Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/PUGn7Ab6cMVb76OjXGWaJzUV5BY.roa
File:                     PUGn7Ab6cMVb76OjXGWaJzUV5BY.roa (raw, json)
Hash identifier:          iJYYEN2U/S0Cca5PknTdBrcbLrfBr1O6hjipT0an39E=
Subject key identifier:   3D:41:A7:EC:06:FA:70:C5:5B:EF:A3:A3:5C:65:9A:27:35:15:E4:16
Certificate issuer:       /CN=20f6e53b697ad263b4ba4ea49814366a883b54ad
Certificate serial:       019B7834C611392F7CD256CA4F1F593737BB
Authority key identifier: 20:F6:E5:3B:69:7A:D2:63:B4:BA:4E:A4:98:14:36:6A:88:3B:54:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPblO2l60mO0uk6kmBQ2aog7VK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/PUGn7Ab6cMVb76OjXGWaJzUV5BY.roa
Signing time:             Thu 01 Jan 2026 06:18:02 +0000
ROA not before:           Thu 01 Jan 2026 06:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208727
IP address blocks:        2001:678:a8c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/IPblO2l60mO0uk6kmBQ2aog7VK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/IPblO2l60mO0uk6kmBQ2aog7VK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPblO2l60mO0uk6kmBQ2aog7VK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:c6:11:39:2f:7c:d2:56:ca:4f:1f:59:37:37:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f6e53b697ad263b4ba4ea49814366a883b54ad
        Validity
            Not Before: Jan  1 06:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d41a7ec06fa70c55befa3a35c659a273515e416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bd:38:a0:13:ad:1a:cd:01:78:42:d9:65:88:
                    ee:15:37:5e:ec:95:a8:1c:ab:81:2b:50:d0:30:e5:
                    02:57:d0:ed:17:cf:7a:a2:b8:5c:9a:9e:0c:3d:2a:
                    e9:90:40:34:08:03:0f:d5:1f:32:db:15:cc:b1:5a:
                    c4:a0:78:ec:6c:92:ce:72:e2:6d:1c:6a:00:77:6c:
                    5b:49:9f:c3:01:37:6b:fc:47:e0:8f:ef:48:6e:cd:
                    fe:ad:2b:36:0b:4f:cc:42:9a:f5:41:2c:3e:cd:c9:
                    a6:52:1a:21:9d:df:47:b3:ba:eb:e2:7c:05:f7:0c:
                    09:e4:17:e1:5c:9a:54:91:96:e3:7e:c9:3d:2d:45:
                    cf:8e:99:97:1c:24:8a:23:98:11:fb:bb:28:66:b3:
                    29:e0:bf:46:a3:f1:12:35:49:94:59:67:c9:ea:04:
                    95:31:fa:01:41:b3:d1:f5:c1:22:2a:5a:60:66:e2:
                    52:09:e1:8f:be:1f:db:04:24:32:08:79:a9:1e:00:
                    e5:83:45:37:bb:f5:31:77:97:17:53:bb:2c:2b:b0:
                    c5:d8:df:d6:f7:b8:0f:c2:44:bd:9a:12:72:ce:ef:
                    06:02:2e:fb:eb:76:73:b7:f4:68:c6:71:4d:d6:93:
                    fc:d4:80:65:99:0f:c3:e2:78:64:b3:56:8b:d7:3e:
                    8c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:41:A7:EC:06:FA:70:C5:5B:EF:A3:A3:5C:65:9A:27:35:15:E4:16
            X509v3 Authority Key Identifier:
                keyid:20:F6:E5:3B:69:7A:D2:63:B4:BA:4E:A4:98:14:36:6A:88:3B:54:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPblO2l60mO0uk6kmBQ2aog7VK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/PUGn7Ab6cMVb76OjXGWaJzUV5BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/IPblO2l60mO0uk6kmBQ2aog7VK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:7f:2d:4b:8e:a8:ac:bf:d3:25:31:e0:ee:33:01:42:3d:be:
         19:21:c2:e9:fa:5f:2f:db:92:1a:61:41:b6:19:37:12:bb:48:
         ec:7c:71:02:1c:f5:b9:a1:87:6a:93:6a:07:c4:1c:bb:1e:0d:
         6e:ff:17:1e:cf:dd:4b:e5:3d:e0:a7:02:34:ae:73:29:a9:d9:
         f1:7b:14:19:21:c3:e7:4f:7b:b6:99:9e:d1:53:1c:af:c2:4f:
         e3:88:4e:22:9d:47:42:c4:03:04:98:81:62:67:bc:3b:33:d0:
         14:23:d9:91:2b:f8:fc:f3:e5:f3:e1:5f:a1:c5:b8:24:a8:08:
         1c:c6:17:1a:3a:c8:44:06:1b:30:e0:03:5b:5e:d9:8c:1d:0a:
         57:4c:17:1a:1b:f9:c6:9c:47:04:4a:bf:03:06:db:ad:ec:d3:
         76:80:2b:5f:32:60:e6:14:4a:f4:cd:87:8c:54:d0:1c:55:9d:
         2f:0d:b7:7a:c6:0d:d5:98:d3:86:5b:0d:d0:2e:8d:af:87:d9:
         26:ba:76:c2:a4:47:ab:1a:3a:5f:e9:1a:52:f5:6f:cd:11:18:
         f6:44:93:a2:1f:bc:e3:c2:5b:d6:fd:f8:b0:66:4f:c7:c5:6f:
         1a:b4:ce:0d:5f:05:63:70:23:ef:1e:74:d6:79:c5:f6:c6:70:
         1d:ed:84:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4NMYROS980lbKTx9ZNze7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjZlNTNiNjk3YWQyNjNiNGJhNGVhNDk4MTQzNjZhODgz
YjU0YWQwHhcNMjYwMTAxMDYxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDQxYTdlYzA2ZmE3MGM1NWJlZmEzYTM1YzY1OWEyNzM1MTVlNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b04oBOtGs0BeELZZYjuFTde7JWo
HKuBK1DQMOUCV9DtF896orhcmp4MPSrpkEA0CAMP1R8y2xXMsVrEoHjsbJLOcuJt
HGoAd2xbSZ/DATdr/Efgj+9Ibs3+rSs2C0/MQpr1QSw+zcmmUhohnd9Hs7rr4nwF
9wwJ5BfhXJpUkZbjfsk9LUXPjpmXHCSKI5gR+7soZrMp4L9Go/ESNUmUWWfJ6gSV
MfoBQbPR9cEiKlpgZuJSCeGPvh/bBCQyCHmpHgDlg0U3u/Uxd5cXU7ssK7DF2N/W
97gPwkS9mhJyzu8GAi7763Zzt/RoxnFN1pP81IBlmQ/D4nhks1aL1z6MrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD1Bp+wG+nDFW++jo1xlmic1FeQWMB8GA1UdIwQY
MBaAFCD25TtpetJjtLpOpJgUNmqIO1StMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBibE8ybDYwbU8wdWs2a21CUTJhb2c3VkswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9lNzU3NmEtNDM2My00OTg0LWI0Yzct
YjFmMjljY2NjZTU1LzEvUFVHbjdBYjZjTVZiNzZPalhHV2FKelVWNUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9lNzU3NmEtNDM2My00OTg0LWI0YzctYjFmMjljY2NjZTU1
LzEvSVBibE8ybDYwbU8wdWs2a21CUTJhb2c3VkswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAqM
MA0GCSqGSIb3DQEBCwUAA4IBAQCMfy1Ljqisv9MlMeDuMwFCPb4ZIcLp+l8v25Ia
YUG2GTcSu0jsfHECHPW5oYdqk2oHxBy7Hg1u/xcez91L5T3gpwI0rnMpqdnxexQZ
IcPnT3u2mZ7RUxyvwk/jiE4inUdCxAMEmIFiZ7w7M9AUI9mRK/j88+Xz4V+hxbgk
qAgcxhcaOshEBhsw4ANbXtmMHQpXTBcaG/nGnEcESr8DBtut7NN2gCtfMmDmFEr0
zYeMVNAcVZ0vDbd6xg3VmNOGWw3QLo2vh9kmunbCpEerGjpf6RpS9W/NERj2RJOi
H7zjwlvW/fiwZk/HxW8atM4NXwVjcCPvHnTWecX2xnAd7YRe
-----END CERTIFICATE-----