Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Xul65fBb8ugTuYZrxgwGoVWTzv8.roa
File:                     Xul65fBb8ugTuYZrxgwGoVWTzv8.roa (raw, json)
Hash identifier:          2M3IcFSE2+iPA5woazb5DhoYucMWS10S9w80LPtc2c8=
Subject key identifier:   5E:E9:7A:E5:F0:5B:F2:E8:13:B9:86:6B:C6:0C:06:A1:55:93:CE:FF
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019E74E6DD5FEB298F77E888A539529E9B19
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Xul65fBb8ugTuYZrxgwGoVWTzv8.roa
Signing time:             Fri 29 May 2026 18:02:27 +0000
ROA not before:           Fri 29 May 2026 18:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63286
IP address blocks:        5.175.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:e6:dd:5f:eb:29:8f:77:e8:88:a5:39:52:9e:9b:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 29 18:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ee97ae5f05bf2e813b9866bc60c06a15593ceff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:51:75:d3:dd:5c:f1:e1:03:4a:f5:1a:96:36:
                    17:79:46:3c:d3:0b:1a:0c:d4:39:81:cb:37:31:58:
                    1b:21:3d:90:f3:e3:49:cb:f1:9e:d0:4c:8f:f9:d0:
                    4e:26:81:7d:bb:4e:7b:55:2c:e6:0d:21:68:2a:2d:
                    13:a9:1e:05:fa:db:69:ae:e5:30:d1:96:77:a9:51:
                    9e:91:ec:fe:55:bf:4a:9f:23:91:f7:be:20:37:79:
                    ab:be:d0:74:fd:02:57:fa:fc:35:53:5c:4b:8a:7b:
                    07:c7:34:1d:62:90:16:94:a3:04:1d:d8:ac:b4:9b:
                    67:d9:a5:f2:e3:b0:a9:4f:99:96:d8:12:21:8f:f3:
                    3e:b4:e9:eb:5d:7e:76:83:85:2b:6f:9c:9a:31:07:
                    63:84:1d:89:48:fa:2a:71:64:a5:ee:7e:fb:98:f0:
                    46:0d:92:32:90:69:99:68:1e:cb:d8:90:0a:60:0c:
                    be:c4:99:91:6c:2e:7d:4d:3c:f9:a4:b1:52:ae:d8:
                    58:db:6d:cf:95:cd:30:58:dd:c3:15:4a:0c:13:24:
                    68:b9:dd:5d:9e:ae:20:66:b8:61:27:f9:a0:ee:db:
                    b5:7d:e6:a0:49:62:e8:6c:81:9f:50:cd:d0:d4:ab:
                    af:d8:d4:26:a7:e2:fa:c3:ab:17:97:ac:cd:85:b9:
                    c5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E9:7A:E5:F0:5B:F2:E8:13:B9:86:6B:C6:0C:06:A1:55:93:CE:FF
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Xul65fBb8ugTuYZrxgwGoVWTzv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:77:43:da:16:95:f9:b4:ce:97:85:61:33:20:3b:07:72:64:
         66:28:6b:38:12:c9:42:8c:cd:40:9b:ef:cc:d9:38:6a:1a:8e:
         b5:8c:c8:42:fc:c6:a8:a7:34:8c:19:91:44:d1:5d:39:03:3c:
         a0:94:72:8d:2a:78:d2:eb:c6:93:dd:7f:36:60:2a:a3:3c:f8:
         c7:c1:bd:f3:5f:22:1b:00:69:41:7b:71:dc:5e:d2:51:da:67:
         5a:11:e1:da:98:e4:d6:9b:40:24:83:af:b6:02:29:11:87:09:
         ce:cd:d6:b6:8e:e0:78:0e:8f:0c:32:66:6f:2e:e1:88:64:d1:
         65:2c:cb:18:f6:3c:79:f3:4c:f4:14:f3:f6:d0:7f:30:35:a6:
         08:09:77:2f:74:0e:43:8b:5e:d7:67:d5:60:d1:62:54:a3:63:
         78:76:2c:58:d0:00:15:e4:3e:9d:ae:82:42:70:f9:33:ad:af:
         2f:5c:66:8d:04:40:6a:d2:63:fe:cf:bf:50:bf:4d:cc:55:92:
         2f:db:2a:3b:45:92:bd:a7:45:7d:a7:95:79:0d:1a:83:39:9b:
         dc:ed:d4:85:ee:f2:bd:29:b3:a2:80:6d:16:f8:3d:e0:cb:be:
         85:26:f0:03:d4:64:1a:f1:12:11:68:5f:26:19:b9:93:5a:f7:
         57:26:b3:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ505t1f6ymPd+iIpTlSnpsZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNTI5MTgwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWU5N2FlNWYwNWJmMmU4MTNiOTg2NmJjNjBjMDZhMTU1OTNjZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslF1091c8eEDSvUaljYXeUY80wsa
DNQ5gcs3MVgbIT2Q8+NJy/Ge0EyP+dBOJoF9u057VSzmDSFoKi0TqR4F+ttpruUw
0ZZ3qVGekez+Vb9KnyOR974gN3mrvtB0/QJX+vw1U1xLinsHxzQdYpAWlKMEHdis
tJtn2aXy47CpT5mW2BIhj/M+tOnrXX52g4Urb5yaMQdjhB2JSPoqcWSl7n77mPBG
DZIykGmZaB7L2JAKYAy+xJmRbC59TTz5pLFSrthY223Plc0wWN3DFUoMEyRoud1d
nq4gZrhhJ/mg7tu1feagSWLobIGfUM3Q1Kuv2NQmp+L6w6sXl6zNhbnFhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7peuXwW/LoE7mGa8YMBqFVk87/MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWHVsNjVmQmI4dWdUdVlacnhnd0dvVldUenY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/fMA0G
CSqGSIb3DQEBCwUAA4IBAQDDd0PaFpX5tM6XhWEzIDsHcmRmKGs4EslCjM1Am+/M
2ThqGo61jMhC/MaopzSMGZFE0V05AzyglHKNKnjS68aT3X82YCqjPPjHwb3zXyIb
AGlBe3HcXtJR2mdaEeHamOTWm0Akg6+2AikRhwnOzda2juB4Do8MMmZvLuGIZNFl
LMsY9jx580z0FPP20H8wNaYICXcvdA5Di17XZ9Vg0WJUo2N4dixY0AAV5D6droJC
cPkzra8vXGaNBEBq0mP+z79Qv03MVZIv2yo7RZK9p0V9p5V5DRqDOZvc7dSF7vK9
KbOigG0W+D3gy76FJvAD1GQa8RIRaF8mGbmTWvdXJrN1
-----END CERTIFICATE-----