Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/zWJ4478R1lqVE_VS7oRWdb8juNw.roa
File:                     zWJ4478R1lqVE_VS7oRWdb8juNw.roa (raw, json)
Hash identifier:          tCV+vZxQFs7HUwzGYZ/bT/oQlYCdFyiQI8ZQSLF9FHw=
Subject key identifier:   CD:62:78:E3:BF:11:D6:5A:95:13:F5:52:EE:84:56:75:BF:23:B8:DC
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0198477B16A7736F987B0DA52503A71F73D4
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/zWJ4478R1lqVE_VS7oRWdb8juNw.roa
Signing time:             Sat 26 Jul 2025 16:05:05 +0000
ROA not before:           Sat 26 Jul 2025 16:05:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213484
IP address blocks:        5.231.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:47:7b:16:a7:73:6f:98:7b:0d:a5:25:03:a7:1f:73:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 26 16:05:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd6278e3bf11d65a9513f552ee845675bf23b8dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e5:c9:7c:f5:ac:5e:30:3f:8a:91:49:87:b7:
                    16:db:67:99:1c:f1:97:ac:9a:4e:84:f5:21:a5:12:
                    31:2a:b8:54:e1:92:d6:e5:95:01:76:83:7b:9c:ae:
                    4b:9b:9f:f6:2f:3f:d0:c1:f6:ae:31:0e:e4:3e:16:
                    f2:be:e8:98:44:83:4d:06:65:97:a2:72:d9:43:82:
                    44:b3:64:8f:74:b2:a0:f0:28:77:cc:d4:fb:cd:73:
                    a7:be:3a:4d:a9:75:24:60:be:47:08:4d:83:09:13:
                    10:92:73:8a:50:d6:c6:12:eb:5a:af:3e:f3:82:7e:
                    53:9d:d0:d1:90:53:cc:b9:c0:1f:ac:f7:bd:ae:90:
                    39:50:c7:c3:06:dc:3a:d5:dc:31:9a:5b:3b:24:be:
                    2d:55:12:3b:c6:2f:63:9e:14:56:30:ed:7d:82:09:
                    2a:01:55:ff:0c:72:39:1f:97:bb:e6:07:a0:1e:7b:
                    09:00:7e:87:ba:91:6d:03:c1:9a:1d:9c:7e:c9:86:
                    38:1e:b8:40:04:6b:b1:33:c2:05:ef:ac:2c:80:e2:
                    7d:0f:60:fa:5e:c0:a9:06:a0:06:8a:9c:86:b3:88:
                    c1:84:40:a0:65:a9:93:07:15:32:37:a0:f7:29:c1:
                    61:8d:31:2a:55:37:4a:b9:e7:22:d9:fe:ee:d9:e3:
                    54:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:62:78:E3:BF:11:D6:5A:95:13:F5:52:EE:84:56:75:BF:23:B8:DC
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/zWJ4478R1lqVE_VS7oRWdb8juNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:e3:81:61:1e:0b:c3:60:b5:49:64:ab:60:6f:65:14:33:24:
         9c:fd:ff:22:dd:4e:5b:63:ae:84:2b:a9:13:3d:cc:e5:62:2b:
         21:be:15:aa:25:3e:81:b7:8a:c9:e1:bf:80:ac:fd:04:c9:a9:
         71:42:cb:b6:32:55:68:50:a2:50:38:8c:f5:2e:06:c7:bb:f6:
         c9:53:90:60:97:b9:41:c2:f1:f7:cc:07:ea:81:2d:b4:84:ca:
         b6:2f:19:52:0d:b6:b9:70:d9:51:66:53:c3:dd:f4:9d:bd:7c:
         53:a0:7a:81:b5:87:17:df:47:e8:f8:14:b5:86:9d:75:cb:4a:
         cd:38:1a:a4:a6:43:7e:a2:bf:ad:7a:d3:db:0a:f8:d6:fb:66:
         4d:14:9a:75:26:5f:b6:a6:bc:47:b5:b3:e0:ff:90:d7:42:ca:
         46:49:34:50:b0:e1:ba:0b:e9:6d:82:f4:2f:0a:fe:11:f0:2f:
         6b:84:f3:33:af:4d:53:74:9a:cc:43:dd:38:2d:67:51:12:e3:
         49:3b:41:a0:c5:6e:b5:0f:c5:7b:b7:9c:f1:c4:b2:c5:f3:c4:
         1f:81:3a:d3:3a:ba:b8:6c:48:ea:49:6b:92:f4:17:60:60:71:
         04:d1:11:a2:9d:0b:24:4c:25:75:08:61:6a:e4:10:2c:b3:8a:
         c0:2a:b4:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhHexanc2+Yew2lJQOnH3PUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzI2MTYwNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDYyNzhlM2JmMTFkNjVhOTUxM2Y1NTJlZTg0NTY3NWJmMjNiOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweXJfPWsXjA/ipFJh7cW22eZHPGX
rJpOhPUhpRIxKrhU4ZLW5ZUBdoN7nK5Lm5/2Lz/QwfauMQ7kPhbyvuiYRINNBmWX
onLZQ4JEs2SPdLKg8Ch3zNT7zXOnvjpNqXUkYL5HCE2DCRMQknOKUNbGEutarz7z
gn5TndDRkFPMucAfrPe9rpA5UMfDBtw61dwxmls7JL4tVRI7xi9jnhRWMO19ggkq
AVX/DHI5H5e75gegHnsJAH6HupFtA8GaHZx+yYY4HrhABGuxM8IF76wsgOJ9D2D6
XsCpBqAGipyGs4jBhECgZamTBxUyN6D3KcFhjTEqVTdKueci2f7u2eNUsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1ieOO/EdZalRP1Uu6EVnW/I7jcMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEveldKNDQ3OFIxbHFWRV9WUzdvUldkYjhqdU53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABedhMA0G
CSqGSIb3DQEBCwUAA4IBAQCj44FhHgvDYLVJZKtgb2UUMySc/f8i3U5bY66EK6kT
PczlYishvhWqJT6Bt4rJ4b+ArP0EyalxQsu2MlVoUKJQOIz1LgbHu/bJU5Bgl7lB
wvH3zAfqgS20hMq2LxlSDba5cNlRZlPD3fSdvXxToHqBtYcX30fo+BS1hp11y0rN
OBqkpkN+or+tetPbCvjW+2ZNFJp1Jl+2prxHtbPg/5DXQspGSTRQsOG6C+ltgvQv
Cv4R8C9rhPMzr01TdJrMQ904LWdREuNJO0GgxW61D8V7t5zxxLLF88QfgTrTOrq4
bEjqSWuS9BdgYHEE0RGinQskTCV1CGFq5BAss4rAKrT7
-----END CERTIFICATE-----