Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TXaGrhwleqEMibVG9mNfdTn5q-A.roa
File:                     TXaGrhwleqEMibVG9mNfdTn5q-A.roa (raw, json)
Hash identifier:          kxh1ng+KUoyTo8PnLac06p3HYEAPoNHwaeK1ffIxpmI=
Subject key identifier:   4D:76:86:AE:1C:25:7A:A1:0C:89:B5:46:F6:63:5F:75:39:F9:AB:E0
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D5D40451D5E8AA4B6CAE02B6CB51CC433
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TXaGrhwleqEMibVG9mNfdTn5q-A.roa
Signing time:             Sun 05 Apr 2026 10:46:26 +0000
ROA not before:           Sun 05 Apr 2026 10:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6517
IP address blocks:        5.231.80.0/24 maxlen: 24
                          185.119.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 02:28:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5d:40:45:1d:5e:8a:a4:b6:ca:e0:2b:6c:b5:1c:c4:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  5 10:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d7686ae1c257aa10c89b546f6635f7539f9abe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f4:70:6b:da:c9:0e:62:12:ce:f0:ca:65:1a:
                    4a:15:79:42:4c:a3:b4:a6:89:99:5e:8b:9b:b8:07:
                    f9:9b:41:c0:0c:b3:53:38:1d:58:01:4d:24:7a:5f:
                    90:cc:7e:21:e8:41:e5:0f:4e:15:5d:5c:60:3c:3f:
                    f9:5f:2c:23:36:3e:ca:b5:f4:73:b9:68:70:85:38:
                    b3:5a:2f:63:82:a9:84:24:0b:f9:43:c8:e0:f0:cc:
                    a6:df:9f:a5:30:46:a0:a4:54:f4:39:bc:7b:c1:3a:
                    39:12:dd:d6:19:f9:0a:ac:68:ae:fb:24:88:49:0d:
                    1f:5c:9f:79:83:fa:a5:0a:4c:21:50:1c:44:ca:3a:
                    35:62:b6:e6:76:0d:83:e6:ef:f3:82:4b:22:e1:8a:
                    ec:ce:4f:f9:f2:22:c6:37:86:09:0a:8b:ab:d4:cc:
                    20:0b:8f:d4:66:2e:f9:b1:74:7d:28:2a:f3:f2:31:
                    11:ab:8a:63:f1:7d:b6:f3:18:c3:f2:bf:f0:d7:42:
                    1b:e4:30:20:4d:47:ca:81:84:3e:86:6c:8f:0d:93:
                    b8:bc:0c:79:5d:73:c7:4d:62:a0:57:74:26:2a:21:
                    aa:0d:b5:90:66:cc:a1:d6:9f:d8:b9:b4:16:2a:4b:
                    0d:1f:80:39:d1:fe:0c:33:e5:a8:a3:fc:44:b7:41:
                    e2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:76:86:AE:1C:25:7A:A1:0C:89:B5:46:F6:63:5F:75:39:F9:AB:E0
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TXaGrhwleqEMibVG9mNfdTn5q-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.80.0/24
                  185.119.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:84:00:ed:7d:be:6e:14:aa:e3:51:9d:d2:44:ef:c1:04:47:
         23:c4:13:8b:b0:b2:1d:99:c7:57:b6:75:ee:8b:63:9b:ec:b4:
         02:2a:90:30:13:56:01:e2:40:dd:b6:9f:ed:a7:11:25:c5:cc:
         69:fe:79:8d:da:64:0a:0e:2b:91:06:05:d1:d4:a6:32:d0:64:
         d8:43:17:a5:69:e5:95:bc:a0:ca:52:18:70:4a:b2:20:a1:23:
         76:e3:a3:08:99:c2:0f:7e:0a:f8:2c:0b:12:09:ec:02:33:e9:
         10:36:c2:f6:fd:3b:b1:e4:c5:d9:66:7b:e3:41:db:88:fd:7d:
         2d:e1:7f:55:40:f8:fd:de:70:a9:5f:b0:4b:d8:77:c2:bb:54:
         6b:08:f5:65:62:26:10:4c:17:30:45:a8:b1:c8:8a:70:c1:02:
         05:fe:ac:21:f7:0b:6e:ab:7c:81:c6:13:88:4c:e1:b8:bc:da:
         64:22:ab:bc:a6:e4:74:16:eb:e6:d9:b6:f4:61:5c:a9:6c:bc:
         f6:0b:5e:02:ae:1f:b9:00:6b:d0:9f:d6:3d:60:9e:15:e7:e2:
         c6:3f:e4:ea:98:ba:03:b7:9e:19:83:f6:35:48:6f:a8:b0:64:
         d3:05:1d:9e:26:b6:76:3d:02:7b:fb:fe:84:8d:ba:69:94:78:
         e4:91:2d:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1dQEUdXoqktsrgK2y1HMQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDA1MTA0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDc2ODZhZTFjMjU3YWExMGM4OWI1NDZmNjYzNWY3NTM5ZjlhYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/Rwa9rJDmISzvDKZRpKFXlCTKO0
pomZXoubuAf5m0HADLNTOB1YAU0kel+QzH4h6EHlD04VXVxgPD/5XywjNj7KtfRz
uWhwhTizWi9jgqmEJAv5Q8jg8Mym35+lMEagpFT0Obx7wTo5Et3WGfkKrGiu+ySI
SQ0fXJ95g/qlCkwhUBxEyjo1Yrbmdg2D5u/zgksi4Yrszk/58iLGN4YJCour1Mwg
C4/UZi75sXR9KCrz8jERq4pj8X228xjD8r/w10Ib5DAgTUfKgYQ+hmyPDZO4vAx5
XXPHTWKgV3QmKiGqDbWQZsyh1p/YubQWKksNH4A50f4MM+Woo/xEt0HiIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE12hq4cJXqhDIm1RvZjX3U5+avgMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVFhhR3Jod2xlcUVNaWJWRzltTmZkVG41cS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABedQAwQA
uXcTMA0GCSqGSIb3DQEBCwUAA4IBAQBFhADtfb5uFKrjUZ3SRO/BBEcjxBOLsLId
mcdXtnXui2Ob7LQCKpAwE1YB4kDdtp/tpxElxcxp/nmN2mQKDiuRBgXR1KYy0GTY
QxelaeWVvKDKUhhwSrIgoSN246MImcIPfgr4LAsSCewCM+kQNsL2/Tux5MXZZnvj
QduI/X0t4X9VQPj93nCpX7BL2HfCu1RrCPVlYiYQTBcwRaixyIpwwQIF/qwh9wtu
q3yBxhOITOG4vNpkIqu8puR0Fuvm2bb0YVypbLz2C14Crh+5AGvQn9Y9YJ4V5+LG
P+TqmLoDt54Zg/Y1SG+osGTTBR2eJrZ2PQJ7+/6EjbpplHjkkS2g
-----END CERTIFICATE-----