Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/k3bU7GJQGWmqllt3J0zrBV5kOFQ.roa
File:                     k3bU7GJQGWmqllt3J0zrBV5kOFQ.roa (raw, json)
Hash identifier:          FFe49A2byJNnvRF0qFtVbcLDcNCSlda3Ud81mS5eRtw=
Subject key identifier:   93:76:D4:EC:62:50:19:69:AA:96:5B:77:27:4C:EB:05:5E:64:38:54
Certificate issuer:       /CN=b02f0c2a2a51275bee2493a5656ecf1b612f1226
Certificate serial:       019E495D605D135ED3BD6BE92F80F7EDF519
Authority key identifier: B0:2F:0C:2A:2A:51:27:5B:EE:24:93:A5:65:6E:CF:1B:61:2F:12:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sC8MKipRJ1vuJJOlZW7PG2EvEiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/k3bU7GJQGWmqllt3J0zrBV5kOFQ.roa
Signing time:             Thu 21 May 2026 07:08:36 +0000
ROA not before:           Thu 21 May 2026 07:08:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209422
IP address blocks:        5.253.248.0/24 maxlen: 24
                          5.253.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/sC8MKipRJ1vuJJOlZW7PG2EvEiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/sC8MKipRJ1vuJJOlZW7PG2EvEiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sC8MKipRJ1vuJJOlZW7PG2EvEiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 07:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:5d:60:5d:13:5e:d3:bd:6b:e9:2f:80:f7:ed:f5:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b02f0c2a2a51275bee2493a5656ecf1b612f1226
        Validity
            Not Before: May 21 07:08:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9376d4ec62501969aa965b77274ceb055e643854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a5:7d:f4:22:28:ef:2f:f8:cf:6d:34:e4:31:
                    42:eb:00:5a:36:06:57:00:99:88:33:09:2c:78:25:
                    f5:50:79:3b:bc:66:95:a2:35:d4:11:92:f1:c7:02:
                    93:7a:87:11:59:b0:b3:90:a0:3c:47:b7:be:96:1b:
                    e7:87:f6:45:d8:f1:e3:04:a7:10:76:43:3a:0e:e8:
                    50:61:a1:f7:b9:46:10:79:ce:bf:bd:df:2e:7c:ed:
                    f8:3b:23:ae:c4:7b:68:89:22:fd:20:aa:7e:49:4e:
                    90:e2:16:95:e7:7c:52:68:22:e9:87:b2:ec:ae:34:
                    8b:df:83:2f:90:53:b9:97:69:f7:a2:cf:d0:0c:c4:
                    f5:cc:66:17:e7:5b:20:41:15:20:ff:de:ba:dc:39:
                    93:94:e9:0a:b8:46:81:cd:8d:56:9b:91:0d:75:c7:
                    a9:a3:54:de:e9:43:c8:1d:bd:0b:0d:d5:3a:19:b4:
                    ac:11:a1:37:e7:88:db:d0:82:b1:cf:62:0f:a3:53:
                    e2:e5:8b:04:24:56:19:d0:00:d0:69:6b:31:d5:0a:
                    ae:eb:a7:85:69:e1:9e:e3:32:f3:99:75:6c:6e:b0:
                    45:ae:8c:e3:fa:90:50:5a:e0:01:a3:ab:8b:0a:9f:
                    5a:92:1e:b6:08:6f:13:bf:4c:ce:3e:5c:8b:48:4f:
                    51:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:76:D4:EC:62:50:19:69:AA:96:5B:77:27:4C:EB:05:5E:64:38:54
            X509v3 Authority Key Identifier:
                keyid:B0:2F:0C:2A:2A:51:27:5B:EE:24:93:A5:65:6E:CF:1B:61:2F:12:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sC8MKipRJ1vuJJOlZW7PG2EvEiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/k3bU7GJQGWmqllt3J0zrBV5kOFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/c59162-7bd1-4b8a-a9e3-21ff1120fb72/1/sC8MKipRJ1vuJJOlZW7PG2EvEiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:0e:7a:fa:0a:93:e9:f1:48:70:16:fc:22:f6:20:84:d7:e8:
         67:70:77:18:89:be:5d:36:f7:9a:67:26:c6:14:c8:6d:e6:2f:
         24:9e:6b:8e:58:a0:ed:f6:94:d5:ac:e8:c3:14:a0:b9:ba:3a:
         b8:74:43:67:a4:01:a0:c8:b4:d9:37:25:39:34:40:b4:a4:50:
         81:94:dd:a2:09:ac:5a:7d:72:22:ad:7e:b3:05:f7:ff:fa:c3:
         7c:bd:9e:92:8e:d0:dc:41:bf:06:71:d0:1e:aa:2a:ae:50:d3:
         18:95:bd:34:4b:9b:7c:5f:d4:83:27:00:d9:24:af:32:72:b2:
         34:6c:c6:1e:08:f4:14:08:f8:92:bd:9d:56:fd:c8:d0:1f:1b:
         c1:bb:5d:2c:ab:fa:b1:0e:55:0d:5b:bd:d5:e9:f4:62:32:07:
         d7:75:14:7a:65:38:53:72:86:39:56:ca:c4:91:40:cf:47:36:
         f9:3c:cc:63:f1:30:64:2f:63:b2:bd:26:e3:a1:2a:95:90:f6:
         a3:81:b7:80:89:59:41:f2:6d:1c:77:57:ec:44:cf:09:32:11:
         d4:cc:55:0f:3f:ba:7b:be:10:e9:0e:4d:27:e9:73:f3:3c:41:
         39:0d:5f:29:11:b7:ee:17:29:0c:aa:27:d6:b3:06:15:21:76:
         1f:8a:a6:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5JXWBdE17TvWvpL4D37fUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMmYwYzJhMmE1MTI3NWJlZTI0OTNhNTY1NmVjZjFiNjEy
ZjEyMjYwHhcNMjYwNTIxMDcwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc2ZDRlYzYyNTAxOTY5YWE5NjViNzcyNzRjZWIwNTVlNjQzODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaV99CIo7y/4z2005DFC6wBaNgZX
AJmIMwkseCX1UHk7vGaVojXUEZLxxwKTeocRWbCzkKA8R7e+lhvnh/ZF2PHjBKcQ
dkM6DuhQYaH3uUYQec6/vd8ufO34OyOuxHtoiSL9IKp+SU6Q4haV53xSaCLph7Ls
rjSL34MvkFO5l2n3os/QDMT1zGYX51sgQRUg/9663DmTlOkKuEaBzY1Wm5ENdcep
o1Te6UPIHb0LDdU6GbSsEaE354jb0IKxz2IPo1Pi5YsEJFYZ0ADQaWsx1Qqu66eF
aeGe4zLzmXVsbrBFrozj+pBQWuABo6uLCp9akh62CG8Tv0zOPlyLSE9R0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJN21OxiUBlpqpZbdydM6wVeZDhUMB8GA1UdIwQY
MBaAFLAvDCoqUSdb7iSTpWVuzxthLxImMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0M4TUtpcFJKMXZ1SkpPbFpXN1BHMkV2RWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9jNTkxNjItN2JkMS00YjhhLWE5ZTMt
MjFmZjExMjBmYjcyLzEvazNiVTdHSlFHV21xbGx0M0owenJCVjVrT0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9jNTkxNjItN2JkMS00YjhhLWE5ZTMtMjFmZjExMjBmYjcy
LzEvc0M4TUtpcFJKMXZ1SkpPbFpXN1BHMkV2RWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBf34MA0G
CSqGSIb3DQEBCwUAA4IBAQBIDnr6CpPp8UhwFvwi9iCE1+hncHcYib5dNveaZybG
FMht5i8knmuOWKDt9pTVrOjDFKC5ujq4dENnpAGgyLTZNyU5NEC0pFCBlN2iCaxa
fXIirX6zBff/+sN8vZ6SjtDcQb8GcdAeqiquUNMYlb00S5t8X9SDJwDZJK8ycrI0
bMYeCPQUCPiSvZ1W/cjQHxvBu10sq/qxDlUNW73V6fRiMgfXdRR6ZThTcoY5VsrE
kUDPRzb5PMxj8TBkL2OyvSbjoSqVkPajgbeAiVlB8m0cd1fsRM8JMhHUzFUPP7p7
vhDpDk0n6XPzPEE5DV8pEbfuFykMqifWswYVIXYfiqbJ
-----END CERTIFICATE-----