Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/06stzqa1G6RXxrjC95zkhmH0u5o.roa
File:                     06stzqa1G6RXxrjC95zkhmH0u5o.roa (raw, json)
Hash identifier:          a3Io/obLHrUGTvxaE5H043l21fB2wRmFY401rerPcZo=
Subject key identifier:   D3:AB:2D:CE:A6:B5:1B:A4:57:C6:B8:C2:F7:9C:E4:86:61:F4:BB:9A
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019E226B4AA1B2709BDCCEC6AC87C1B3756D
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/06stzqa1G6RXxrjC95zkhmH0u5o.roa
Signing time:             Wed 13 May 2026 17:38:37 +0000
ROA not before:           Wed 13 May 2026 17:38:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23470
IP address blocks:        5.231.58.0/24 maxlen: 24
                          5.231.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:22:6b:4a:a1:b2:70:9b:dc:ce:c6:ac:87:c1:b3:75:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 13 17:38:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3ab2dcea6b51ba457c6b8c2f79ce48661f4bb9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a1:3c:1f:97:ea:80:30:02:f5:d5:7a:c2:32:
                    91:5e:3d:b3:bb:0b:fe:40:eb:a9:2c:c1:4e:87:f9:
                    28:f5:e0:ad:f1:9d:cc:ec:03:09:68:a9:a8:7b:9b:
                    a5:ad:2c:85:27:e0:f6:b5:2b:40:c5:0a:49:7d:71:
                    f4:72:32:de:70:d8:7a:49:30:94:96:b7:8a:4d:14:
                    00:b8:0d:a9:5d:95:c0:e5:1d:b9:b6:61:9a:5c:a9:
                    cc:bc:ec:e5:f5:a5:b7:e0:40:29:4b:9e:31:41:7e:
                    d1:79:06:46:eb:cd:9b:eb:69:ff:85:74:b9:a8:b0:
                    3c:a9:be:60:df:05:fd:fb:9e:20:09:6c:f1:15:41:
                    c9:2e:d2:89:c8:89:cb:06:41:9f:da:02:04:44:75:
                    60:b6:da:6d:1c:68:00:fc:4e:8b:87:cc:93:7d:2c:
                    6c:5f:09:f8:f0:c9:61:14:5d:a1:39:ee:eb:13:d3:
                    98:45:af:f0:6f:18:51:cb:ab:77:6e:97:34:8a:11:
                    6b:a6:16:41:e9:2f:31:9c:a5:a8:24:95:8c:ca:b3:
                    0c:13:63:0c:5b:9d:38:2b:ee:bf:a3:b6:e0:b0:71:
                    20:fe:72:2c:24:4a:e9:34:19:c3:4b:e6:71:9b:e5:
                    92:07:85:65:73:4b:cf:2b:bc:b5:e7:97:9c:7e:8a:
                    b3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:AB:2D:CE:A6:B5:1B:A4:57:C6:B8:C2:F7:9C:E4:86:61:F4:BB:9A
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/06stzqa1G6RXxrjC95zkhmH0u5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.58.0/24
                  5.231.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:d9:6b:a2:bd:3f:98:45:a5:1f:fe:02:4e:e2:ea:da:3b:17:
         6f:81:60:d1:0a:ec:9a:e7:0b:d5:46:c6:46:b1:87:0a:21:bb:
         39:8e:65:8a:95:ad:8e:ab:37:1a:65:bf:c9:88:33:8d:c2:1b:
         e8:c7:d7:3a:02:b5:84:0b:4b:3e:9d:41:fd:53:01:db:e0:51:
         a0:8f:24:6a:61:5a:36:b6:8f:67:0c:7a:91:b9:5d:60:cd:6c:
         39:3d:8b:5c:1f:db:78:2f:8e:c0:04:cf:de:eb:9f:b6:49:b5:
         70:b8:53:66:f4:d5:bd:b9:9e:5f:1e:f8:cf:55:a0:63:dd:ad:
         d4:db:55:8e:c5:f8:df:3c:c1:8e:c2:5e:3d:6a:71:70:68:f9:
         b7:79:6c:83:e2:95:ad:ab:b9:90:0a:4a:8c:38:e1:26:2e:17:
         64:12:3d:86:3c:27:e8:31:82:13:4c:36:82:b5:0b:4c:da:c5:
         b2:6f:d8:05:0f:c3:bb:3f:e2:c8:73:4c:2c:27:a6:4e:d8:55:
         bc:84:b1:0e:7e:cf:0a:5d:3e:f8:45:6d:5e:6e:58:70:74:b3:
         d0:6a:a0:ac:ba:34:1a:5c:17:5e:75:1b:25:fb:2a:92:6a:f2:
         00:7d:70:e2:9b:dc:ff:62:a3:92:03:50:1c:eb:76:65:ed:31:
         52:c8:f5:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4ia0qhsnCb3M7GrIfBs3VtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNTEzMTczODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2FiMmRjZWE2YjUxYmE0NTdjNmI4YzJmNzljZTQ4NjYxZjRiYjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKE8H5fqgDAC9dV6wjKRXj2zuwv+
QOupLMFOh/ko9eCt8Z3M7AMJaKmoe5ulrSyFJ+D2tStAxQpJfXH0cjLecNh6STCU
lreKTRQAuA2pXZXA5R25tmGaXKnMvOzl9aW34EApS54xQX7ReQZG682b62n/hXS5
qLA8qb5g3wX9+54gCWzxFUHJLtKJyInLBkGf2gIERHVgttptHGgA/E6Lh8yTfSxs
Xwn48MlhFF2hOe7rE9OYRa/wbxhRy6t3bpc0ihFrphZB6S8xnKWoJJWMyrMME2MM
W504K+6/o7bgsHEg/nIsJErpNBnDS+Zxm+WSB4Vlc0vPK7y155ecfoqzSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNOrLc6mtRukV8a4wvec5IZh9LuaMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMDZzdHpxYTFHNlJYeHJqQzk1emtobUgwdTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABec6AwQA
Bec9MA0GCSqGSIb3DQEBCwUAA4IBAQCR2WuivT+YRaUf/gJO4uraOxdvgWDRCuya
5wvVRsZGsYcKIbs5jmWKla2OqzcaZb/JiDONwhvox9c6ArWEC0s+nUH9UwHb4FGg
jyRqYVo2to9nDHqRuV1gzWw5PYtcH9t4L47ABM/e65+2SbVwuFNm9NW9uZ5fHvjP
VaBj3a3U21WOxfjfPMGOwl49anFwaPm3eWyD4pWtq7mQCkqMOOEmLhdkEj2GPCfo
MYITTDaCtQtM2sWyb9gFD8O7P+LIc0wsJ6ZO2FW8hLEOfs8KXT74RW1eblhwdLPQ
aqCsujQaXBdedRsl+yqSavIAfXDim9z/YqOSA1Ac63Zl7TFSyPWi
-----END CERTIFICATE-----