Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/PUXWH5ErhkpTlX3DGsk45zeBJZg.roa
File:                     PUXWH5ErhkpTlX3DGsk45zeBJZg.roa (raw, json)
Hash identifier:          xZcIxtVt0rhHswrnqiIOZ/p/5tyYj0LaAjYUyfrercI=
Subject key identifier:   3D:45:D6:1F:91:2B:86:4A:53:95:7D:C3:1A:C9:38:E7:37:81:25:98
Certificate issuer:       /CN=b02f0c2a2a51275bee2493a5656ecf1b612f1226
Certificate serial:       019E495D5FAF032EF37930682F48DA585CD0
Authority key identifier: B0:2F:0C:2A:2A:51:27:5B:EE:24:93:A5:65:6E:CF:1B:61:2F:12:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sC8MKipRJ1vuJJOlZW7PG2EvEiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/PUXWH5ErhkpTlX3DGsk45zeBJZg.roa
Signing time:             Thu 21 May 2026 07:08:36 +0000
ROA not before:           Thu 21 May 2026 07:08:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47123
IP address blocks:        5.253.250.0/24 maxlen: 24
                          5.253.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/sC8MKipRJ1vuJJOlZW7PG2EvEiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/sC8MKipRJ1vuJJOlZW7PG2EvEiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sC8MKipRJ1vuJJOlZW7PG2EvEiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 01:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:5d:5f:af:03:2e:f3:79:30:68:2f:48:da:58:5c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b02f0c2a2a51275bee2493a5656ecf1b612f1226
        Validity
            Not Before: May 21 07:08:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d45d61f912b864a53957dc31ac938e737812598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:37:e4:1d:48:bc:1a:49:18:4b:77:ab:09:a4:
                    bb:2a:74:39:05:ae:ac:b4:e6:d1:21:83:2b:b8:0d:
                    40:4c:7e:9a:4e:08:4f:bb:f0:0a:61:4b:3e:d2:46:
                    42:2a:54:26:2c:35:24:bf:48:ab:41:70:93:15:aa:
                    c6:05:37:18:3a:83:c4:5f:b3:85:92:c4:98:0e:98:
                    0c:4b:72:df:9a:e8:85:bf:e4:8b:94:45:8a:a3:4f:
                    93:dd:e6:63:b6:41:15:0f:71:29:a2:1a:15:a8:78:
                    e4:89:30:99:7c:b0:65:7f:3a:01:9c:12:90:1f:7a:
                    02:4b:fb:f0:40:ff:0e:01:04:72:db:13:6e:e9:37:
                    e3:90:e7:3b:34:d5:c7:36:27:95:b5:c5:0e:38:52:
                    4f:59:e2:f7:45:61:bd:83:bc:96:bf:16:92:71:dc:
                    48:02:f1:09:40:21:5a:0e:4b:96:7a:82:44:05:12:
                    b0:ad:8f:54:c3:5c:f6:7b:3f:72:3e:c0:4b:1e:78:
                    d2:8b:3a:5d:32:1a:19:1f:38:0b:16:23:88:00:9b:
                    7e:72:1f:00:10:56:00:5e:33:1f:4e:7b:d6:94:1b:
                    ff:8b:9f:73:8f:54:c9:74:e3:7b:84:97:21:15:db:
                    81:50:ab:3f:21:06:ee:81:d3:7f:30:ec:60:7d:b3:
                    31:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:45:D6:1F:91:2B:86:4A:53:95:7D:C3:1A:C9:38:E7:37:81:25:98
            X509v3 Authority Key Identifier:
                keyid:B0:2F:0C:2A:2A:51:27:5B:EE:24:93:A5:65:6E:CF:1B:61:2F:12:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sC8MKipRJ1vuJJOlZW7PG2EvEiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/PUXWH5ErhkpTlX3DGsk45zeBJZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/sC8MKipRJ1vuJJOlZW7PG2EvEiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:c2:d7:d0:a6:7e:0b:91:8e:55:2b:76:78:15:24:e8:0c:1e:
         0a:e7:38:54:21:3d:43:69:c2:55:c7:76:f5:9c:25:af:03:ee:
         7c:a1:79:7b:ab:6f:33:d6:0a:e5:3d:b1:d3:18:6e:c3:ea:14:
         9a:59:19:4a:2d:e9:38:2a:3d:10:ad:a0:2a:0f:de:cc:62:85:
         d9:4e:a6:d4:d1:ae:87:17:99:ba:8e:64:9b:21:2c:31:71:b2:
         50:17:fd:f0:6c:a9:34:67:22:6c:31:17:f0:f3:fd:8b:a6:16:
         fb:58:9b:95:e0:bf:31:c6:e2:d7:a1:e8:cb:0c:6d:20:50:db:
         c9:aa:b8:9e:26:75:36:8c:3a:30:0a:b0:5b:bd:ef:91:0a:da:
         1c:bb:36:58:cd:1f:6a:8f:a9:9e:6f:47:e5:68:6d:c7:7a:cc:
         8b:b9:ac:c5:07:c5:ba:53:55:a4:2b:0e:95:6e:6b:a3:cc:5b:
         6a:ca:6a:2d:eb:e5:fa:79:fe:f4:72:31:1e:3c:14:f8:10:c7:
         be:4b:e4:83:8a:c2:a6:6c:ed:c6:f9:c8:75:e4:de:61:c0:3a:
         74:6d:f9:92:41:a2:7c:55:32:db:93:cd:9e:c9:ac:1a:e5:db:
         13:08:4a:3f:58:82:6d:3a:a8:49:ee:d6:05:dd:fe:47:e4:ca:
         46:df:a8:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5JXV+vAy7zeTBoL0jaWFzQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMmYwYzJhMmE1MTI3NWJlZTI0OTNhNTY1NmVjZjFiNjEy
ZjEyMjYwHhcNMjYwNTIxMDcwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDQ1ZDYxZjkxMmI4NjRhNTM5NTdkYzMxYWM5MzhlNzM3ODEyNTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDfkHUi8GkkYS3erCaS7KnQ5Ba6s
tObRIYMruA1ATH6aTghPu/AKYUs+0kZCKlQmLDUkv0irQXCTFarGBTcYOoPEX7OF
ksSYDpgMS3LfmuiFv+SLlEWKo0+T3eZjtkEVD3EpohoVqHjkiTCZfLBlfzoBnBKQ
H3oCS/vwQP8OAQRy2xNu6TfjkOc7NNXHNieVtcUOOFJPWeL3RWG9g7yWvxaScdxI
AvEJQCFaDkuWeoJEBRKwrY9Uw1z2ez9yPsBLHnjSizpdMhoZHzgLFiOIAJt+ch8A
EFYAXjMfTnvWlBv/i59zj1TJdON7hJchFduBUKs/IQbugdN/MOxgfbMxpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1F1h+RK4ZKU5V9wxrJOOc3gSWYMB8GA1UdIwQY
MBaAFLAvDCoqUSdb7iSTpWVuzxthLxImMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0M4TUtpcFJKMXZ1SkpPbFpXN1BHMkV2RWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9jNTkxNjItN2JkMS00YjhhLWE5ZTMt
MjFmZjExMjBmYjcyLzEvUFVYV0g1RXJoa3BUbFgzREdzazQ1emVCSlpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9jNTkxNjItN2JkMS00YjhhLWE5ZTMtMjFmZjExMjBmYjcy
LzEvc0M4TUtpcFJKMXZ1SkpPbFpXN1BHMkV2RWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBf36MA0G
CSqGSIb3DQEBCwUAA4IBAQBWwtfQpn4LkY5VK3Z4FSToDB4K5zhUIT1DacJVx3b1
nCWvA+58oXl7q28z1grlPbHTGG7D6hSaWRlKLek4Kj0QraAqD97MYoXZTqbU0a6H
F5m6jmSbISwxcbJQF/3wbKk0ZyJsMRfw8/2Lphb7WJuV4L8xxuLXoejLDG0gUNvJ
qrieJnU2jDowCrBbve+RCtocuzZYzR9qj6meb0flaG3HesyLuazFB8W6U1WkKw6V
bmujzFtqymot6+X6ef70cjEePBT4EMe+S+SDisKmbO3G+ch15N5hwDp0bfmSQaJ8
VTLbk82eyawa5dsTCEo/WIJtOqhJ7tYF3f5H5MpG36jp
-----END CERTIFICATE-----