Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/fT9ErlKNXEPmOcoW1KQGp03y7vQ.roa
File:                     fT9ErlKNXEPmOcoW1KQGp03y7vQ.roa (raw, json)
Hash identifier:          eVk5rgeJs70B8OpO2yHeQHrgXiU68RN+ehS9sPFkML4=
Subject key identifier:   7D:3F:44:AE:52:8D:5C:43:E6:39:CA:16:D4:A4:06:A7:4D:F2:EE:F4
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D57FF5E73D49F878DF134A8C124DDBE31
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/fT9ErlKNXEPmOcoW1KQGp03y7vQ.roa
Signing time:             Sat 04 Apr 2026 10:17:26 +0000
ROA not before:           Sat 04 Apr 2026 10:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209155
IP address blocks:        5.175.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:57:ff:5e:73:d4:9f:87:8d:f1:34:a8:c1:24:dd:be:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  4 10:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d3f44ae528d5c43e639ca16d4a406a74df2eef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b8:b9:d2:52:95:88:ac:9e:e9:f9:28:76:85:
                    f7:19:32:f4:e2:b8:be:9b:89:24:dd:fc:b3:fc:1a:
                    7c:51:cd:a0:f2:d5:f2:69:24:5d:5d:28:74:ba:db:
                    f2:14:24:f7:95:1a:bd:70:57:28:7e:e2:50:26:67:
                    66:39:18:1f:32:7e:f6:a3:65:76:08:31:e7:9a:17:
                    7a:23:18:d7:64:78:d0:47:f6:25:ed:f4:a7:48:62:
                    8e:ef:52:12:d4:1f:12:ce:94:49:64:4a:a3:5f:fd:
                    b8:bc:81:da:de:7c:95:96:80:08:92:d0:0c:7d:4b:
                    fc:b9:f1:9a:93:3c:b9:70:a8:0e:ca:3b:c0:df:b0:
                    24:87:97:2f:3f:b8:9a:a9:0d:c6:ae:83:d8:32:bf:
                    6b:41:56:90:2d:b7:01:e2:1c:f2:17:d2:50:d9:f4:
                    33:e9:86:cb:a6:d7:56:a1:ba:b0:89:1c:63:a8:9b:
                    14:d6:67:5f:3b:fe:78:59:5e:e4:c2:94:7c:5e:60:
                    d5:bc:ee:fa:ac:7a:15:d5:2c:51:2e:34:a8:14:3e:
                    f2:40:b9:4d:c4:8d:11:aa:9a:55:0c:fc:d4:5b:89:
                    e6:5e:b2:f1:58:e8:18:af:cb:2f:ba:0d:3a:70:d8:
                    04:c8:fc:71:57:9c:56:69:8d:bb:f9:33:19:38:23:
                    df:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:3F:44:AE:52:8D:5C:43:E6:39:CA:16:D4:A4:06:A7:4D:F2:EE:F4
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/fT9ErlKNXEPmOcoW1KQGp03y7vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:ee:c9:3a:2a:9b:51:41:b2:83:cb:75:15:55:49:78:6a:c5:
         7a:99:fc:5f:6a:12:01:c3:84:6f:3c:be:55:77:a7:29:3c:2e:
         ca:e2:fe:94:27:a7:c2:5b:45:72:06:15:23:79:7e:98:eb:f0:
         f4:00:b0:2b:4f:04:d7:b0:c7:2c:b3:a6:5f:42:b2:6e:f2:f7:
         35:07:9c:56:1e:c2:cf:3e:28:a7:69:8f:a0:47:78:00:b2:fb:
         77:98:06:d2:3b:09:4d:31:79:ae:52:9c:6b:4e:4d:07:db:00:
         61:18:fe:69:0b:98:3a:69:e8:3a:c5:0c:e6:62:9b:da:98:37:
         3e:48:8e:95:33:a2:7a:2a:ee:44:ac:66:dd:4f:7f:28:be:00:
         6e:a3:a6:34:2c:40:ab:f0:16:24:a5:95:71:0d:6f:2f:00:6d:
         31:7e:20:dd:c3:4a:06:5d:79:c9:51:c4:80:4b:e4:0d:6f:39:
         90:3f:fa:8a:dc:2a:24:e9:fe:99:68:af:17:04:3b:34:4c:ed:
         70:23:9d:72:de:a6:91:c2:b5:34:12:4c:65:2c:f0:1d:c1:c5:
         9a:f4:f7:55:2d:0e:ab:db:d9:91:47:cd:41:b3:9e:88:08:a5:
         67:4b:f8:d7:13:6c:c3:65:a7:b0:73:7b:65:8d:22:a6:66:34:
         0a:e7:c4:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1X/15z1J+HjfE0qMEk3b4xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDA0MTAxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDNmNDRhZTUyOGQ1YzQzZTYzOWNhMTZkNGE0MDZhNzRkZjJlZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Li50lKViKye6fkodoX3GTL04ri+
m4kk3fyz/Bp8Uc2g8tXyaSRdXSh0utvyFCT3lRq9cFcofuJQJmdmORgfMn72o2V2
CDHnmhd6IxjXZHjQR/Yl7fSnSGKO71IS1B8SzpRJZEqjX/24vIHa3nyVloAIktAM
fUv8ufGakzy5cKgOyjvA37Akh5cvP7iaqQ3GroPYMr9rQVaQLbcB4hzyF9JQ2fQz
6YbLptdWobqwiRxjqJsU1mdfO/54WV7kwpR8XmDVvO76rHoV1SxRLjSoFD7yQLlN
xI0RqppVDPzUW4nmXrLxWOgYr8svug06cNgEyPxxV5xWaY27+TMZOCPfawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0/RK5SjVxD5jnKFtSkBqdN8u70MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvZlQ5RXJsS05YRVBtT2NvVzFLUUdwMDN5N3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa+PMA0G
CSqGSIb3DQEBCwUAA4IBAQCn7sk6KptRQbKDy3UVVUl4asV6mfxfahIBw4RvPL5V
d6cpPC7K4v6UJ6fCW0VyBhUjeX6Y6/D0ALArTwTXsMcss6ZfQrJu8vc1B5xWHsLP
PiinaY+gR3gAsvt3mAbSOwlNMXmuUpxrTk0H2wBhGP5pC5g6aeg6xQzmYpvamDc+
SI6VM6J6Ku5ErGbdT38ovgBuo6Y0LECr8BYkpZVxDW8vAG0xfiDdw0oGXXnJUcSA
S+QNbzmQP/qK3Cok6f6ZaK8XBDs0TO1wI51y3qaRwrU0EkxlLPAdwcWa9PdVLQ6r
29mRR81Bs56ICKVnS/jXE2zDZaewc3tljSKmZjQK58QT
-----END CERTIFICATE-----