Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ufdsMxtFpQzHHzX1HDU1YNCCVXc.roa
File:                     ufdsMxtFpQzHHzX1HDU1YNCCVXc.roa (raw, json)
Hash identifier:          ARJcaCo7S9Fdyk3EFlSsP7kxCzQZe+xIg4t/y41B5Ug=
Subject key identifier:   B9:F7:6C:33:1B:45:A5:0C:C7:1F:35:F5:1C:35:35:60:D0:82:55:77
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D46591D034D6F1B802ADF4F524FE88AF3
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ufdsMxtFpQzHHzX1HDU1YNCCVXc.roa
Signing time:             Wed 01 Apr 2026 00:02:18 +0000
ROA not before:           Wed 01 Apr 2026 00:02:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202905
IP address blocks:        5.231.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:46:59:1d:03:4d:6f:1b:80:2a:df:4f:52:4f:e8:8a:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  1 00:02:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b9f76c331b45a50cc71f35f51c353560d0825577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a5:4f:5f:84:2a:74:c9:0a:c1:4a:ac:eb:b4:
                    94:41:bc:45:64:91:db:e4:6e:82:c6:96:7b:9e:1e:
                    3b:88:0d:88:40:f9:22:3f:20:89:dd:22:c7:46:73:
                    9e:84:2f:d4:7e:dc:25:69:28:2f:fe:c1:18:83:20:
                    bb:a6:40:64:11:15:85:b3:1f:3b:6d:df:40:7a:5f:
                    f3:19:a6:ff:10:5b:79:fc:83:87:0d:e6:df:07:5e:
                    59:0e:a4:08:33:6c:57:01:fb:53:15:f0:b6:0e:b4:
                    a5:a4:1e:ef:bb:fa:83:b7:3d:6d:e3:fa:ba:ea:71:
                    1c:76:b4:50:21:bc:20:0b:65:89:de:46:f2:18:81:
                    e1:38:ea:59:1b:d8:cd:9a:42:14:87:69:b6:30:b3:
                    eb:e8:a6:a5:69:ec:80:f0:91:21:99:3a:69:96:28:
                    e6:ab:0c:02:68:ec:43:6b:ae:d1:10:a3:49:4f:24:
                    8b:87:ad:6a:f2:d4:b1:47:9e:48:0c:e4:64:04:74:
                    a5:26:df:9b:1d:a5:e9:8b:58:57:9b:75:dd:3d:83:
                    25:0a:ca:83:f4:66:9b:0e:84:88:43:a4:06:55:37:
                    48:ba:aa:33:0f:3b:53:b0:44:2a:0d:5f:b9:da:54:
                    d4:ea:f9:a0:08:e0:06:9a:dc:38:89:d3:1a:f6:ce:
                    3e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:F7:6C:33:1B:45:A5:0C:C7:1F:35:F5:1C:35:35:60:D0:82:55:77
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ufdsMxtFpQzHHzX1HDU1YNCCVXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:40:e9:96:12:2f:00:73:4d:3a:04:80:a5:10:3b:e4:df:f0:
         9e:30:9e:8d:b1:81:df:fa:20:35:3e:92:c2:11:55:4d:ec:c6:
         35:5f:9b:13:cf:12:3c:7f:88:8a:71:7f:3b:0f:60:b5:76:ec:
         a3:7b:0f:bc:11:11:0b:34:d6:81:e1:73:13:bb:39:28:d2:bd:
         1e:6e:c6:2e:e2:77:ad:cb:33:f4:c6:f1:7e:98:4f:f5:1c:89:
         1a:d2:1a:83:62:76:ca:39:14:59:c3:52:bf:9c:0a:9c:1e:8b:
         ed:ff:4f:f9:1a:ad:b1:c7:35:ec:00:7e:3c:b9:80:a5:f8:e2:
         17:8f:2c:ed:7b:3c:38:8b:5c:7e:cf:90:65:14:8e:62:20:16:
         04:05:f8:c0:fa:75:aa:37:6c:4e:19:07:a0:7a:cc:9a:76:f3:
         60:24:48:8b:31:b2:89:57:1b:7b:36:34:48:2e:af:71:a8:3b:
         fd:d9:e0:88:a3:b5:bf:0d:ba:74:56:c5:30:59:16:a2:fe:5b:
         b2:a6:51:f5:31:9f:fa:a9:f0:5e:14:dd:6e:db:60:b6:81:e9:
         1f:35:77:3a:8a:fe:51:5f:61:d6:cf:70:e6:df:ee:bd:22:36:
         2a:ff:da:ba:e4:ea:93:d1:10:02:01:8e:82:61:06:10:96:fb:
         e0:54:10:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1GWR0DTW8bgCrfT1JP6IrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDAxMDAwMjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWY3NmMzMzFiNDVhNTBjYzcxZjM1ZjUxYzM1MzU2MGQwODI1NTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKVPX4QqdMkKwUqs67SUQbxFZJHb
5G6CxpZ7nh47iA2IQPkiPyCJ3SLHRnOehC/UftwlaSgv/sEYgyC7pkBkERWFsx87
bd9Ael/zGab/EFt5/IOHDebfB15ZDqQIM2xXAftTFfC2DrSlpB7vu/qDtz1t4/q6
6nEcdrRQIbwgC2WJ3kbyGIHhOOpZG9jNmkIUh2m2MLPr6KalaeyA8JEhmTpplijm
qwwCaOxDa67REKNJTySLh61q8tSxR55IDORkBHSlJt+bHaXpi1hXm3XdPYMlCsqD
9GabDoSIQ6QGVTdIuqozDztTsEQqDV+52lTU6vmgCOAGmtw4idMa9s4+aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn3bDMbRaUMxx819Rw1NWDQglV3MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvdWZkc014dEZwUXpISHpYMUhEVTFZTkNDVlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABefcMA0G
CSqGSIb3DQEBCwUAA4IBAQBwQOmWEi8Ac006BIClEDvk3/CeMJ6NsYHf+iA1PpLC
EVVN7MY1X5sTzxI8f4iKcX87D2C1duyjew+8ERELNNaB4XMTuzko0r0ebsYu4net
yzP0xvF+mE/1HIka0hqDYnbKORRZw1K/nAqcHovt/0/5Gq2xxzXsAH48uYCl+OIX
jyztezw4i1x+z5BlFI5iIBYEBfjA+nWqN2xOGQegesyadvNgJEiLMbKJVxt7NjRI
Lq9xqDv92eCIo7W/Dbp0VsUwWRai/luyplH1MZ/6qfBeFN1u22C2gekfNXc6iv5R
X2HWz3Dm3+69IjYq/9q65OqT0RACAY6CYQYQlvvgVBAh
-----END CERTIFICATE-----