Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/PNU5dT-FRZhCGuEDnFsX7GuO8MU.roa
File:                     PNU5dT-FRZhCGuEDnFsX7GuO8MU.roa (raw, json)
Hash identifier:          5nuXPVsdc9izSwCCuB+1KPJnkougYuwEFE0ABa/v1lw=
Subject key identifier:   3C:D5:39:75:3F:85:45:98:42:1A:E1:03:9C:5B:17:EC:6B:8E:F0:C5
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019CF07251A210FBB571AB69BEFEEEB739A4
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/PNU5dT-FRZhCGuEDnFsX7GuO8MU.roa
Signing time:             Sun 15 Mar 2026 07:42:29 +0000
ROA not before:           Sun 15 Mar 2026 07:42:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25159
IP address blocks:        130.49.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f0:72:51:a2:10:fb:b5:71:ab:69:be:fe:ee:b7:39:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Mar 15 07:42:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3cd539753f854598421ae1039c5b17ec6b8ef0c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3f:95:9b:3a:2f:c2:71:d9:5d:83:31:6d:19:
                    d0:5d:99:67:0f:b1:73:f0:81:df:86:8f:51:03:ed:
                    c2:e0:e8:80:bb:aa:28:f2:24:a1:6b:ed:a6:96:71:
                    b7:21:f8:b5:7e:db:a2:35:9d:c3:85:d4:7e:05:b3:
                    20:c1:db:5c:f9:a4:a9:ad:4d:99:f3:f3:19:da:fe:
                    b5:06:24:d2:38:77:57:a8:68:33:81:06:28:d3:68:
                    8a:03:fb:db:b1:72:9f:5a:78:59:28:b0:20:c5:e2:
                    82:33:c9:e8:0d:08:f0:94:08:b3:6e:d8:bb:8f:0a:
                    28:84:a9:33:58:b3:59:37:07:9b:51:3b:68:1d:e7:
                    6a:15:fb:f6:f9:f9:18:24:7d:e6:7a:ce:f2:5d:c9:
                    0c:1f:88:8c:5e:aa:5c:64:b5:e0:bb:57:d7:d3:8c:
                    bc:3b:b6:cb:32:28:7a:c1:36:53:b8:0a:4a:04:72:
                    f4:3f:b4:db:52:45:01:55:b8:51:bf:91:56:eb:e0:
                    98:ff:1b:ff:5b:eb:aa:55:e3:14:d2:08:25:74:28:
                    5a:6e:a0:8b:23:76:85:db:63:4b:14:25:84:9a:85:
                    d5:02:79:1a:3d:a8:dc:fe:be:ee:62:83:05:df:2b:
                    fb:94:87:d8:c7:31:e0:39:54:b6:50:21:3b:e6:08:
                    d5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:D5:39:75:3F:85:45:98:42:1A:E1:03:9C:5B:17:EC:6B:8E:F0:C5
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/PNU5dT-FRZhCGuEDnFsX7GuO8MU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.49.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b9:ca:a7:c3:62:04:1e:53:14:1e:a6:0c:21:c8:a0:b4:72:
         12:d9:20:08:4b:f9:7c:d8:cd:f5:c8:f0:d0:d0:39:1a:41:48:
         cd:91:d4:43:8f:42:55:cd:fd:ea:ee:f9:6c:d0:54:56:de:1a:
         5f:0f:51:64:cc:9b:4c:41:c1:0b:71:54:80:9c:91:b5:c2:30:
         8a:16:e7:1a:08:90:37:8b:10:ba:3d:06:2b:25:b0:6d:2e:8c:
         b5:68:15:ec:c6:88:d0:92:84:37:67:94:ac:b4:8e:4e:a9:10:
         7d:3e:c4:27:6b:74:03:3a:f0:89:a9:fc:36:04:65:cc:63:64:
         d4:92:19:c0:5d:36:d8:1c:2c:b0:72:0c:10:57:2e:a2:7d:2b:
         9a:b8:07:a4:f1:72:7c:1e:9b:dd:61:27:ce:9f:d0:8d:a4:6d:
         3b:84:6a:70:6f:0c:f8:96:cb:5a:f0:56:ed:00:50:27:8d:2c:
         60:22:3d:be:3f:82:21:c5:3b:2b:9e:55:de:1f:fa:d4:ca:f5:
         cf:11:ac:0d:b1:ef:7d:4d:e7:a5:e2:dd:92:d2:38:40:02:2e:
         cd:3e:b3:a1:ad:bf:aa:d3:01:2b:7c:7e:90:7f:57:06:66:2d:
         5e:d6:12:ba:1f:d6:bc:a8:cc:d7:1c:bf:d7:1f:47:d7:bf:90:
         70:0b:0e:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzwclGiEPu1catpvv7utzmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjYwMzE1MDc0MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2Q1Mzk3NTNmODU0NTk4NDIxYWUxMDM5YzViMTdlYzZiOGVmMGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj+VmzovwnHZXYMxbRnQXZlnD7Fz
8IHfho9RA+3C4OiAu6oo8iSha+2mlnG3Ifi1ftuiNZ3DhdR+BbMgwdtc+aSprU2Z
8/MZ2v61BiTSOHdXqGgzgQYo02iKA/vbsXKfWnhZKLAgxeKCM8noDQjwlAizbti7
jwoohKkzWLNZNwebUTtoHedqFfv2+fkYJH3mes7yXckMH4iMXqpcZLXgu1fX04y8
O7bLMih6wTZTuApKBHL0P7TbUkUBVbhRv5FW6+CY/xv/W+uqVeMU0ggldChabqCL
I3aF22NLFCWEmoXVAnkaPajc/r7uYoMF3yv7lIfYxzHgOVS2UCE75gjVXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzVOXU/hUWYQhrhA5xbF+xrjvDFMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvUE5VNWRULUZSWmhDR3VFRG5Gc1g3R3VPOE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgjHYMA0G
CSqGSIb3DQEBCwUAA4IBAQBKucqnw2IEHlMUHqYMIcigtHIS2SAIS/l82M31yPDQ
0DkaQUjNkdRDj0JVzf3q7vls0FRW3hpfD1FkzJtMQcELcVSAnJG1wjCKFucaCJA3
ixC6PQYrJbBtLoy1aBXsxojQkoQ3Z5SstI5OqRB9PsQna3QDOvCJqfw2BGXMY2TU
khnAXTbYHCywcgwQVy6ifSuauAek8XJ8HpvdYSfOn9CNpG07hGpwbwz4lsta8Fbt
AFAnjSxgIj2+P4IhxTsrnlXeH/rUyvXPEawNse99Teel4t2S0jhAAi7NPrOhrb+q
0wErfH6Qf1cGZi1e1hK6H9a8qMzXHL/XH0fXv5BwCw4L
-----END CERTIFICATE-----