Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/FXmpFJ-Z185CZ8-DhSi1EXi5GOo.roa
File:                     FXmpFJ-Z185CZ8-DhSi1EXi5GOo.roa (raw, json)
Hash identifier:          hDQCJVYt3yGRztXkT++GOnE2y0gIj/EtSada63Hzyy8=
Subject key identifier:   15:79:A9:14:9F:99:D7:CE:42:67:CF:83:85:28:B5:11:78:B9:18:EA
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D4666D81B9E38AE8D7762417FFC1E2287
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/FXmpFJ-Z185CZ8-DhSi1EXi5GOo.roa
Signing time:             Wed 01 Apr 2026 00:17:18 +0000
ROA not before:           Wed 01 Apr 2026 00:17:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200677
IP address blocks:        5.175.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:46:66:d8:1b:9e:38:ae:8d:77:62:41:7f:fc:1e:22:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  1 00:17:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1579a9149f99d7ce4267cf838528b51178b918ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:49:58:d8:84:c6:5c:53:9b:d2:b6:b3:e3:27:
                    71:a9:96:15:96:71:43:b2:3d:e2:14:28:27:3a:a6:
                    4a:41:ce:a6:e2:5b:64:38:f8:40:9c:00:8b:07:b5:
                    f0:30:02:59:e6:7f:7b:4e:d6:68:ee:64:11:4a:16:
                    4d:7e:e8:87:bb:6a:63:9f:15:13:b4:9c:b1:b9:c7:
                    30:d4:c8:14:17:96:a9:2b:e1:8c:2f:16:8c:e8:a3:
                    57:33:b8:33:a0:4a:a0:45:84:d9:49:fe:03:67:7e:
                    42:d3:72:9d:54:7e:bf:06:25:d8:b9:e0:6c:7f:ad:
                    41:12:5f:76:19:1e:15:01:13:1e:79:55:b5:78:b2:
                    d7:d0:60:fa:72:65:8b:f0:f8:af:d3:f6:98:18:92:
                    4f:e2:0f:3c:b9:65:e4:fd:6c:af:c4:b9:ed:ca:5a:
                    49:5a:62:10:11:c8:e3:f9:a5:9a:af:67:4f:45:bd:
                    dd:9c:25:d3:e0:be:40:3c:58:a5:72:e9:cb:8a:02:
                    c2:ed:86:26:02:b9:f4:6c:93:1a:8c:23:5d:f1:4d:
                    cc:22:4a:d6:d2:fe:d3:af:82:78:d2:ba:74:18:77:
                    6a:0a:74:21:79:c4:a2:b3:5c:5a:f6:97:8c:02:16:
                    bd:75:28:2c:f4:27:37:38:3e:d0:c7:13:5d:82:95:
                    67:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:79:A9:14:9F:99:D7:CE:42:67:CF:83:85:28:B5:11:78:B9:18:EA
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/FXmpFJ-Z185CZ8-DhSi1EXi5GOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e8:59:16:5c:64:4c:fa:5a:45:5e:54:dc:12:cc:a4:17:1c:58:
         8e:ad:0e:bc:fb:ea:dc:52:41:1e:50:05:d0:c7:2c:c1:3f:72:
         30:70:e5:2d:31:19:54:c8:8c:2e:bc:83:01:3c:0b:50:77:0f:
         22:4c:a1:98:0f:c7:d8:fc:0c:b1:65:d6:eb:46:42:25:53:04:
         39:4e:5f:7a:b0:4b:49:72:da:9d:c4:7e:9b:9d:02:a0:b8:d9:
         cc:32:37:78:ea:08:2b:90:8b:4a:ce:6c:60:77:fe:93:be:8a:
         e1:a5:c2:14:2f:c1:ad:cc:59:72:c4:d8:02:3b:87:95:a3:b8:
         fc:96:f3:57:d6:28:f4:2e:a1:77:34:fd:83:2b:00:78:71:54:
         82:a1:4e:3e:cd:d7:06:a7:9d:6d:90:88:f0:07:05:16:86:d6:
         ab:a8:a3:20:1f:c3:e2:3a:3a:a2:79:9c:40:43:b8:6d:28:c7:
         34:2e:8f:a6:38:05:10:5c:68:86:23:a3:e1:27:9d:b9:5a:e0:
         cc:87:88:f5:5b:5d:35:de:49:17:89:0c:f0:51:0a:09:d8:98:
         41:0e:b3:cb:4f:e5:04:6c:34:08:f0:37:d8:a9:e3:27:6c:80:
         d4:7c:60:64:a5:91:57:aa:2a:5a:35:8f:59:c6:5b:55:13:df:
         77:b9:0d:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1GZtgbnjiujXdiQX/8HiKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDAxMDAxNzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc5YTkxNDlmOTlkN2NlNDI2N2NmODM4NTI4YjUxMTc4YjkxOGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ElY2ITGXFOb0raz4ydxqZYVlnFD
sj3iFCgnOqZKQc6m4ltkOPhAnACLB7XwMAJZ5n97TtZo7mQRShZNfuiHu2pjnxUT
tJyxuccw1MgUF5apK+GMLxaM6KNXM7gzoEqgRYTZSf4DZ35C03KdVH6/BiXYueBs
f61BEl92GR4VARMeeVW1eLLX0GD6cmWL8Piv0/aYGJJP4g88uWXk/WyvxLntylpJ
WmIQEcjj+aWar2dPRb3dnCXT4L5APFilcunLigLC7YYmArn0bJMajCNd8U3MIkrW
0v7Tr4J40rp0GHdqCnQhecSis1xa9peMAha9dSgs9Cc3OD7QxxNdgpVn/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBV5qRSfmdfOQmfPg4UotRF4uRjqMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvRlhtcEZKLVoxODVDWjgtRGhTaTFFWGk1R09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa+EMA0G
CSqGSIb3DQEBCwUAA4IBAQDoWRZcZEz6WkVeVNwSzKQXHFiOrQ68++rcUkEeUAXQ
xyzBP3IwcOUtMRlUyIwuvIMBPAtQdw8iTKGYD8fY/AyxZdbrRkIlUwQ5Tl96sEtJ
ctqdxH6bnQKguNnMMjd46ggrkItKzmxgd/6TvorhpcIUL8GtzFlyxNgCO4eVo7j8
lvNX1ij0LqF3NP2DKwB4cVSCoU4+zdcGp51tkIjwBwUWhtarqKMgH8PiOjqieZxA
Q7htKMc0Lo+mOAUQXGiGI6PhJ525WuDMh4j1W1013kkXiQzwUQoJ2JhBDrPLT+UE
bDQI8DfYqeMnbIDUfGBkpZFXqipaNY9ZxltVE993uQ1V
-----END CERTIFICATE-----