Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/pMLE_mMbchDjpPmiTK3G5VjvrKg.roa
File:                     pMLE_mMbchDjpPmiTK3G5VjvrKg.roa (raw, json)
Hash identifier:          W8yWtvzFJUG7zE/tEwPYYsXoEUZTWz3DCKSQ+q8axu4=
Subject key identifier:   A4:C2:C4:FE:63:1B:72:10:E3:A4:F9:A2:4C:AD:C6:E5:58:EF:AC:A8
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D126BD77454F9C613320181913DE65DF9
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/pMLE_mMbchDjpPmiTK3G5VjvrKg.roa
Signing time:             Sat 21 Mar 2026 22:02:30 +0000
ROA not before:           Sat 21 Mar 2026 22:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200029
IP address blocks:        5.231.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:12:6b:d7:74:54:f9:c6:13:32:01:81:91:3d:e6:5d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar 21 22:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4c2c4fe631b7210e3a4f9a24cadc6e558efaca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:75:0e:64:e9:e0:3e:e8:76:2e:83:30:0d:3a:
                    81:9a:81:39:9a:42:b5:18:56:19:f9:30:e1:93:d9:
                    f2:33:d0:4b:95:9c:6d:33:9a:34:f1:2b:7a:d7:28:
                    64:69:9f:f1:48:d2:ae:d5:a1:ce:44:c5:86:db:a1:
                    07:9a:02:04:fa:9d:b9:0d:02:3b:4c:ff:49:73:1e:
                    7c:7b:b5:cc:b7:cf:a1:9c:e9:e3:41:6b:ee:fc:57:
                    3b:9c:7f:3b:18:fb:eb:0c:e2:a5:ad:81:86:88:3f:
                    da:cf:08:64:f9:a2:86:84:79:92:e6:bb:49:20:60:
                    68:65:37:20:f5:50:f3:03:82:4a:4e:a9:01:85:75:
                    55:f6:f9:cd:03:9b:57:dd:31:16:6a:43:34:5e:ca:
                    21:bb:5b:6c:b2:4a:6d:6e:34:f8:f8:fd:1f:33:65:
                    33:d0:1f:2d:14:7b:2f:18:fb:63:74:d8:be:d3:f0:
                    2e:9b:ca:e4:2f:7d:bc:58:7b:2b:00:ca:d7:bc:f3:
                    f7:31:79:9d:60:f8:e0:4f:d4:3c:26:92:52:10:61:
                    9c:98:a8:b5:5f:6e:10:e9:c7:97:c3:04:88:fb:5f:
                    7f:b5:65:f5:29:c1:73:7e:88:f7:ac:bc:df:9f:18:
                    0d:6f:87:4d:20:51:d6:55:0e:1d:40:1a:8d:09:cf:
                    fb:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C2:C4:FE:63:1B:72:10:E3:A4:F9:A2:4C:AD:C6:E5:58:EF:AC:A8
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/pMLE_mMbchDjpPmiTK3G5VjvrKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:fc:53:eb:68:15:bc:a9:fa:15:a9:9c:48:30:86:75:68:8a:
         4e:6b:2d:96:02:2e:c7:3d:17:69:2c:ac:1e:c2:3a:f3:6d:f0:
         06:85:81:3a:ba:1c:e9:d2:72:b7:52:01:ef:29:0a:c9:bf:6c:
         ef:57:07:a0:72:5e:e4:4d:97:1e:87:82:7a:98:ef:96:5b:0b:
         12:99:68:19:96:9e:cf:9b:62:a6:a3:41:e4:cd:24:ca:33:c6:
         4b:f5:3e:46:a6:36:81:1a:7c:0b:b0:d8:3c:18:01:3d:eb:91:
         04:cb:b6:4b:2c:97:c6:c1:47:72:25:0c:5b:f3:6b:de:b5:ab:
         2f:7b:7c:85:b7:27:65:86:85:1c:23:22:84:6a:47:5e:29:b6:
         6c:3f:f4:22:d5:e9:0a:b3:b5:ce:f2:c7:40:c8:1c:d4:ec:9a:
         b3:e9:0b:eb:03:a1:8c:29:a4:0a:c1:dd:7d:61:26:a7:3a:4b:
         4d:8d:ea:f1:95:d3:67:11:8d:fc:d1:b5:31:e9:0e:d2:d2:8e:
         2d:12:88:82:30:8e:5c:6d:01:64:5b:a6:12:ce:ba:de:cb:a4:
         62:84:95:17:1d:55:c6:89:ed:f0:06:4e:15:c1:78:54:c5:63:
         bf:28:8a:55:13:6c:3b:f2:d8:db:ad:fb:0b:9e:09:51:e0:8a:
         07:76:1e:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Sa9d0VPnGEzIBgZE95l35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMzIxMjIwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGMyYzRmZTYzMWI3MjEwZTNhNGY5YTI0Y2FkYzZlNTU4ZWZhY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXUOZOngPuh2LoMwDTqBmoE5mkK1
GFYZ+TDhk9nyM9BLlZxtM5o08St61yhkaZ/xSNKu1aHORMWG26EHmgIE+p25DQI7
TP9Jcx58e7XMt8+hnOnjQWvu/Fc7nH87GPvrDOKlrYGGiD/azwhk+aKGhHmS5rtJ
IGBoZTcg9VDzA4JKTqkBhXVV9vnNA5tX3TEWakM0Xsohu1tsskptbjT4+P0fM2Uz
0B8tFHsvGPtjdNi+0/Aum8rkL328WHsrAMrXvPP3MXmdYPjgT9Q8JpJSEGGcmKi1
X24Q6ceXwwSI+19/tWX1KcFzfoj3rLzfnxgNb4dNIFHWVQ4dQBqNCc/7GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTCxP5jG3IQ46T5okytxuVY76yoMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvcE1MRV9tTWJjaERqcFBtaVRLM0c1Vmp2cktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABedFMA0G
CSqGSIb3DQEBCwUAA4IBAQDQ/FPraBW8qfoVqZxIMIZ1aIpOay2WAi7HPRdpLKwe
wjrzbfAGhYE6uhzp0nK3UgHvKQrJv2zvVwegcl7kTZceh4J6mO+WWwsSmWgZlp7P
m2Kmo0HkzSTKM8ZL9T5GpjaBGnwLsNg8GAE965EEy7ZLLJfGwUdyJQxb82vetasv
e3yFtydlhoUcIyKEakdeKbZsP/Qi1ekKs7XO8sdAyBzU7Jqz6QvrA6GMKaQKwd19
YSanOktNjerxldNnEY380bUx6Q7S0o4tEoiCMI5cbQFkW6YSzrrey6RihJUXHVXG
ie3wBk4VwXhUxWO/KIpVE2w78tjbrfsLnglR4IoHdh6B
-----END CERTIFICATE-----