Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/owjsZBGlcn7QUY1vCptwuKpN3s4.roa
File:                     owjsZBGlcn7QUY1vCptwuKpN3s4.roa (raw, json)
Hash identifier:          NNApk46wdhWGfohnRb4H/jP6aBWncI61pfUQPX3MIdc=
Subject key identifier:   A3:08:EC:64:11:A5:72:7E:D0:51:8D:6F:0A:9B:70:B8:AA:4D:DE:CE
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C1E03CAC93CCF810D0A8FFC8933ACE357
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/owjsZBGlcn7QUY1vCptwuKpN3s4.roa
Signing time:             Mon 02 Feb 2026 11:01:30 +0000
ROA not before:           Mon 02 Feb 2026 11:01:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213493
IP address blocks:        5.175.246.0/24 maxlen: 24
                          5.175.248.0/24 maxlen: 24
                          5.231.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1e:03:ca:c9:3c:cf:81:0d:0a:8f:fc:89:33:ac:e3:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb  2 11:01:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a308ec6411a5727ed0518d6f0a9b70b8aa4ddece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:13:20:cc:c3:be:4b:c8:78:f3:92:ef:c7:98:
                    1e:c5:23:e7:3d:a1:25:b2:2f:e1:6c:7e:40:50:ff:
                    71:6e:6c:45:68:8a:a9:cb:a8:8e:0a:9f:82:67:51:
                    c4:ea:28:83:47:fc:e3:e4:a5:15:a7:89:2d:7e:dc:
                    a2:4f:31:34:16:8f:8f:d5:0b:a7:3d:39:51:28:64:
                    aa:9d:24:c2:01:4e:b0:4f:2a:29:7d:f8:4a:20:eb:
                    b1:f7:6c:d9:13:41:c6:b0:c5:dc:79:a9:e6:8b:90:
                    ec:37:d4:a4:54:ac:ff:84:1f:b0:c0:f4:d4:85:9d:
                    fe:99:d7:d4:c1:9c:fe:17:e7:d4:e2:e1:b8:a2:b2:
                    1a:32:f6:5f:23:c0:4a:6b:97:e9:13:42:e7:d0:d4:
                    86:6f:d5:3e:b7:67:b8:21:1f:db:36:83:0d:df:e1:
                    73:62:1c:1c:5e:73:94:62:8b:aa:83:9a:7b:dd:c3:
                    4d:9e:02:0c:87:21:e4:ff:d6:5a:28:13:8f:f6:82:
                    f2:39:6f:1b:e6:83:6a:04:62:73:5b:c0:f3:15:f9:
                    fd:c9:80:52:e5:f0:78:09:aa:e2:84:11:2b:5d:bf:
                    3d:2b:9f:fa:10:84:fd:58:ee:c5:04:2a:60:a2:df:
                    87:55:f1:84:ac:2f:ef:cd:cc:61:4f:ad:87:58:61:
                    46:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:08:EC:64:11:A5:72:7E:D0:51:8D:6F:0A:9B:70:B8:AA:4D:DE:CE
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/owjsZBGlcn7QUY1vCptwuKpN3s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.246.0/24
                  5.175.248.0/24
                  5.231.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e5:5a:09:4e:25:f5:bd:7d:52:2b:19:fa:af:ec:99:7c:45:93:
         9f:13:1f:50:eb:7c:e5:f4:e8:9d:89:b3:3c:d8:cb:c7:d0:9e:
         d1:80:39:9f:ab:91:85:ce:62:ad:d2:57:1c:69:1a:31:0f:0c:
         b1:75:02:1c:04:9c:a4:bd:52:51:d6:6a:86:69:82:0a:2a:98:
         91:eb:9b:60:4b:e9:fb:1a:65:6f:ed:09:89:40:65:d8:4c:96:
         81:92:85:7d:60:1b:1d:30:2e:3f:24:bb:c1:6c:92:9a:81:05:
         c1:fe:36:46:75:7f:c8:45:1b:48:7a:01:d9:74:8b:62:79:d9:
         43:a5:b9:2b:3f:8b:d0:05:5c:4c:23:b0:97:87:f6:0d:90:be:
         82:52:1a:ee:c8:ed:b3:ad:1c:c5:c8:66:34:89:dd:38:71:d3:
         0a:e2:6b:ee:ab:2d:5d:2f:ed:b6:16:94:00:a4:1e:eb:94:25:
         7f:ec:79:64:31:56:79:a9:1b:f6:34:6d:92:74:7a:a6:54:90:
         40:19:8d:7c:04:cb:93:cf:cb:3f:84:53:94:4f:7e:77:f6:35:
         77:8f:9c:7a:9e:64:24:56:3d:4a:0d:a2:5f:6a:bf:a1:a0:f2:
         46:6b:12:b7:80:e6:89:2b:1b:b4:54:25:3c:09:fe:a4:21:2f:
         9a:73:d7:cc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZweA8rJPM+BDQqP/IkzrONXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjAyMTEwMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzA4ZWM2NDExYTU3MjdlZDA1MThkNmYwYTliNzBiOGFhNGRkZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBMgzMO+S8h485Lvx5gexSPnPaEl
si/hbH5AUP9xbmxFaIqpy6iOCp+CZ1HE6iiDR/zj5KUVp4ktftyiTzE0Fo+P1Qun
PTlRKGSqnSTCAU6wTyopffhKIOux92zZE0HGsMXceanmi5DsN9SkVKz/hB+wwPTU
hZ3+mdfUwZz+F+fU4uG4orIaMvZfI8BKa5fpE0Ln0NSGb9U+t2e4IR/bNoMN3+Fz
YhwcXnOUYouqg5p73cNNngIMhyHk/9ZaKBOP9oLyOW8b5oNqBGJzW8DzFfn9yYBS
5fB4CarihBErXb89K5/6EIT9WO7FBCpgot+HVfGErC/vzcxhT62HWGFG3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKMI7GQRpXJ+0FGNbwqbcLiqTd7OMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvb3dqc1pCR2xjbjdRVVkxdkNwdHd1S3BOM3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABa/2AwQA
Ba/4AwQABed4MA0GCSqGSIb3DQEBCwUAA4IBAQDlWglOJfW9fVIrGfqv7Jl8RZOf
Ex9Q63zl9OidibM82MvH0J7RgDmfq5GFzmKt0lccaRoxDwyxdQIcBJykvVJR1mqG
aYIKKpiR65tgS+n7GmVv7QmJQGXYTJaBkoV9YBsdMC4/JLvBbJKagQXB/jZGdX/I
RRtIegHZdItiedlDpbkrP4vQBVxMI7CXh/YNkL6CUhruyO2zrRzFyGY0id04cdMK
4mvuqy1dL+22FpQApB7rlCV/7HlkMVZ5qRv2NG2SdHqmVJBAGY18BMuTz8s/hFOU
T3539jV3j5x6nmQkVj1KDaJfar+hoPJGaxK3gOaJKxu0VCU8Cf6kIS+ac9fM
-----END CERTIFICATE-----