd97b61f2fb521f1eaa69458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:63:ee:1b:db:70:a6:1e:07:bb:ff:f5:91:19:
                    3d:61:69:14:a0:56:fd:bf:d9:c2:ea:1f:24:38:f5:
                    c6:d2:cc:d9:12:75:7b:23:4d:51:20:11:3b:7f:9e:
                    88:c3:ca:03:92:04:ad:74:b9:f6:b3:47:93:25:f3:
                    86:7f:1e:05:6d:b8:d2:61:7d:0a:fb:6f:30:a7:d6:
                    50:ce:5a:7c:3a:a0:7b:19:aa:4a:84:a5:99:ed:eb:
                    ec:6c:b7:9f:01:8d:28:fe:5b:fb:38:64:06:1e:f3:
                    a5:ee:a9:25:f5:09:2d:e1:ee:48:df:69:bf:a9:6a:
                    d6:8c:46:bc:5a:ff:6e:17:0e:13:9f:cd:25:16:6f:
                    57:fe:ba:cb:e3:ad:67:93:df:3f:d1:5c:2c:5b:3d:
                    fa:5d:c6:04:b3:81:a8:05:9b:5f:24:7d:50:2a:b3:
                    02:99:1a:2b:58:ef:38:f2:11:30:82:ab:01:77:94:
                    dd:d4:5f:65:11:12:ec:38:e0:0f:97:45:ba:d6:ea:
                    15:1b:93:65:f4:c3:48:cd:8d:35:72:da:ba:ce:bf:
                    aa:f0:dd:ae:0c:8c:ad:60:ed:6a:27:d4:2f:45:03:
                    6c:45:e6:83:75:75:00:0a:7c:94:ae:60:94:78:30:
                    5f:d0:20:cb:bf:b3:c3:cf:bc:b2:9f:44:3a:d2:9b:
                    de:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D0:54:DF:44:FF:DC:E3:BD:97:B6:1F:2F:B5:21:F1:EA:A6:94:58
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/XNBU30T_3OO9l7YfL7Uh8eqmlFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:15:e0:00:b8:a5:8d:44:fe:9e:8d:56:f6:da:bc:ac:4a:7c:
         e1:ea:58:ea:ed:09:1b:e9:4e:d9:a1:dc:5c:99:79:f3:4b:19:
         8a:6c:f9:7f:53:ee:2d:c2:ab:b3:6c:d1:84:a1:f6:11:c6:c6:
         64:f9:05:ac:5f:ff:e9:c0:c0:d7:ab:6d:02:13:55:74:f3:13:
         35:c1:5c:f9:c6:b7:fd:b9:6b:14:65:31:9c:c0:9e:7a:d0:f3:
         01:22:29:91:84:20:e6:a0:93:9a:01:16:3d:4a:84:5b:5b:63:
         0f:2b:ee:ae:6c:c5:d0:50:ab:f3:02:db:86:01:b9:b3:98:20:
         2a:2a:c1:09:89:73:5e:f2:c3:8d:0d:e4:7d:1d:2b:67:b6:6d:
         bd:7d:29:0b:87:4d:c8:16:31:a0:6d:07:56:55:42:b1:d2:f8:
         56:6d:c0:fc:c8:be:a9:7d:36:af:23:eb:42:e5:f9:7c:62:ed:
         7d:3d:75:40:ce:60:91:db:8b:7a:01:9d:ad:fe:43:57:66:3f:
         c0:ba:24:5d:03:4a:cf:9b:7b:60:a1:6e:b3:9d:1a:9e:7a:9d:
         c6:6a:39:11:78:93:2d:3b:cd:af:27:5a:b5:ff:6e:0b:63:42:
         e1:22:2f:8e:ea:5d:19:2c:23:fb:c3:be:94:a7:0a:a5:a7:6e:
         8a:95:60:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0e3J3v0WND/Gf7o7QBsExIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMzI0MDgwMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2QwNTRkZjQ0ZmZkY2UzYmQ5N2I2MWYyZmI1MjFmMWVhYTY5NDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGPuG9twph4Hu//1kRk9YWkUoFb9
v9nC6h8kOPXG0szZEnV7I01RIBE7f56Iw8oDkgStdLn2s0eTJfOGfx4FbbjSYX0K
+28wp9ZQzlp8OqB7GapKhKWZ7evsbLefAY0o/lv7OGQGHvOl7qkl9Qkt4e5I32m/
qWrWjEa8Wv9uFw4Tn80lFm9X/rrL461nk98/0VwsWz36XcYEs4GoBZtfJH1QKrMC
mRorWO848hEwgqsBd5Td1F9lERLsOOAPl0W61uoVG5Nl9MNIzY01ctq6zr+q8N2u
DIytYO1qJ9QvRQNsReaDdXUACnyUrmCUeDBf0CDLv7PDz7yyn0Q60pveuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzQVN9E/9zjvZe2Hy+1IfHqppRYMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWE5CVTMwVF8zT085bDdZZkw3VWg4ZXFtbEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/fMA0G
CSqGSIb3DQEBCwUAA4IBAQBsFeAAuKWNRP6ejVb22rysSnzh6ljq7Qkb6U7Zodxc
mXnzSxmKbPl/U+4twquzbNGEofYRxsZk+QWsX//pwMDXq20CE1V08xM1wVz5xrf9
uWsUZTGcwJ560PMBIimRhCDmoJOaARY9SoRbW2MPK+6ubMXQUKvzAtuGAbmzmCAq
KsEJiXNe8sONDeR9HStntm29fSkLh03IFjGgbQdWVUKx0vhWbcD8yL6pfTavI+tC
5fl8Yu19PXVAzmCR24t6AZ2t/kNXZj/AuiRdA0rPm3tgoW6znRqeep3GajkReJMt
O82vJ1q1/24LY0LhIi+O6l0ZLCP7w76Upwqlp26KlWBq
-----END CERTIFICATE-----