Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q6sDLPwfYbKBmiTKZR7nWjDBl6M.roa
File:                     Q6sDLPwfYbKBmiTKZR7nWjDBl6M.roa (raw, json)
Hash identifier:          9ri5AUsq9mmfs8ar/btpTeJUtt5b9SzGGa3i1IYdq24=
Subject key identifier:   43:AB:03:2C:FC:1F:61:B2:81:9A:24:CA:65:1E:E7:5A:30:C1:97:A3
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C9B618E0D1FCB153C6533124520C7B6D2
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q6sDLPwfYbKBmiTKZR7nWjDBl6M.roa
Signing time:             Thu 26 Feb 2026 19:16:27 +0000
ROA not before:           Thu 26 Feb 2026 19:16:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19318
IP address blocks:        5.231.30.0/24 maxlen: 24
                          5.231.41.0/24 maxlen: 24
                          5.231.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9b:61:8e:0d:1f:cb:15:3c:65:33:12:45:20:c7:b6:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 26 19:16:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43ab032cfc1f61b2819a24ca651ee75a30c197a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c4:2b:cc:09:32:6d:fd:1e:bc:2f:2e:bc:af:
                    98:6b:5e:b4:03:4c:83:fb:93:2a:20:2c:cb:0d:6b:
                    61:27:7e:e6:7b:4a:ea:f5:cd:f7:8b:83:91:c6:a4:
                    33:48:d5:82:bc:ff:aa:39:3e:fa:38:55:be:71:cb:
                    2c:b2:69:71:89:d1:21:94:a4:5b:7a:4f:02:cf:b1:
                    9c:9a:09:82:e7:f8:8a:6f:22:9f:5e:ac:ea:3b:dd:
                    35:f5:57:94:be:06:83:f7:81:eb:e6:c4:dc:f3:fb:
                    5e:16:db:6b:d3:c3:75:7e:3a:db:56:58:58:72:bc:
                    b9:aa:9f:8b:df:49:09:28:78:c3:78:c8:13:03:4f:
                    28:68:89:79:6d:26:1d:8e:c8:72:41:c1:a7:05:47:
                    f8:8f:be:c9:eb:3a:5f:bb:52:35:90:6d:db:79:98:
                    30:56:34:c8:50:bb:5d:e2:7f:27:4e:f1:9f:d4:2d:
                    6f:fb:7a:b8:06:69:54:d6:56:4a:ef:e2:b5:4c:00:
                    1f:d0:43:f6:9c:86:2a:c9:a7:2d:57:dc:39:ea:0d:
                    9e:e0:e9:47:99:c2:c6:cf:92:18:58:3f:af:cc:23:
                    99:04:af:b5:25:b6:d5:d9:de:d4:c0:d8:28:92:df:
                    b9:ff:69:b0:48:ff:66:9c:c3:03:58:ab:20:a7:9d:
                    fa:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:AB:03:2C:FC:1F:61:B2:81:9A:24:CA:65:1E:E7:5A:30:C1:97:A3
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q6sDLPwfYbKBmiTKZR7nWjDBl6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.30.0/24
                  5.231.41.0/24
                  5.231.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:0b:eb:5d:f8:0d:c9:7c:ec:2e:48:7c:7f:fc:4e:16:02:ae:
         7c:99:42:13:9f:85:18:8c:9d:16:ae:3b:f6:45:e4:81:c8:be:
         74:b7:c2:0e:09:93:43:57:b1:bb:2f:3d:5e:d7:13:bd:1d:f7:
         72:ee:64:6c:71:14:0a:70:31:cd:97:1e:c1:94:4f:d3:cf:9a:
         62:77:77:c2:c5:df:40:9e:03:a4:e2:e6:cc:9c:8f:b7:7c:5c:
         1f:e9:15:b3:f6:e4:d1:d6:cd:dd:c8:61:69:00:20:2e:84:7b:
         b9:5f:c1:19:5a:23:29:62:64:f8:89:91:0d:74:97:7e:6a:89:
         64:6a:bc:eb:36:3f:d2:e4:a1:b6:83:af:d9:0d:b8:9c:8d:27:
         9a:ad:38:33:fc:95:8e:e2:3f:99:d6:ff:d3:d5:1e:3b:66:c5:
         41:54:fc:41:24:a7:3c:dd:93:6f:4c:be:e2:29:15:64:65:36:
         f4:3e:2f:06:72:a1:06:56:a3:54:ea:73:62:98:69:1c:4c:e7:
         19:fb:40:98:79:5e:98:47:c2:30:20:9b:78:1f:ed:25:39:4a:
         78:7b:5f:52:62:f0:d5:ba:a0:1a:19:26:b0:2b:5b:03:ca:2d:
         b7:19:c6:d7:03:c3:32:80:d4:ac:01:11:3c:94:af:fd:5a:b9:
         61:c7:32:e9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZybYY4NH8sVPGUzEkUgx7bSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjI2MTkxNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2FiMDMyY2ZjMWY2MWIyODE5YTI0Y2E2NTFlZTc1YTMwYzE5N2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMQrzAkybf0evC8uvK+Ya160A0yD
+5MqICzLDWthJ37me0rq9c33i4ORxqQzSNWCvP+qOT76OFW+ccsssmlxidEhlKRb
ek8Cz7GcmgmC5/iKbyKfXqzqO9019VeUvgaD94Hr5sTc8/teFttr08N1fjrbVlhY
cry5qp+L30kJKHjDeMgTA08oaIl5bSYdjshyQcGnBUf4j77J6zpfu1I1kG3beZgw
VjTIULtd4n8nTvGf1C1v+3q4BmlU1lZK7+K1TAAf0EP2nIYqyactV9w56g2e4OlH
mcLGz5IYWD+vzCOZBK+1JbbV2d7UwNgokt+5/2mwSP9mnMMDWKsgp536MQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEOrAyz8H2GygZokymUe51owwZejMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUTZzRExQd2ZZYktCbWlUS1pSN25XakRCbDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABeceAwQA
BecpAwQABefwMA0GCSqGSIb3DQEBCwUAA4IBAQAEC+td+A3JfOwuSHx//E4WAq58
mUITn4UYjJ0Wrjv2ReSByL50t8IOCZNDV7G7Lz1e1xO9Hfdy7mRscRQKcDHNlx7B
lE/Tz5pid3fCxd9AngOk4ubMnI+3fFwf6RWz9uTR1s3dyGFpACAuhHu5X8EZWiMp
YmT4iZENdJd+aolkarzrNj/S5KG2g6/ZDbicjSearTgz/JWO4j+Z1v/T1R47ZsVB
VPxBJKc83ZNvTL7iKRVkZTb0Pi8GcqEGVqNU6nNimGkcTOcZ+0CYeV6YR8IwIJt4
H+0lOUp4e19SYvDVuqAaGSawK1sDyi23GcbXA8MygNSsARE8lK/9WrlhxzLp
-----END CERTIFICATE-----