Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3XchVpU91Oiw8spEm22T6B0DK1Y.roa
File:                     3XchVpU91Oiw8spEm22T6B0DK1Y.roa (raw, json)
Hash identifier:          Ic+tJ4E5aa/pghZSPjuJ0e3OFtohoTA5lu+bVf6PXjA=
Subject key identifier:   DD:77:21:56:95:3D:D4:E8:B0:F2:CA:44:9B:6D:93:E8:1D:03:2B:56
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D56AACBF87949878F1D522C1FEBA2B993
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3XchVpU91Oiw8spEm22T6B0DK1Y.roa
Signing time:             Sat 04 Apr 2026 04:05:27 +0000
ROA not before:           Sat 04 Apr 2026 04:05:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211780
IP address blocks:        5.231.26.0/24 maxlen: 24
                          5.231.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:56:aa:cb:f8:79:49:87:8f:1d:52:2c:1f:eb:a2:b9:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  4 04:05:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd772156953dd4e8b0f2ca449b6d93e81d032b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:6d:f0:6f:47:14:ee:ee:b1:fa:24:f7:8e:d7:
                    c6:41:dc:34:1e:25:5f:05:30:cd:7c:43:c0:b5:fa:
                    25:8a:f6:67:f4:33:83:70:7e:18:4e:3a:0c:30:55:
                    a5:fd:8e:3a:e9:a6:e1:00:2c:90:d3:37:82:bb:91:
                    5c:3e:e2:59:8f:ab:1b:e1:5f:d8:9b:c3:03:2b:64:
                    06:7f:6c:9c:8d:61:fa:9c:3c:01:5c:6e:a3:07:c1:
                    4b:77:ec:51:7b:f0:8a:54:52:e1:90:cc:ee:1d:64:
                    38:4a:97:26:f3:d5:b4:5f:a9:a2:9a:95:cf:fc:31:
                    bb:d4:7f:b9:e6:3e:5b:95:89:01:3a:58:b9:c4:8c:
                    90:f3:59:51:d5:51:1c:26:a6:4d:c6:d2:79:c7:55:
                    0c:bf:41:c2:c9:c1:81:2c:3f:77:f5:3b:0f:af:18:
                    18:ad:b6:de:0c:ec:cb:3b:ba:de:d4:61:7d:a0:34:
                    13:41:da:1e:7a:69:54:55:67:e4:a1:92:cf:28:df:
                    7a:2b:4e:e4:96:ad:cf:79:e3:9f:ca:d9:44:ba:a4:
                    2b:b1:91:d3:c3:e7:aa:c5:b2:02:87:38:14:4f:83:
                    03:e5:c7:ea:3d:09:61:a9:c8:f2:f3:37:ba:91:ca:
                    1e:b0:1e:d2:ed:6f:25:89:48:ab:b0:35:ef:01:06:
                    71:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:77:21:56:95:3D:D4:E8:B0:F2:CA:44:9B:6D:93:E8:1D:03:2B:56
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3XchVpU91Oiw8spEm22T6B0DK1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.26.0/24
                  5.231.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:c6:4a:2f:e0:3b:d0:a7:25:4e:39:1a:b2:fe:08:5a:e8:0d:
         4f:98:d0:da:61:0f:e5:8e:d2:a8:59:6b:8b:d2:ef:9d:8c:ef:
         43:0b:ce:12:29:85:ea:1a:e4:14:a7:af:d1:89:82:34:b4:ff:
         8a:d9:75:35:e4:b5:4f:15:35:39:59:78:13:34:de:1c:1a:bb:
         f8:bb:f0:a7:cf:b6:b9:f3:9e:48:94:a6:41:56:05:60:d7:ce:
         d7:af:ef:4d:3e:ee:ff:5a:fd:98:e2:dc:fd:84:76:13:12:2a:
         4f:05:d6:65:05:93:4f:6c:4e:9f:56:a9:5a:b5:e8:dd:36:6f:
         a0:b6:04:37:09:89:31:90:03:4f:77:b4:72:91:10:47:c0:7c:
         5e:fd:db:53:eb:e5:d2:d2:15:c0:52:77:1e:c1:35:ee:dc:be:
         4a:7e:63:6e:bb:b3:96:8c:15:ba:d8:08:06:f1:70:a0:97:a0:
         5e:82:b3:31:03:83:73:93:63:72:a0:54:05:03:a4:09:9e:4f:
         5a:09:b9:3b:61:e4:70:13:29:d0:c1:0b:4d:47:66:1f:13:fe:
         30:0c:a3:8b:c1:ae:a5:a8:fb:b9:1d:8f:e8:62:29:05:c4:e2:
         c4:5f:fe:5d:00:ce:c1:db:0b:26:d9:5e:45:e3:07:f5:6a:19:
         c1:33:ee:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1Wqsv4eUmHjx1SLB/rormTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDA0MDQwNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDc3MjE1Njk1M2RkNGU4YjBmMmNhNDQ5YjZkOTNlODFkMDMyYjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4W3wb0cU7u6x+iT3jtfGQdw0HiVf
BTDNfEPAtfolivZn9DODcH4YTjoMMFWl/Y466abhACyQ0zeCu5FcPuJZj6sb4V/Y
m8MDK2QGf2ycjWH6nDwBXG6jB8FLd+xRe/CKVFLhkMzuHWQ4Spcm89W0X6mimpXP
/DG71H+55j5blYkBOli5xIyQ81lR1VEcJqZNxtJ5x1UMv0HCycGBLD939TsPrxgY
rbbeDOzLO7re1GF9oDQTQdoeemlUVWfkoZLPKN96K07klq3PeeOfytlEuqQrsZHT
w+eqxbIChzgUT4MD5cfqPQlhqcjy8ze6kcoesB7S7W8liUirsDXvAQZxJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN13IVaVPdTosPLKRJttk+gdAytWMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvM1hjaFZwVTkxT2l3OHNwRW0yMlQ2QjBESzFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABecaAwQA
BedzMA0GCSqGSIb3DQEBCwUAA4IBAQC6xkov4DvQpyVOORqy/gha6A1PmNDaYQ/l
jtKoWWuL0u+djO9DC84SKYXqGuQUp6/RiYI0tP+K2XU15LVPFTU5WXgTNN4cGrv4
u/Cnz7a5855IlKZBVgVg187Xr+9NPu7/Wv2Y4tz9hHYTEipPBdZlBZNPbE6fVqla
tejdNm+gtgQ3CYkxkANPd7RykRBHwHxe/dtT6+XS0hXAUncewTXu3L5KfmNuu7OW
jBW62AgG8XCgl6BegrMxA4Nzk2NyoFQFA6QJnk9aCbk7YeRwEynQwQtNR2YfE/4w
DKOLwa6lqPu5HY/oYikFxOLEX/5dAM7B2wsm2V5F4wf1ahnBM+4h
-----END CERTIFICATE-----