Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cP58VD9R7izrhRJvoQCCDaL3PwE.roa
File:                     cP58VD9R7izrhRJvoQCCDaL3PwE.roa (raw, json)
Hash identifier:          JKtEEdbjHxfkQw3a/iW8fmHn8TkRZs/VOyZ1oeA5Cdc=
Subject key identifier:   70:FE:7C:54:3F:51:EE:2C:EB:85:12:6F:A1:00:82:0D:A2:F7:3F:01
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019DED0C28A5D8D1B091EDCD1773311A25C9
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cP58VD9R7izrhRJvoQCCDaL3PwE.roa
Signing time:             Sun 03 May 2026 08:54:50 +0000
ROA not before:           Sun 03 May 2026 08:54:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213512
IP address blocks:        5.175.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ed:0c:28:a5:d8:d1:b0:91:ed:cd:17:73:31:1a:25:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May  3 08:54:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70fe7c543f51ee2ceb85126fa100820da2f73f01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4b:d7:92:06:75:db:58:63:f4:c9:81:97:29:
                    b6:82:b9:c2:6d:01:52:9e:2b:87:ff:21:35:e2:6b:
                    63:e3:9f:62:63:f4:2f:8a:6c:cc:9a:09:13:50:05:
                    77:f8:85:9b:84:37:18:11:a8:3e:9c:ef:2f:36:6a:
                    fa:8e:c8:da:7f:ff:20:0f:fb:32:9d:78:f0:1a:a7:
                    d3:2f:2f:b3:0e:75:72:ce:19:65:c4:c2:e8:cd:8b:
                    4c:be:59:2a:53:14:15:c8:6d:d6:4d:02:2e:2a:d5:
                    46:9f:0c:c4:37:ea:67:68:3a:d9:1c:79:6e:3b:04:
                    9b:5f:41:6c:ee:c5:9b:f1:4a:82:2f:82:35:3b:34:
                    4f:ba:b8:67:d3:ab:5b:db:bc:d2:58:1f:9d:74:35:
                    76:ed:a2:f6:9a:22:83:c3:0a:64:83:8e:f9:85:6e:
                    12:9f:31:ad:4a:a0:7d:04:e7:8c:ef:ca:c3:b6:c7:
                    39:e2:18:4f:95:5d:35:9e:f9:45:d1:ba:cc:6d:65:
                    b9:2e:ea:97:d3:d4:30:26:b2:26:94:18:56:ce:25:
                    61:c3:91:af:1f:7d:24:16:2f:b6:9a:be:f2:9e:31:
                    a3:14:98:32:85:8f:da:c9:68:ff:be:cc:ba:08:94:
                    b4:c8:31:7b:ba:e9:51:12:3a:b1:d8:56:37:a1:97:
                    2f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:FE:7C:54:3F:51:EE:2C:EB:85:12:6F:A1:00:82:0D:A2:F7:3F:01
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cP58VD9R7izrhRJvoQCCDaL3PwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:18:0e:53:52:53:b8:41:2b:2f:ee:cd:ba:53:8f:57:2e:27:
         ec:4d:45:bf:55:5b:b0:29:39:55:19:ae:b4:85:91:cc:57:b9:
         b8:5a:4f:90:c8:65:68:a0:3d:ac:0b:40:ad:35:2b:af:a3:c7:
         0f:6e:de:cb:e7:52:0f:1d:42:d7:93:18:26:ce:68:bb:4e:4e:
         71:aa:ac:4b:25:19:a2:16:fb:e0:1b:82:dc:47:0b:18:8b:2d:
         6b:b4:66:27:0e:aa:5e:b6:fc:bf:f9:c6:db:00:b4:c8:a1:1b:
         fa:5d:82:a4:9a:1b:fe:f7:c1:47:c2:40:b1:36:54:52:a3:57:
         2f:df:25:4e:99:00:9e:67:57:7f:98:91:ae:2b:49:be:a2:e2:
         c0:d8:50:57:d6:47:c1:41:69:2c:25:2f:04:fb:97:31:d3:aa:
         94:e9:e2:df:fe:51:97:9a:82:83:d4:44:52:d6:6c:d7:72:33:
         5a:34:4d:ac:6d:ce:9f:7e:57:64:a3:07:7f:d7:0d:50:d3:a2:
         be:86:a3:2a:cb:83:72:df:cd:6c:03:2a:bc:1c:40:82:30:29:
         7e:9b:17:ea:a7:80:25:75:e4:9b:5f:26:02:1f:71:99:05:ed:
         df:7b:55:fd:8b:1d:35:2e:51:bb:34:2f:8d:07:07:53:86:6d:
         76:ca:f4:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3tDCil2NGwke3NF3MxGiXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNTAzMDg1NDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGZlN2M1NDNmNTFlZTJjZWI4NTEyNmZhMTAwODIwZGEyZjczZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkvXkgZ121hj9MmBlym2grnCbQFS
niuH/yE14mtj459iY/QvimzMmgkTUAV3+IWbhDcYEag+nO8vNmr6jsjaf/8gD/sy
nXjwGqfTLy+zDnVyzhllxMLozYtMvlkqUxQVyG3WTQIuKtVGnwzEN+pnaDrZHHlu
OwSbX0Fs7sWb8UqCL4I1OzRPurhn06tb27zSWB+ddDV27aL2miKDwwpkg475hW4S
nzGtSqB9BOeM78rDtsc54hhPlV01nvlF0brMbWW5LuqX09QwJrImlBhWziVhw5Gv
H30kFi+2mr7ynjGjFJgyhY/ayWj/vsy6CJS0yDF7uulREjqx2FY3oZcvrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHD+fFQ/Ue4s64USb6EAgg2i9z8BMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvY1A1OFZEOVI3aXpyaFJKdm9RQ0NEYUwzUHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa+OMA0G
CSqGSIb3DQEBCwUAA4IBAQBvGA5TUlO4QSsv7s26U49XLifsTUW/VVuwKTlVGa60
hZHMV7m4Wk+QyGVooD2sC0CtNSuvo8cPbt7L51IPHULXkxgmzmi7Tk5xqqxLJRmi
FvvgG4LcRwsYiy1rtGYnDqpetvy/+cbbALTIoRv6XYKkmhv+98FHwkCxNlRSo1cv
3yVOmQCeZ1d/mJGuK0m+ouLA2FBX1kfBQWksJS8E+5cx06qU6eLf/lGXmoKD1ERS
1mzXcjNaNE2sbc6ffldkowd/1w1Q06K+hqMqy4Ny381sAyq8HECCMCl+mxfqp4Al
deSbXyYCH3GZBe3fe1X9ix01LlG7NC+NBwdThm12yvSb
-----END CERTIFICATE-----