Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TCZXW3VhlOLjDyncexmJsI1iOlc.roa
File:                     TCZXW3VhlOLjDyncexmJsI1iOlc.roa (raw, json)
Hash identifier:          g/HUYiV1ZuixlVtzYhLUlxsPbTRqxZdmXPTw9iBddqg=
Subject key identifier:   4C:26:57:5B:75:61:94:E2:E3:0F:29:DC:7B:19:89:B0:8D:62:3A:57
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019814EF54B33299A019CBDE9DE27B057AF4
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TCZXW3VhlOLjDyncexmJsI1iOlc.roa
Signing time:             Wed 16 Jul 2025 20:31:25 +0000
ROA not before:           Wed 16 Jul 2025 20:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206479
IP address blocks:        5.175.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:14:ef:54:b3:32:99:a0:19:cb:de:9d:e2:7b:05:7a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 16 20:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c26575b756194e2e30f29dc7b1989b08d623a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:df:e2:e2:b4:e4:ef:92:bb:38:ad:d2:12:19:
                    c1:a7:f4:1a:75:dd:d3:70:0a:b3:14:f4:4f:c8:80:
                    a9:08:f3:5e:83:1a:02:cd:b1:ee:88:1d:90:f6:b5:
                    ef:a4:90:e1:6b:2f:8f:55:00:04:4b:25:df:0e:f2:
                    18:7e:85:91:a2:86:51:ec:79:88:b8:11:3e:0b:e6:
                    31:4e:77:b7:f7:7d:94:13:da:82:af:0c:5a:36:75:
                    d9:ee:08:a8:7c:61:3c:4f:0e:06:5a:cc:87:9c:c0:
                    8c:d6:88:54:d3:aa:d0:52:16:6e:47:d6:c6:2b:16:
                    46:68:45:15:76:90:c5:d0:8a:83:8d:55:26:21:b7:
                    9e:4d:02:73:e2:8e:89:97:72:01:b1:7f:f0:6b:3c:
                    0d:31:c7:e1:93:78:0f:84:38:8c:7d:71:fe:61:4d:
                    e5:e8:58:44:35:6f:a9:00:f0:ce:02:c8:9a:b6:18:
                    e7:ff:75:f2:7d:30:a0:70:82:24:61:96:81:4f:ff:
                    bf:0b:8f:be:36:33:fa:89:bf:f0:00:67:af:86:fd:
                    e2:ff:a3:6a:31:69:38:0a:88:79:56:ff:23:06:46:
                    b4:15:34:d2:ea:d1:06:b8:9b:d1:2f:a2:11:5c:25:
                    81:70:53:52:7f:85:5b:0f:4a:94:cd:c7:d3:6c:d3:
                    62:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:26:57:5B:75:61:94:E2:E3:0F:29:DC:7B:19:89:B0:8D:62:3A:57
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TCZXW3VhlOLjDyncexmJsI1iOlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:74:c0:58:be:83:85:99:b1:b2:6a:ac:e1:9a:87:b8:00:de:
         9c:8e:bc:e2:b5:72:6f:19:4a:12:9e:d0:be:29:32:ac:a5:db:
         ca:5e:6b:24:fc:e9:3b:fc:c8:57:6f:1d:69:46:26:57:c7:47:
         8d:ce:41:b8:d5:0e:f3:57:a6:87:3e:8c:26:94:11:04:b5:6e:
         28:dd:09:6c:12:c7:69:4f:62:99:8a:4d:88:d3:e9:66:dd:9b:
         74:d4:bd:2f:2e:b1:70:f8:7c:2c:aa:2a:f8:7f:b6:a4:e9:43:
         ef:b9:05:e4:66:d9:45:d0:60:ff:44:03:bc:73:d5:4c:2f:08:
         35:00:4e:a8:3d:1a:d6:1a:e3:e8:c7:95:89:e0:57:63:88:c2:
         05:f3:1a:5f:d4:33:dc:c3:26:25:a9:37:74:6a:7b:2f:77:88:
         03:37:a3:35:4c:95:55:f6:6f:01:5d:9a:ee:f8:d1:19:e1:0c:
         90:9f:13:11:06:a2:1b:6d:e9:43:28:3e:40:98:32:60:72:5d:
         71:1b:62:94:a7:ac:e5:45:11:cb:b5:a5:ad:87:65:a5:ce:5e:
         18:ec:63:ab:90:57:ec:c0:ec:9f:6e:5c:46:74:2e:93:4c:d3:
         6d:69:b8:b2:09:4e:7e:de:31:f7:d6:9d:36:77:20:02:1f:29:
         0b:df:87:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgU71SzMpmgGcveneJ7BXr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzE2MjAzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzI2NTc1Yjc1NjE5NGUyZTMwZjI5ZGM3YjE5ODliMDhkNjIzYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd/i4rTk75K7OK3SEhnBp/Qadd3T
cAqzFPRPyICpCPNegxoCzbHuiB2Q9rXvpJDhay+PVQAESyXfDvIYfoWRooZR7HmI
uBE+C+YxTne3932UE9qCrwxaNnXZ7giofGE8Tw4GWsyHnMCM1ohU06rQUhZuR9bG
KxZGaEUVdpDF0IqDjVUmIbeeTQJz4o6Jl3IBsX/wazwNMcfhk3gPhDiMfXH+YU3l
6FhENW+pAPDOAsiathjn/3XyfTCgcIIkYZaBT/+/C4++NjP6ib/wAGevhv3i/6Nq
MWk4Coh5Vv8jBka0FTTS6tEGuJvRL6IRXCWBcFNSf4VbD0qUzcfTbNNiKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwmV1t1YZTi4w8p3HsZibCNYjpXMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVENaWFczVmhsT0xqRHluY2V4bUpzSTFpT2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/qMA0G
CSqGSIb3DQEBCwUAA4IBAQAadMBYvoOFmbGyaqzhmoe4AN6cjrzitXJvGUoSntC+
KTKspdvKXmsk/Ok7/MhXbx1pRiZXx0eNzkG41Q7zV6aHPowmlBEEtW4o3QlsEsdp
T2KZik2I0+lm3Zt01L0vLrFw+Hwsqir4f7ak6UPvuQXkZtlF0GD/RAO8c9VMLwg1
AE6oPRrWGuPox5WJ4FdjiMIF8xpf1DPcwyYlqTd0ansvd4gDN6M1TJVV9m8BXZru
+NEZ4QyQnxMRBqIbbelDKD5AmDJgcl1xG2KUp6zlRRHLtaWth2Wlzl4Y7GOrkFfs
wOyfblxGdC6TTNNtabiyCU5+3jH31p02dyACHykL34eP
-----END CERTIFICATE-----