Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hMI_MSwQIH4yKpKMXfNqFzfyMZI.roa
File:                     hMI_MSwQIH4yKpKMXfNqFzfyMZI.roa (raw, json)
Hash identifier:          CwDgeM6uTsIS89uwXuFYAxclYaVaep0TQeLab8+p+2c=
Subject key identifier:   84:C2:3F:31:2C:10:20:7E:32:2A:92:8C:5D:F3:6A:17:37:F2:31:92
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019E1FE144E8D8B4A1395CB2954BA434E503
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hMI_MSwQIH4yKpKMXfNqFzfyMZI.roa
Signing time:             Wed 13 May 2026 05:48:37 +0000
ROA not before:           Wed 13 May 2026 05:48:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30823
IP address blocks:        5.175.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1f:e1:44:e8:d8:b4:a1:39:5c:b2:95:4b:a4:34:e5:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 13 05:48:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84c23f312c10207e322a928c5df36a1737f23192
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ba:25:e9:77:d4:2c:80:8b:97:aa:8c:23:3b:
                    78:0f:07:2b:17:f1:93:ba:c0:d5:46:d1:44:a7:14:
                    9a:f1:f2:ea:1e:91:f0:c1:09:cf:69:8f:02:4f:e5:
                    24:e9:54:c4:e1:80:c6:1a:49:65:8c:7f:2d:18:d5:
                    3f:00:e9:67:df:72:d4:d2:78:66:78:a2:a5:2b:ec:
                    45:76:c7:01:fa:e9:16:7f:51:90:11:53:1a:7a:82:
                    64:40:2a:9c:aa:4e:21:24:4f:bf:37:98:7f:8f:7f:
                    e1:4f:5f:b3:91:59:7a:1c:56:86:bc:4b:1d:8a:4c:
                    05:3a:4c:ea:21:1d:70:f3:d4:cf:3d:d5:10:2a:39:
                    df:9d:37:86:a4:ae:38:8e:da:e1:7c:30:21:45:21:
                    ee:96:a4:bc:91:7e:66:a1:d5:98:34:28:35:eb:e3:
                    22:c2:fc:6d:22:54:e2:bd:cf:72:a8:28:1f:f9:a8:
                    bb:88:a3:6e:74:69:4a:c7:54:a3:c9:06:51:fb:77:
                    31:42:ae:1c:66:fa:c6:d0:7b:fc:67:a6:5e:29:42:
                    eb:76:94:e3:df:16:a5:99:18:15:cb:c1:f1:d8:c6:
                    70:d5:92:59:fe:14:33:3d:68:66:e6:2d:a7:01:8d:
                    3c:3e:d7:b9:ce:5d:0a:06:61:08:40:c2:ad:e1:bc:
                    fc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C2:3F:31:2C:10:20:7E:32:2A:92:8C:5D:F3:6A:17:37:F2:31:92
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hMI_MSwQIH4yKpKMXfNqFzfyMZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:fc:73:57:10:c1:e4:40:31:55:d5:02:5f:1e:70:43:61:86:
         2a:b9:c6:9c:c5:f1:18:45:c5:e6:6e:eb:6e:f2:9e:19:b9:d9:
         09:e9:fa:38:65:f2:e6:30:b4:db:7a:d7:9a:26:f0:40:bf:6a:
         dd:dd:26:32:b2:ea:6c:0a:63:54:a5:b0:ce:df:e2:ea:11:ba:
         68:27:db:3b:c5:7d:32:b9:5e:2e:98:4a:38:79:d0:88:d9:b7:
         ac:f3:ef:bd:70:46:40:d4:19:61:58:dd:46:45:7b:1f:0c:5a:
         e9:b4:82:59:ed:b8:7f:2c:f7:a4:35:7e:6f:a3:bb:18:d1:4e:
         95:c4:76:b4:dd:78:ce:24:5b:ec:4c:ca:a9:62:e1:9d:ff:14:
         b0:d8:7a:e0:bb:c7:ab:aa:fc:9b:e8:56:31:1b:91:f7:c0:6e:
         11:e9:d4:37:c6:2c:00:76:17:39:31:bc:1b:2c:66:97:67:5d:
         e9:cd:c8:89:d0:cd:8d:6b:79:81:1f:d0:60:06:f8:8c:88:bb:
         dd:c6:55:c8:c4:90:13:17:5d:07:39:08:f7:1d:81:4f:4d:f6:
         b5:e1:3d:53:2d:d2:63:eb:ea:66:67:d6:44:89:a6:58:f8:b3:
         79:9e:4c:76:7f:01:20:ac:e6:c2:fd:c4:e7:b9:ff:84:7c:b7:
         b7:12:3b:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4f4UTo2LShOVyylUukNOUDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNTEzMDU0ODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGMyM2YzMTJjMTAyMDdlMzIyYTkyOGM1ZGYzNmExNzM3ZjIzMTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7ol6XfULICLl6qMIzt4DwcrF/GT
usDVRtFEpxSa8fLqHpHwwQnPaY8CT+Uk6VTE4YDGGklljH8tGNU/AOln33LU0nhm
eKKlK+xFdscB+ukWf1GQEVMaeoJkQCqcqk4hJE+/N5h/j3/hT1+zkVl6HFaGvEsd
ikwFOkzqIR1w89TPPdUQKjnfnTeGpK44jtrhfDAhRSHulqS8kX5modWYNCg16+Mi
wvxtIlTivc9yqCgf+ai7iKNudGlKx1SjyQZR+3cxQq4cZvrG0Hv8Z6ZeKULrdpTj
3xalmRgVy8Hx2MZw1ZJZ/hQzPWhm5i2nAY08Pte5zl0KBmEIQMKt4bz8wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITCPzEsECB+MiqSjF3zahc38jGSMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvaE1JX01Td1FJSDR5S3BLTVhmTnFGemZ5TVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa+gMA0G
CSqGSIb3DQEBCwUAA4IBAQC3/HNXEMHkQDFV1QJfHnBDYYYqucacxfEYRcXmbutu
8p4ZudkJ6fo4ZfLmMLTbeteaJvBAv2rd3SYysupsCmNUpbDO3+LqEbpoJ9s7xX0y
uV4umEo4edCI2bes8++9cEZA1BlhWN1GRXsfDFrptIJZ7bh/LPekNX5vo7sY0U6V
xHa03XjOJFvsTMqpYuGd/xSw2Hrgu8erqvyb6FYxG5H3wG4R6dQ3xiwAdhc5Mbwb
LGaXZ13pzciJ0M2Na3mBH9BgBviMiLvdxlXIxJATF10HOQj3HYFPTfa14T1TLdJj
6+pmZ9ZEiaZY+LN5nkx2fwEgrObC/cTnuf+EfLe3Ejsa
-----END CERTIFICATE-----