Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/rj2BXqyy0-V6R_JfiHYHJ4J7myw.roa
File:                     rj2BXqyy0-V6R_JfiHYHJ4J7myw.roa (raw, json)
Hash identifier:          b0jgDbNVPgWcWw0eIDQPOy3E8Mg+38+GpQAXv1paLNw=
Subject key identifier:   AE:3D:81:5E:AC:B2:D3:E5:7A:47:F2:5F:88:76:07:27:82:7B:9B:2C
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01993D6DE3A80398486E0487CBEBB0ABEF57
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/rj2BXqyy0-V6R_JfiHYHJ4J7myw.roa
Signing time:             Fri 12 Sep 2025 10:17:15 +0000
ROA not before:           Fri 12 Sep 2025 10:17:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213999
IP address blocks:        5.175.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:6d:e3:a8:03:98:48:6e:04:87:cb:eb:b0:ab:ef:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Sep 12 10:17:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae3d815eacb2d3e57a47f25f88760727827b9b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c3:f3:33:20:b3:3f:82:fa:5c:1b:90:da:47:
                    b2:4d:e8:51:81:ca:9c:30:6a:0a:50:01:a7:d7:a0:
                    41:25:10:9f:26:ef:77:d8:38:60:59:d2:b8:79:c6:
                    98:d2:12:94:96:e1:dd:68:cb:c3:c0:58:f2:bc:1f:
                    98:a7:25:1b:77:cd:5c:18:a8:d4:cc:b4:17:53:7f:
                    21:64:e9:10:1e:3c:62:9d:fd:a5:52:13:40:cb:a5:
                    f8:e1:59:b5:a3:47:a7:0c:60:72:38:65:27:41:2b:
                    b1:af:ec:10:e9:42:a8:26:9a:c7:b1:68:77:0d:e9:
                    ec:78:3f:01:27:47:c7:70:f9:1e:4e:6e:21:ee:e8:
                    63:21:d1:b0:1c:dd:a2:e1:6d:32:43:43:26:1c:e7:
                    c4:81:fe:87:02:da:49:f1:88:e3:69:86:1e:2a:c8:
                    4e:8f:7a:d9:cc:f8:08:5c:c6:55:6b:3c:0d:82:af:
                    7f:12:8d:5b:23:e0:9e:11:2e:d5:5d:fa:8f:95:39:
                    dc:e7:66:2a:86:33:4d:6b:7e:26:fe:f7:f1:dc:3f:
                    27:4e:67:d0:4c:f3:98:96:e2:bb:dd:4f:2f:16:bc:
                    08:7e:80:73:95:22:73:4f:50:d4:5b:f5:d3:d2:ba:
                    8c:50:86:90:a9:e5:ab:0a:5a:11:84:11:4f:1d:3d:
                    a0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:3D:81:5E:AC:B2:D3:E5:7A:47:F2:5F:88:76:07:27:82:7B:9B:2C
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/rj2BXqyy0-V6R_JfiHYHJ4J7myw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:63:45:66:f2:da:4b:ac:95:1f:c2:1e:42:b6:5d:13:0c:2a:
         10:99:e3:7a:43:be:d6:e9:61:51:44:5d:47:ef:e5:8c:19:cc:
         3a:ec:ac:a6:7f:b8:e7:46:f1:8c:e0:94:2d:c4:7c:9d:0b:34:
         6b:65:05:a8:d3:c1:fa:fc:8e:b8:ce:e3:33:5a:49:ef:c9:fd:
         81:4a:7b:f9:ee:bd:3b:e8:a4:fe:26:d8:e5:48:1c:38:75:e8:
         9d:cd:4e:9f:b4:bc:21:12:2b:11:15:b3:bb:d6:b1:6a:8e:b6:
         3f:82:46:10:76:04:5f:33:bc:61:f2:cc:0d:10:c5:e0:fa:3a:
         cb:78:7c:86:c6:60:9b:82:7d:c5:83:c2:87:cc:b8:21:de:28:
         0e:93:b4:8c:ed:b1:ca:2f:ec:82:aa:04:bd:bf:35:69:da:b1:
         17:ff:75:4c:f3:6c:d9:c8:0c:30:89:0e:ae:7e:0c:2c:fc:3d:
         ab:d9:cb:f7:61:ec:eb:75:75:04:ba:bc:03:e1:57:bf:ad:ce:
         44:94:c4:8f:e1:fe:65:22:de:44:cf:5f:04:d9:70:10:7a:74:
         d2:c5:55:68:b2:be:1f:79:9c:88:4c:86:b7:f3:64:3e:01:0c:
         39:a9:57:df:ff:78:bf:da:f5:e5:f5:f6:ed:49:c6:45:7f:7a:
         b6:f4:c5:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk9beOoA5hIbgSHy+uwq+9XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwOTEyMTAxNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTNkODE1ZWFjYjJkM2U1N2E0N2YyNWY4ODc2MDcyNzgyN2I5YjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMPzMyCzP4L6XBuQ2keyTehRgcqc
MGoKUAGn16BBJRCfJu932DhgWdK4ecaY0hKUluHdaMvDwFjyvB+YpyUbd81cGKjU
zLQXU38hZOkQHjxinf2lUhNAy6X44Vm1o0enDGByOGUnQSuxr+wQ6UKoJprHsWh3
DenseD8BJ0fHcPkeTm4h7uhjIdGwHN2i4W0yQ0MmHOfEgf6HAtpJ8YjjaYYeKshO
j3rZzPgIXMZVazwNgq9/Eo1bI+CeES7VXfqPlTnc52YqhjNNa34m/vfx3D8nTmfQ
TPOYluK73U8vFrwIfoBzlSJzT1DUW/XT0rqMUIaQqeWrCloRhBFPHT2g7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK49gV6sstPlekfyX4h2ByeCe5ssMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvcmoyQlhxeXkwLVY2Ul9KZmlIWUhKNEo3bXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/6MA0G
CSqGSIb3DQEBCwUAA4IBAQB/Y0Vm8tpLrJUfwh5Ctl0TDCoQmeN6Q77W6WFRRF1H
7+WMGcw67Kymf7jnRvGM4JQtxHydCzRrZQWo08H6/I64zuMzWknvyf2BSnv57r07
6KT+JtjlSBw4deidzU6ftLwhEisRFbO71rFqjrY/gkYQdgRfM7xh8swNEMXg+jrL
eHyGxmCbgn3Fg8KHzLgh3igOk7SM7bHKL+yCqgS9vzVp2rEX/3VM82zZyAwwiQ6u
fgws/D2r2cv3YezrdXUEurwD4Ve/rc5ElMSP4f5lIt5Ez18E2XAQenTSxVVosr4f
eZyITIa382Q+AQw5qVff/3i/2vXl9fbtScZFf3q29MX+
-----END CERTIFICATE-----