Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/PisELHxCj9Tij4-2sem6RSDPu4M.roa
File:                     PisELHxCj9Tij4-2sem6RSDPu4M.roa (raw, json)
Hash identifier:          oGOd3HB+uRNlF70fF+XYGkQK02LLgQH4jFhzBp8FfFE=
Subject key identifier:   3E:2B:04:2C:7C:42:8F:D4:E2:8F:8F:B6:B1:E9:BA:45:20:CF:BB:83
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019D4518AB4864A955061ABAD88B8EFDE4E1
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/PisELHxCj9Tij4-2sem6RSDPu4M.roa
Signing time:             Tue 31 Mar 2026 18:12:17 +0000
ROA not before:           Tue 31 Mar 2026 18:12:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214526
IP address blocks:        85.133.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:45:18:ab:48:64:a9:55:06:1a:ba:d8:8b:8e:fd:e4:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Mar 31 18:12:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e2b042c7c428fd4e28f8fb6b1e9ba4520cfbb83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:05:cb:5d:c1:33:62:37:c2:99:66:47:84:f2:
                    54:59:c8:e8:22:a0:f0:64:94:8c:fb:9f:72:80:6e:
                    32:e7:c8:1f:91:2c:84:92:c4:be:fd:20:9b:1e:8a:
                    ac:59:dd:fd:31:e2:d4:ce:62:9b:e5:75:2e:2a:68:
                    ed:9b:cc:3e:c7:91:d7:b3:0f:13:8d:e9:ab:ec:8e:
                    84:c7:b1:b7:a0:e4:4c:c5:c1:d8:bd:4e:a2:20:93:
                    36:f5:c6:48:1d:c7:b8:6d:f3:98:bc:e6:f8:da:12:
                    34:58:0a:43:72:bd:40:b8:15:89:5f:37:68:31:32:
                    66:03:8d:b9:8f:79:20:7a:46:fb:a2:a7:68:e1:0c:
                    d8:6b:67:37:1e:05:71:be:7d:14:0f:da:a3:dd:33:
                    ec:b0:92:ac:d9:f6:22:44:a5:f0:37:b2:3c:df:14:
                    01:ec:0e:10:db:47:a6:08:4a:23:64:5c:77:cb:9e:
                    be:8a:6f:d6:e4:08:bc:53:9f:58:77:10:6c:bc:e1:
                    56:d7:29:2e:fb:36:68:55:ab:2b:6a:51:57:22:a9:
                    d6:ba:7c:19:b8:9a:a4:b4:70:d8:81:0b:5c:94:be:
                    80:5a:93:48:0b:3c:13:30:82:89:b6:f1:11:7a:6c:
                    80:f8:08:53:81:3f:19:6a:ff:3b:8e:b7:50:d3:a0:
                    7f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2B:04:2C:7C:42:8F:D4:E2:8F:8F:B6:B1:E9:BA:45:20:CF:BB:83
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/PisELHxCj9Tij4-2sem6RSDPu4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ef:04:f7:56:ca:74:1a:ca:e6:79:97:df:e6:9f:b3:c5:4d:
         6f:19:7f:16:c6:4e:f1:19:e9:be:f6:42:59:93:3f:56:d4:b0:
         df:61:f8:dc:b3:94:53:ea:ec:d1:03:7f:44:26:8a:f6:df:6a:
         19:aa:9c:e9:83:92:02:3a:94:25:7a:c9:c6:87:4d:8a:99:8d:
         86:07:f6:cc:4f:83:54:c1:8f:71:bb:d9:45:a5:cc:37:47:00:
         45:25:c1:17:5c:00:c6:33:98:4d:da:df:d0:87:c4:ae:28:cc:
         3e:f6:52:4d:b2:78:25:63:b4:09:52:72:b8:bd:a2:9a:61:0f:
         b0:b3:65:bb:91:e0:e6:d2:ad:35:bd:57:32:6b:17:d1:28:cf:
         10:7a:bf:83:f4:2e:2a:45:18:6c:de:7e:e7:0b:30:f0:ae:bb:
         46:f3:96:23:f3:22:4e:b1:ae:53:e9:72:c6:cc:69:40:98:db:
         ff:0a:6d:05:d5:ba:e2:9c:4d:17:c9:70:d5:96:40:25:23:23:
         4f:18:4d:90:c4:14:a5:69:7e:51:bf:b7:e7:22:4f:1c:4a:f7:
         ef:0b:c8:a2:c5:46:75:a9:dc:49:71:a4:cd:a6:91:a3:fe:9c:
         83:27:89:f0:69:35:86:ef:fc:e9:28:39:a7:f4:5e:ab:ca:94:
         9d:11:df:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1FGKtIZKlVBhq62IuO/eThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMzMxMTgxMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTJiMDQyYzdjNDI4ZmQ0ZTI4ZjhmYjZiMWU5YmE0NTIwY2ZiYjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAXLXcEzYjfCmWZHhPJUWcjoIqDw
ZJSM+59ygG4y58gfkSyEksS+/SCbHoqsWd39MeLUzmKb5XUuKmjtm8w+x5HXsw8T
jemr7I6Ex7G3oORMxcHYvU6iIJM29cZIHce4bfOYvOb42hI0WApDcr1AuBWJXzdo
MTJmA425j3kgekb7oqdo4QzYa2c3HgVxvn0UD9qj3TPssJKs2fYiRKXwN7I83xQB
7A4Q20emCEojZFx3y56+im/W5Ai8U59YdxBsvOFW1yku+zZoVasralFXIqnWunwZ
uJqktHDYgQtclL6AWpNICzwTMIKJtvERemyA+AhTgT8Zav87jrdQ06B/0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4rBCx8Qo/U4o+PtrHpukUgz7uDMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvUGlzRUxIeENqOVRpajQtMnNlbTZSU0RQdTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYX8MA0G
CSqGSIb3DQEBCwUAA4IBAQCD7wT3Vsp0GsrmeZff5p+zxU1vGX8Wxk7xGem+9kJZ
kz9W1LDfYfjcs5RT6uzRA39EJor232oZqpzpg5ICOpQlesnGh02KmY2GB/bMT4NU
wY9xu9lFpcw3RwBFJcEXXADGM5hN2t/Qh8SuKMw+9lJNsnglY7QJUnK4vaKaYQ+w
s2W7keDm0q01vVcyaxfRKM8Qer+D9C4qRRhs3n7nCzDwrrtG85Yj8yJOsa5T6XLG
zGlAmNv/Cm0F1brinE0XyXDVlkAlIyNPGE2QxBSlaX5Rv7fnIk8cSvfvC8iixUZ1
qdxJcaTNppGj/pyDJ4nwaTWG7/zpKDmn9F6rypSdEd9J
-----END CERTIFICATE-----