Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kpFG6NzoDxn1A3yHyKDXdTDhZL0.roa
File:                     kpFG6NzoDxn1A3yHyKDXdTDhZL0.roa (raw, json)
Hash identifier:          tbadgtmHySoBUpDlwy9UoFU40RYos9tZ28kt8fmauqI=
Subject key identifier:   92:91:46:E8:DC:E8:0F:19:F5:03:7C:87:C8:A0:D7:75:30:E1:64:BD
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019DBA3CE9443A96E4DAF620621FE77EB864
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kpFG6NzoDxn1A3yHyKDXdTDhZL0.roa
Signing time:             Thu 23 Apr 2026 12:07:27 +0000
ROA not before:           Thu 23 Apr 2026 12:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200051
IP address blocks:        5.230.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:57:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:3c:e9:44:3a:96:e4:da:f6:20:62:1f:e7:7e:b8:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 23 12:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=929146e8dce80f19f5037c87c8a0d77530e164bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:36:a6:11:7c:bd:53:ad:2a:88:b8:18:14:a7:
                    6f:c4:ba:41:c4:87:01:cb:6b:77:78:13:ae:b1:8a:
                    a6:43:53:ed:65:b7:56:f0:79:8e:6e:a0:1c:0b:22:
                    f9:a2:55:2d:58:19:5f:83:d7:d1:8b:11:7f:72:2c:
                    9a:cd:eb:43:56:99:0a:fa:44:12:51:0e:0c:55:3b:
                    9b:12:d2:22:12:f4:63:b3:52:cc:6a:ce:02:15:ea:
                    fe:67:f1:ea:04:76:89:26:14:b4:d1:69:0c:70:c7:
                    1f:0d:4e:5a:50:ac:f8:d8:ef:76:71:77:88:6f:19:
                    f2:bf:66:5d:65:29:39:26:f8:d1:70:47:75:a4:0f:
                    00:6e:9d:e2:97:90:40:b4:29:40:76:10:85:41:56:
                    dc:c1:ee:1d:14:7b:08:b8:2c:fd:fa:96:47:bf:3f:
                    5c:ac:96:0c:ab:27:22:91:ee:f8:cd:2a:2e:dc:e9:
                    3b:a9:4c:0b:66:8f:01:e5:ca:0d:ef:e5:03:7d:51:
                    bb:ae:3a:8a:45:72:f3:ee:66:b2:6f:3c:8a:40:d1:
                    a4:f8:0e:53:43:d8:b6:3f:7e:16:d3:52:cc:a6:d0:
                    a4:f0:5d:bb:04:a9:35:8b:e6:c7:47:db:4e:ba:2b:
                    12:27:64:ad:ba:42:b9:db:55:f5:ea:04:fd:af:eb:
                    88:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:91:46:E8:DC:E8:0F:19:F5:03:7C:87:C8:A0:D7:75:30:E1:64:BD
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kpFG6NzoDxn1A3yHyKDXdTDhZL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.230.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:bb:02:c0:1c:85:83:a2:b6:39:82:62:c0:15:73:c0:ae:91:
         b7:e4:87:d9:1f:65:a6:5b:24:cb:73:86:51:4c:37:8c:6a:3f:
         2c:16:1c:9f:8f:c1:c7:38:5f:67:41:79:24:88:20:84:73:24:
         99:8b:4b:88:74:42:94:be:2b:28:97:78:48:29:32:4f:2e:5d:
         6c:c8:4a:69:bc:f3:73:2e:c9:d6:97:33:a1:22:1d:bd:37:c4:
         48:a6:e4:6c:92:4f:7e:af:e3:c5:a0:44:6d:8e:f1:fd:c9:cc:
         c0:dc:e9:b9:44:65:53:46:7f:df:73:6a:12:33:02:b3:8a:7f:
         43:31:15:26:e7:7c:cf:74:8a:cf:f2:93:c8:bb:bd:d3:7d:18:
         b1:43:16:38:11:1f:09:a5:14:90:cc:e6:43:a7:7c:92:fa:08:
         ff:ca:66:dd:f8:aa:73:1d:b7:8b:9d:4e:fc:8e:0c:44:99:16:
         57:59:07:d8:e7:04:10:a0:80:6b:06:bd:4d:3f:b9:e8:e8:8d:
         51:ea:75:98:bd:78:0a:f8:48:0c:98:9b:43:4f:d8:03:1e:38:
         5a:9c:c7:25:69:4b:2b:0c:d7:9b:b8:a2:08:37:19:da:fe:72:
         74:58:8d:41:88:11:74:2c:1b:56:dc:0e:21:34:5d:8c:f9:40:
         a4:c2:7f:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ26POlEOpbk2vYgYh/nfrhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDIzMTIwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjkxNDZlOGRjZTgwZjE5ZjUwMzdjODdjOGEwZDc3NTMwZTE2NGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDamEXy9U60qiLgYFKdvxLpBxIcB
y2t3eBOusYqmQ1PtZbdW8HmObqAcCyL5olUtWBlfg9fRixF/ciyazetDVpkK+kQS
UQ4MVTubEtIiEvRjs1LMas4CFer+Z/HqBHaJJhS00WkMcMcfDU5aUKz42O92cXeI
bxnyv2ZdZSk5JvjRcEd1pA8Abp3il5BAtClAdhCFQVbcwe4dFHsIuCz9+pZHvz9c
rJYMqycike74zSou3Ok7qUwLZo8B5coN7+UDfVG7rjqKRXLz7maybzyKQNGk+A5T
Q9i2P34W01LMptCk8F27BKk1i+bHR9tOuisSJ2StukK521X16gT9r+uIUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKRRujc6A8Z9QN8h8ig13Uw4WS9MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEva3BGRzZOem9EeG4xQTN5SHlLRFhkVERoWkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABebJMA0G
CSqGSIb3DQEBCwUAA4IBAQC5uwLAHIWDorY5gmLAFXPArpG35IfZH2WmWyTLc4ZR
TDeMaj8sFhyfj8HHOF9nQXkkiCCEcySZi0uIdEKUvisol3hIKTJPLl1syEppvPNz
LsnWlzOhIh29N8RIpuRskk9+r+PFoERtjvH9yczA3Om5RGVTRn/fc2oSMwKzin9D
MRUm53zPdIrP8pPIu73TfRixQxY4ER8JpRSQzOZDp3yS+gj/ymbd+KpzHbeLnU78
jgxEmRZXWQfY5wQQoIBrBr1NP7no6I1R6nWYvXgK+EgMmJtDT9gDHjhanMclaUsr
DNebuKIINxna/nJ0WI1BiBF0LBtW3A4hNF2M+UCkwn+2
-----END CERTIFICATE-----