Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/szDx-edV8UGidbI_uz7hIiP9whI.roa
File:                     szDx-edV8UGidbI_uz7hIiP9whI.roa (raw, json)
Hash identifier:          wE00Ap1Ny+4wL+a4OcYR0pmEHzYeuNBd3zpdDT03Nts=
Subject key identifier:   B3:30:F1:F9:E7:55:F1:41:A2:75:B2:3F:BB:3E:E1:22:23:FD:C2:12
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D6F7D5F586343494E5D69070B0AE3C305
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/szDx-edV8UGidbI_uz7hIiP9whI.roa
Signing time:             Wed 08 Apr 2026 23:46:20 +0000
ROA not before:           Wed 08 Apr 2026 23:46:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199746
IP address blocks:        5.175.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6f:7d:5f:58:63:43:49:4e:5d:69:07:0b:0a:e3:c3:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  8 23:46:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b330f1f9e755f141a275b23fbb3ee12223fdc212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:60:0c:4c:d4:e6:e8:4a:27:3d:da:1e:2c:a1:
                    8a:7c:56:29:f0:6a:eb:9b:00:c0:3d:42:71:54:9a:
                    b7:88:f1:2f:37:7d:a4:84:34:29:94:da:f1:22:0f:
                    6a:2c:53:68:91:82:34:86:18:4b:27:2b:ae:5c:69:
                    12:09:59:a1:c1:1d:eb:3e:7f:f6:0d:80:c4:95:2c:
                    e9:33:10:bb:61:bb:6a:99:71:b5:ef:2a:58:a1:cf:
                    fe:2d:5e:c4:c4:00:a4:b2:8c:e2:f9:10:09:1f:6e:
                    38:4a:07:2e:7b:fc:ad:e5:eb:e3:ef:81:c4:d9:37:
                    9b:ea:62:b9:ce:c1:01:e6:07:1c:e0:48:5b:6e:ad:
                    2e:3d:f8:8f:e6:9e:54:34:0b:51:76:3a:be:24:52:
                    b3:30:f1:47:f8:08:b2:bb:15:15:79:49:12:ce:2c:
                    a0:52:8d:c7:12:cd:12:ce:68:bd:aa:ec:89:6c:8f:
                    d5:65:2e:a7:6e:a1:89:dd:8e:f1:dc:a2:26:92:38:
                    3c:f8:58:94:c2:7d:f8:d0:6e:ca:ad:26:01:83:75:
                    61:99:dc:01:ea:5e:52:e2:5a:e2:b8:51:17:c3:a2:
                    65:6d:67:2d:4d:66:99:b3:49:e2:93:80:ff:02:f9:
                    f1:e6:24:32:a2:40:e6:13:52:1f:f6:1d:44:61:08:
                    2f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:30:F1:F9:E7:55:F1:41:A2:75:B2:3F:BB:3E:E1:22:23:FD:C2:12
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/szDx-edV8UGidbI_uz7hIiP9whI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:eb:7a:c0:59:fa:01:c1:93:59:c2:c0:1a:7a:a2:01:9c:5e:
         75:0c:a1:1f:be:81:40:e0:0c:b0:7e:0b:32:6d:75:6f:7a:14:
         06:49:d1:62:9a:1c:1b:8c:67:10:b7:dd:ab:23:d8:09:31:c4:
         65:74:51:0e:a3:32:68:73:75:61:56:5f:bd:fd:8b:41:fe:86:
         fd:19:cb:5b:84:19:87:f2:39:92:6a:73:fd:69:d5:dc:62:1d:
         eb:d4:47:0a:c0:b3:79:3d:44:7e:84:a4:66:b4:89:79:12:f6:
         03:fd:f4:ff:c4:48:77:26:3d:aa:26:06:9b:c5:3b:34:91:d1:
         70:18:16:98:af:10:4e:00:7e:13:d9:17:2f:c2:16:17:15:33:
         c3:56:19:a5:0c:61:f5:ce:6b:52:4e:e7:2e:e5:2b:1e:16:ce:
         af:ce:dd:5f:57:01:13:9b:16:b2:57:93:8f:14:b8:75:dd:9e:
         d3:a0:33:eb:6c:76:30:fa:61:96:dc:5c:2f:1b:d3:cf:1b:74:
         f4:ae:7d:ab:25:59:99:a4:9d:69:b1:80:67:1d:77:24:d5:20:
         50:8d:1b:14:9c:94:fa:a9:ed:4d:b2:4f:1d:65:37:43:3c:8f:
         18:a6:84:0a:75:01:6c:53:70:0b:59:79:9f:b9:54:2a:2f:d3:
         37:21:8b:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1vfV9YY0NJTl1pBwsK48MFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDA4MjM0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzMwZjFmOWU3NTVmMTQxYTI3NWIyM2ZiYjNlZTEyMjIzZmRjMjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGAMTNTm6EonPdoeLKGKfFYp8Grr
mwDAPUJxVJq3iPEvN32khDQplNrxIg9qLFNokYI0hhhLJyuuXGkSCVmhwR3rPn/2
DYDElSzpMxC7YbtqmXG17ypYoc/+LV7ExACksozi+RAJH244Sgcue/yt5evj74HE
2Teb6mK5zsEB5gcc4Ehbbq0uPfiP5p5UNAtRdjq+JFKzMPFH+AiyuxUVeUkSziyg
Uo3HEs0Szmi9quyJbI/VZS6nbqGJ3Y7x3KImkjg8+FiUwn340G7KrSYBg3VhmdwB
6l5S4lriuFEXw6JlbWctTWaZs0nik4D/Avnx5iQyokDmE1If9h1EYQgvzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMw8fnnVfFBonWyP7s+4SIj/cISMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvc3pEeC1lZFY4VUdpZGJJX3V6N2hJaVA5d2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/fMA0G
CSqGSIb3DQEBCwUAA4IBAQDU63rAWfoBwZNZwsAaeqIBnF51DKEfvoFA4Aywfgsy
bXVvehQGSdFimhwbjGcQt92rI9gJMcRldFEOozJoc3VhVl+9/YtB/ob9GctbhBmH
8jmSanP9adXcYh3r1EcKwLN5PUR+hKRmtIl5EvYD/fT/xEh3Jj2qJgabxTs0kdFw
GBaYrxBOAH4T2RcvwhYXFTPDVhmlDGH1zmtSTucu5SseFs6vzt1fVwETmxayV5OP
FLh13Z7ToDPrbHYw+mGW3FwvG9PPG3T0rn2rJVmZpJ1psYBnHXck1SBQjRsUnJT6
qe1Nsk8dZTdDPI8YpoQKdQFsU3ALWXmfuVQqL9M3IYt9
-----END CERTIFICATE-----