Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/KmFyDmnNo7Oidew2XKn_6R8Wx1c.roa
File:                     KmFyDmnNo7Oidew2XKn_6R8Wx1c.roa (raw, json)
Hash identifier:          RA8ZIgC5DQQmU4OiMFD1335ThmHFDyU0m2LyswWHCjk=
Subject key identifier:   2A:61:72:0E:69:CD:A3:B3:A2:75:EC:36:5C:A9:FF:E9:1F:16:C7:57
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019DB7BFB50A19633243C7926DAB685C5BBB
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/KmFyDmnNo7Oidew2XKn_6R8Wx1c.roa
Signing time:             Thu 23 Apr 2026 00:31:27 +0000
ROA not before:           Thu 23 Apr 2026 00:31:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        5.175.190.0/24 maxlen: 24
                          2a02:2fc0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b7:bf:b5:0a:19:63:32:43:c7:92:6d:ab:68:5c:5b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 23 00:31:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a61720e69cda3b3a275ec365ca9ffe91f16c757
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:34:25:cb:37:1a:ce:e3:e4:03:30:86:ed:d5:
                    16:15:b9:33:18:0e:f4:d7:2f:cb:c5:77:06:46:29:
                    9c:80:d1:76:7b:ac:3f:ec:82:44:93:31:db:87:94:
                    f0:03:07:a5:1d:1e:94:aa:51:61:bf:c7:27:ba:db:
                    8d:f9:d6:dc:e8:8d:7d:e8:e1:d2:32:34:93:ef:7d:
                    0d:58:e3:b0:dd:8e:7e:cf:3c:2b:dc:5f:19:fe:39:
                    ec:68:31:75:18:e0:ac:9a:58:6c:c1:1e:12:6a:94:
                    2f:6f:cb:67:fb:26:95:80:b0:c5:e3:fd:be:3b:ee:
                    41:95:c9:c9:c2:b5:cd:53:15:1a:d0:6a:ab:73:36:
                    ff:95:c6:02:06:9f:01:b0:a5:a5:4f:12:17:76:a5:
                    38:d5:1b:a1:54:ae:20:d7:0c:6b:17:be:50:b7:30:
                    cd:d2:7e:5b:b9:57:f5:ff:20:7e:46:a6:94:4e:7c:
                    e7:68:fb:ea:f6:52:b1:40:6f:32:9f:69:e4:8b:26:
                    ef:c1:e2:aa:53:86:ad:59:b7:d8:dc:56:ad:99:34:
                    d6:fb:fc:e1:28:f3:fe:bb:60:77:d8:c3:b0:2d:f0:
                    8d:ef:12:e5:47:05:ca:a9:8c:c6:ca:13:d4:43:7b:
                    b4:30:58:d2:56:f7:51:67:43:4b:cc:cc:99:a2:42:
                    b7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:61:72:0E:69:CD:A3:B3:A2:75:EC:36:5C:A9:FF:E9:1F:16:C7:57
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/KmFyDmnNo7Oidew2XKn_6R8Wx1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.190.0/24
                IPv6:
                  2a02:2fc0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:d4:b3:7a:e7:04:99:ea:d7:9b:d1:aa:8a:5f:54:32:ee:e4:
         e9:9c:19:d5:47:4b:1e:21:87:c5:17:b7:65:4b:ad:e1:7f:82:
         73:e8:26:e7:45:06:02:40:fe:91:a3:64:fe:b7:56:69:82:9f:
         fd:2b:a2:d4:2f:f1:55:d9:4c:9e:ef:a0:c3:ea:25:b7:e9:14:
         b1:34:82:04:cb:c2:39:fb:ae:63:cb:ef:af:ac:c0:10:1b:1c:
         77:8d:d0:74:ec:e0:1e:c2:2f:2e:59:7d:f9:6d:c2:60:c6:55:
         c5:7f:44:e0:4e:48:d6:c9:e5:f8:30:cb:ad:69:e0:f2:ac:bb:
         79:06:05:5a:b5:1d:bd:7f:f0:d0:ad:fc:4c:c5:75:6b:9c:56:
         01:b8:7f:44:eb:63:7d:76:bb:db:18:0b:80:8e:24:a7:98:ed:
         42:fc:e7:09:08:34:7d:51:cb:5d:19:11:79:c8:70:65:f1:1f:
         b4:12:dc:42:2f:de:c2:07:d1:a5:76:c6:d8:65:5d:ea:8a:a5:
         7d:14:89:26:51:ce:bc:21:80:28:e7:d6:41:37:35:70:3f:1b:
         5d:01:e6:61:c0:d8:c3:61:77:b5:17:ec:0b:51:42:7c:fb:fe:
         f9:56:c0:97:7e:d4:e5:24:58:d6:b1:d2:ba:4e:ee:29:da:ce:
         1c:58:36:9b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ23v7UKGWMyQ8eSbatoXFu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDIzMDAzMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTYxNzIwZTY5Y2RhM2IzYTI3NWVjMzY1Y2E5ZmZlOTFmMTZjNzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjQlyzcazuPkAzCG7dUWFbkzGA70
1y/LxXcGRimcgNF2e6w/7IJEkzHbh5TwAwelHR6UqlFhv8cnutuN+dbc6I196OHS
MjST730NWOOw3Y5+zzwr3F8Z/jnsaDF1GOCsmlhswR4SapQvb8tn+yaVgLDF4/2+
O+5BlcnJwrXNUxUa0Gqrczb/lcYCBp8BsKWlTxIXdqU41RuhVK4g1wxrF75QtzDN
0n5buVf1/yB+RqaUTnznaPvq9lKxQG8yn2nkiybvweKqU4atWbfY3FatmTTW+/zh
KPP+u2B32MOwLfCN7xLlRwXKqYzGyhPUQ3u0MFjSVvdRZ0NLzMyZokK3/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCphcg5pzaOzonXsNlyp/+kfFsdXMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvS21GeURtbk5vN09pZGV3MlhLbl82UjhXeDFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABa++MA8E
AgACMAkDBwAqAi/AAAIwDQYJKoZIhvcNAQELBQADggEBAALUs3rnBJnq15vRqopf
VDLu5OmcGdVHSx4hh8UXt2VLreF/gnPoJudFBgJA/pGjZP63VmmCn/0rotQv8VXZ
TJ7voMPqJbfpFLE0ggTLwjn7rmPL76+swBAbHHeN0HTs4B7CLy5ZffltwmDGVcV/
ROBOSNbJ5fgwy61p4PKsu3kGBVq1Hb1/8NCt/EzFdWucVgG4f0TrY312u9sYC4CO
JKeY7UL85wkINH1Ry10ZEXnIcGXxH7QS3EIv3sIH0aV2xthlXeqKpX0UiSZRzrwh
gCjn1kE3NXA/G10B5mHA2MNhd7UX7AtRQnz7/vlWwJd+1OUkWNax0rpO7inazhxY
Nps=
-----END CERTIFICATE-----