Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cD5vDEa-OU2LpfNrZYt8Atg1KBM.roa
File:                     cD5vDEa-OU2LpfNrZYt8Atg1KBM.roa (raw, json)
Hash identifier:          tFu3OycntjegG2fWo9aVoVh2ziAKfCDaiFIA6XemSKY=
Subject key identifier:   70:3E:6F:0C:46:BE:39:4D:8B:A5:F3:6B:65:8B:7C:02:D8:35:28:13
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0197F9CECC8019750C6962207117063A1A6A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cD5vDEa-OU2LpfNrZYt8Atg1KBM.roa
Signing time:             Fri 11 Jul 2025 14:06:08 +0000
ROA not before:           Fri 11 Jul 2025 14:06:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206734
IP address blocks:        5.175.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:ce:cc:80:19:75:0c:69:62:20:71:17:06:3a:1a:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 11 14:06:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=703e6f0c46be394d8ba5f36b658b7c02d8352813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:72:e9:39:f5:87:05:ae:2c:23:da:13:d1:03:
                    2f:1d:ad:4f:06:47:8e:ec:6b:2a:46:b9:66:9c:4d:
                    1f:32:48:76:d8:97:6f:24:22:3c:f0:ad:23:9b:5c:
                    a4:fd:97:51:cc:80:0d:d6:6d:47:40:13:2e:62:6b:
                    ff:77:c1:ff:3f:a1:8a:c1:9b:92:cd:fb:30:a5:78:
                    49:a4:dc:6d:57:f8:28:3e:0b:dd:52:18:14:21:60:
                    da:a1:b8:61:b0:5b:ad:72:28:97:d2:70:38:03:49:
                    2f:ed:3f:ef:ec:78:ef:8a:95:9d:18:3f:92:f1:c4:
                    51:53:0c:c7:3a:b8:e4:6a:1a:91:fe:3a:7b:3f:0f:
                    b0:58:8b:a9:1d:b4:ff:32:75:ef:0f:5e:53:3b:0f:
                    a3:87:fb:08:1f:df:43:c4:e7:be:ad:fd:13:c1:f3:
                    9f:c1:cf:26:b0:b1:c0:f3:52:d7:b3:a5:27:a9:a0:
                    71:00:38:2d:27:e9:40:c6:02:f9:0e:df:cc:ec:1b:
                    c8:a7:8c:1a:c1:3a:f0:89:e7:8b:da:c7:de:28:81:
                    68:5b:53:11:5e:0b:b6:c4:a3:36:d1:f9:68:13:c4:
                    1f:c8:42:53:d4:81:74:f8:ba:b9:2b:14:64:1f:af:
                    55:01:d2:f1:1f:39:e7:4d:ad:c0:cc:84:da:1c:1f:
                    83:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:3E:6F:0C:46:BE:39:4D:8B:A5:F3:6B:65:8B:7C:02:D8:35:28:13
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cD5vDEa-OU2LpfNrZYt8Atg1KBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:07:eb:0f:9c:1b:48:29:00:50:3f:02:b9:9e:f5:68:7e:15:
         25:d4:cc:e7:96:12:53:7f:2e:54:0b:ef:67:4d:31:e3:ca:2e:
         7d:0d:58:57:28:fc:9b:84:c9:f9:88:3d:df:b8:2c:57:cf:61:
         d0:08:7b:32:a8:ad:f9:83:12:c7:7b:0e:a6:67:f9:69:47:73:
         3c:0f:a9:59:3f:25:2c:49:40:cb:1b:06:e8:90:6e:df:0e:16:
         41:d8:6c:83:9a:37:d7:98:3d:55:f9:39:ae:78:87:d5:80:35:
         2c:d5:23:bc:ec:c8:86:e1:a5:33:07:94:f8:83:cb:28:3b:80:
         ec:24:c0:02:27:12:66:d8:7e:c5:f3:1d:5c:ab:61:f5:db:77:
         12:30:f4:f2:4f:8d:ad:96:92:00:d3:ae:c7:30:b4:ab:c6:e2:
         f2:5e:c1:36:cd:8c:94:67:e5:51:41:57:af:b1:6d:2e:7f:a4:
         db:05:80:06:96:73:fd:0d:5c:33:86:bc:a1:21:34:16:0c:3c:
         9c:cc:68:ed:a3:3e:64:f6:62:93:08:af:32:2c:f8:00:30:2b:
         b3:74:33:32:cb:d3:fa:98:c4:43:81:68:77:af:38:da:c6:7e:
         b8:98:0c:a4:04:4d:dc:41:b6:62:34:30:77:77:51:9f:9e:83:
         d6:80:f2:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf5zsyAGXUMaWIgcRcGOhpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzExMTQwNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDNlNmYwYzQ2YmUzOTRkOGJhNWYzNmI2NThiN2MwMmQ4MzUyODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nLpOfWHBa4sI9oT0QMvHa1PBkeO
7GsqRrlmnE0fMkh22JdvJCI88K0jm1yk/ZdRzIAN1m1HQBMuYmv/d8H/P6GKwZuS
zfswpXhJpNxtV/goPgvdUhgUIWDaobhhsFutciiX0nA4A0kv7T/v7HjvipWdGD+S
8cRRUwzHOrjkahqR/jp7Pw+wWIupHbT/MnXvD15TOw+jh/sIH99DxOe+rf0TwfOf
wc8msLHA81LXs6UnqaBxADgtJ+lAxgL5Dt/M7BvIp4wawTrwieeL2sfeKIFoW1MR
Xgu2xKM20floE8QfyEJT1IF0+Lq5KxRkH69VAdLxHznnTa3AzITaHB+D4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHA+bwxGvjlNi6Xza2WLfALYNSgTMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvY0Q1dkRFYS1PVTJMcGZOclpZdDhBdGcxS0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/sMA0G
CSqGSIb3DQEBCwUAA4IBAQDSB+sPnBtIKQBQPwK5nvVofhUl1MznlhJTfy5UC+9n
TTHjyi59DVhXKPybhMn5iD3fuCxXz2HQCHsyqK35gxLHew6mZ/lpR3M8D6lZPyUs
SUDLGwbokG7fDhZB2GyDmjfXmD1V+TmueIfVgDUs1SO87MiG4aUzB5T4g8soO4Ds
JMACJxJm2H7F8x1cq2H123cSMPTyT42tlpIA067HMLSrxuLyXsE2zYyUZ+VRQVev
sW0uf6TbBYAGlnP9DVwzhryhITQWDDyczGjtoz5k9mKTCK8yLPgAMCuzdDMyy9P6
mMRDgWh3rzjaxn64mAykBE3cQbZiNDB3d1GfnoPWgPKR
-----END CERTIFICATE-----