Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/MCBZ2CxaM7LC481GLSYWHeppO5E.roa
File:                     MCBZ2CxaM7LC481GLSYWHeppO5E.roa (raw, json)
Hash identifier:          02Ro7KtAxSGq3svayvXMnjLyQYv+fnx2uhv691O7tMc=
Subject key identifier:   30:20:59:D8:2C:5A:33:B2:C2:E3:CD:46:2D:26:16:1D:EA:69:3B:91
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       019D1596FC16F5A71C5EBCAEE1573DC368BA
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/MCBZ2CxaM7LC481GLSYWHeppO5E.roa
Signing time:             Sun 22 Mar 2026 12:48:29 +0000
ROA not before:           Sun 22 Mar 2026 12:48:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215305
IP address blocks:        5.180.97.0/24 maxlen: 24
                          5.180.99.0/24 maxlen: 24
                          45.81.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:15:96:fc:16:f5:a7:1c:5e:bc:ae:e1:57:3d:c3:68:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Mar 22 12:48:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=302059d82c5a33b2c2e3cd462d26161dea693b91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:43:23:7e:7f:d9:33:88:35:ee:f2:a5:2e:aa:
                    56:13:3a:7f:0c:b0:0f:88:17:fa:7c:9a:ad:ab:86:
                    60:41:47:41:67:80:20:4f:17:59:9a:bd:de:61:cf:
                    c9:7c:6f:29:f8:70:ff:eb:bb:92:ce:70:f3:f5:eb:
                    a8:25:70:50:cf:b5:2d:f0:10:19:75:93:8d:b8:ad:
                    be:34:a9:15:8b:1a:91:40:a5:75:51:28:81:e2:f8:
                    b0:7b:7f:a3:3b:2e:23:9d:bf:e8:55:03:b1:a7:29:
                    8b:19:34:90:a2:e0:32:62:d2:29:2c:72:52:ec:d3:
                    2c:f3:eb:9a:f4:cf:14:68:d0:b2:d6:3c:2f:0e:b9:
                    26:a8:09:94:3f:bf:ef:8b:35:bd:7d:8a:54:84:5c:
                    7e:a1:83:1b:3d:db:85:fc:51:7e:55:b5:b8:3b:8e:
                    e4:b9:8f:18:dc:72:b5:0b:02:e8:ee:b7:9e:0c:c3:
                    b4:bd:47:f6:0d:f6:b3:ef:71:fa:4e:bc:33:10:63:
                    a7:f6:c7:9d:43:32:16:8c:4c:84:b1:83:3a:70:5b:
                    7b:d0:d3:7a:ae:cc:45:b6:61:1c:b7:a6:46:17:70:
                    c2:10:ac:3a:eb:25:ad:ef:66:0b:dc:a4:a2:db:40:
                    fe:31:12:fd:5b:93:d8:5c:b9:fe:66:04:c3:12:92:
                    cf:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:20:59:D8:2C:5A:33:B2:C2:E3:CD:46:2D:26:16:1D:EA:69:3B:91
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/MCBZ2CxaM7LC481GLSYWHeppO5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.97.0/24
                  5.180.99.0/24
                  45.81.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:4d:25:e2:7f:33:e5:d4:12:22:ec:77:5b:a4:9c:94:39:ab:
         3d:d5:d8:7a:01:7f:c2:6d:0f:6d:de:ce:20:32:ec:f0:07:ec:
         73:f7:ad:85:ca:d3:7a:dc:35:d0:2a:e1:7b:36:66:8b:30:75:
         6e:12:dd:84:b3:6f:86:ea:c3:3b:ee:b9:56:97:76:f5:84:0d:
         5a:8e:e7:1b:ac:f6:1b:9f:d7:77:f0:55:dd:89:96:98:6b:ae:
         16:17:cf:c0:b8:13:9c:48:cd:6f:41:fc:fd:b1:e9:f9:5a:8a:
         dd:c3:34:c1:80:b3:3f:18:3f:7b:77:b2:03:38:ca:54:14:cc:
         c4:96:cd:51:3b:96:0c:eb:44:25:fd:ac:fd:84:22:a3:22:a9:
         21:ea:ea:c3:41:bf:80:ed:d3:39:1c:a9:15:ce:23:92:25:39:
         00:a8:8a:15:91:73:8e:ab:fa:c4:41:91:93:52:c2:14:f2:bf:
         67:26:db:f7:11:6d:cd:4b:8b:79:bc:c2:c2:de:b3:b5:e0:eb:
         d9:e5:e4:d8:e4:74:c7:e3:95:ad:5c:e6:57:dc:41:4b:89:6d:
         64:52:ad:f1:cc:19:d4:7a:8d:50:75:80:51:43:72:02:5e:03:
         36:4d:65:e4:5c:dd:9b:52:88:93:e3:38:ff:22:ee:65:8d:36:
         b3:e9:3c:d7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0VlvwW9accXryu4Vc9w2i6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjYwMzIyMTI0ODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDIwNTlkODJjNWEzM2IyYzJlM2NkNDYyZDI2MTYxZGVhNjkzYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUMjfn/ZM4g17vKlLqpWEzp/DLAP
iBf6fJqtq4ZgQUdBZ4AgTxdZmr3eYc/JfG8p+HD/67uSznDz9euoJXBQz7Ut8BAZ
dZONuK2+NKkVixqRQKV1USiB4viwe3+jOy4jnb/oVQOxpymLGTSQouAyYtIpLHJS
7NMs8+ua9M8UaNCy1jwvDrkmqAmUP7/vizW9fYpUhFx+oYMbPduF/FF+VbW4O47k
uY8Y3HK1CwLo7reeDMO0vUf2Dfaz73H6TrwzEGOn9sedQzIWjEyEsYM6cFt70NN6
rsxFtmEct6ZGF3DCEKw66yWt72YL3KSi20D+MRL9W5PYXLn+ZgTDEpLPOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDAgWdgsWjOywuPNRi0mFh3qaTuRMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvTUNCWjJDeGFNN0xDNDgxR0xTWVdIZXBwTzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbRhAwQA
BbRjAwQALVEjMA0GCSqGSIb3DQEBCwUAA4IBAQCTTSXifzPl1BIi7HdbpJyUOas9
1dh6AX/CbQ9t3s4gMuzwB+xz962FytN63DXQKuF7NmaLMHVuEt2Es2+G6sM77rlW
l3b1hA1ajucbrPYbn9d38FXdiZaYa64WF8/AuBOcSM1vQfz9sen5WordwzTBgLM/
GD97d7IDOMpUFMzEls1RO5YM60Ql/az9hCKjIqkh6urDQb+A7dM5HKkVziOSJTkA
qIoVkXOOq/rEQZGTUsIU8r9nJtv3EW3NS4t5vMLC3rO14OvZ5eTY5HTH45WtXOZX
3EFLiW1kUq3xzBnUeo1QdYBRQ3ICXgM2TWXkXN2bUoiT4zj/Iu5ljTaz6TzX
-----END CERTIFICATE-----