Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PuKa_y8AhmY-2qYMYDokCh_kRN0.roa
File:                     PuKa_y8AhmY-2qYMYDokCh_kRN0.roa (raw, json)
Hash identifier:          qCRPbDnwSD6cXHrdnieeUJe18z6ly2Qv9xemL+7kRD4=
Subject key identifier:   3E:E2:9A:FF:2F:00:86:66:3E:DA:A6:0C:60:3A:24:0A:1F:E4:44:DD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D3FADAA98A4787AA4304A15E29F5F2090
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PuKa_y8AhmY-2qYMYDokCh_kRN0.roa
Signing time:             Mon 30 Mar 2026 16:57:19 +0000
ROA not before:           Mon 30 Mar 2026 16:57:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207567
IP address blocks:        217.60.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:ad:aa:98:a4:78:7a:a4:30:4a:15:e2:9f:5f:20:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 30 16:57:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ee29aff2f0086663edaa60c603a240a1fe444dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c8:10:7e:2c:2a:09:2b:fa:f4:ac:29:9e:44:
                    a0:2a:cd:3c:d1:09:e1:62:b3:3e:5e:88:51:d6:f7:
                    36:ca:88:cf:f1:e3:2b:cc:87:59:3f:7b:cf:b3:88:
                    a2:d3:45:5e:c6:96:ff:4f:ff:88:54:a0:8f:c4:98:
                    77:4f:ac:ae:3b:53:5f:0a:c5:73:9c:50:68:a1:1e:
                    29:02:73:93:76:0c:73:bd:c3:bf:5e:59:9c:41:bd:
                    c9:41:ef:e2:0d:e0:38:27:f8:fa:38:36:64:da:91:
                    f5:ee:ad:b5:d8:4d:81:75:82:eb:65:6e:48:7e:83:
                    fb:6c:8f:e0:ea:8a:e4:30:7b:49:2d:a1:6d:9a:7d:
                    36:75:78:45:d8:04:de:7a:36:ec:41:d1:b1:78:d3:
                    c4:42:c5:af:0a:3f:d5:cb:e0:3f:0d:69:91:35:bb:
                    92:ba:e4:5e:2c:9d:82:b1:b6:cc:48:44:09:1b:b2:
                    4d:ac:a1:1a:09:10:e7:cc:f2:43:dc:c1:af:68:f4:
                    d9:26:24:52:c4:14:81:8f:55:27:15:f2:ec:27:b8:
                    7b:9a:62:60:bd:a8:e0:54:bb:89:f9:ab:6f:18:92:
                    f2:16:be:5b:e1:b3:5f:35:c6:57:b4:5d:ea:ba:7b:
                    6f:6f:8d:a5:3c:9f:73:a3:a2:8b:33:97:11:ff:1a:
                    18:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E2:9A:FF:2F:00:86:66:3E:DA:A6:0C:60:3A:24:0A:1F:E4:44:DD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PuKa_y8AhmY-2qYMYDokCh_kRN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:86:39:49:13:31:80:61:ae:25:f9:1b:1f:e7:33:33:fc:27:
         2c:7a:f3:52:53:4e:5c:34:10:eb:1f:47:da:68:7b:db:9f:32:
         10:8e:c0:cd:b6:56:43:77:36:8d:2e:a4:47:58:d5:ce:b2:af:
         c2:1f:b4:d8:54:45:e0:bd:37:cd:14:a4:db:1f:68:4d:c0:04:
         d7:68:9d:77:15:df:2f:b0:5d:89:80:c8:a9:0f:70:fd:23:1e:
         c9:dc:01:f7:90:5d:aa:db:64:8d:5f:2f:f9:50:bc:1d:9b:fd:
         58:a4:2c:d4:b0:d9:f5:b5:19:5c:1b:ce:83:9c:b9:ec:a7:67:
         7f:d8:89:e7:4a:15:a1:36:ee:be:15:1f:7f:09:24:2e:36:c5:
         27:2b:32:d1:2c:fe:6c:2b:9f:ab:68:49:5c:85:4e:75:f9:8a:
         a5:e9:17:9b:18:21:d2:b6:75:7b:a8:43:de:e9:2c:2a:d5:e8:
         34:fe:03:0c:50:51:07:0a:df:18:79:6a:35:29:7b:65:31:6b:
         4a:f8:50:1b:f4:eb:9d:45:0a:6c:52:2e:3f:c8:a7:c8:a3:7f:
         11:a9:43:7f:4b:3f:96:92:bf:92:c0:73:8a:56:52:f5:5b:f9:
         4a:25:d2:c6:4a:97:da:04:20:3e:7d:5c:ee:de:d3:0a:c3:6c:
         67:e0:1e:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/raqYpHh6pDBKFeKfXyCQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzMwMTY1NzE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWUyOWFmZjJmMDA4NjY2M2VkYWE2MGM2MDNhMjQwYTFmZTQ0NGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8gQfiwqCSv69KwpnkSgKs080Qnh
YrM+XohR1vc2yojP8eMrzIdZP3vPs4ii00Vexpb/T/+IVKCPxJh3T6yuO1NfCsVz
nFBooR4pAnOTdgxzvcO/XlmcQb3JQe/iDeA4J/j6ODZk2pH17q212E2BdYLrZW5I
foP7bI/g6orkMHtJLaFtmn02dXhF2ATeejbsQdGxeNPEQsWvCj/Vy+A/DWmRNbuS
uuReLJ2CsbbMSEQJG7JNrKEaCRDnzPJD3MGvaPTZJiRSxBSBj1UnFfLsJ7h7mmJg
vajgVLuJ+atvGJLyFr5b4bNfNcZXtF3quntvb42lPJ9zo6KLM5cR/xoY1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7imv8vAIZmPtqmDGA6JAof5ETdMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUHVLYV95OEFobVktMnFZTVlEb2tDaF9rUk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TwZMA0G
CSqGSIb3DQEBCwUAA4IBAQBWhjlJEzGAYa4l+Rsf5zMz/CcsevNSU05cNBDrH0fa
aHvbnzIQjsDNtlZDdzaNLqRHWNXOsq/CH7TYVEXgvTfNFKTbH2hNwATXaJ13Fd8v
sF2JgMipD3D9Ix7J3AH3kF2q22SNXy/5ULwdm/1YpCzUsNn1tRlcG86DnLnsp2d/
2InnShWhNu6+FR9/CSQuNsUnKzLRLP5sK5+raElchU51+Yql6RebGCHStnV7qEPe
6Swq1eg0/gMMUFEHCt8YeWo1KXtlMWtK+FAb9OudRQpsUi4/yKfIo38RqUN/Sz+W
kr+SwHOKVlL1W/lKJdLGSpfaBCA+fVzu3tMKw2xn4B6e
-----END CERTIFICATE-----