Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/GXpZDHxC1uL7NvE0ywWqLVqRrk8.roa
File:                     GXpZDHxC1uL7NvE0ywWqLVqRrk8.roa (raw, json)
Hash identifier:          ai/mmM4j8VsPqFI9x8nXmUtvk80B5eZwfm0bEbylEzw=
Subject key identifier:   19:7A:59:0C:7C:42:D6:E2:FB:36:F1:34:CB:05:AA:2D:5A:91:AE:4F
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019D00824793C4FB458F4647BEF4452BCA24
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/GXpZDHxC1uL7NvE0ywWqLVqRrk8.roa
Signing time:             Wed 18 Mar 2026 10:33:51 +0000
ROA not before:           Wed 18 Mar 2026 10:33:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        158.173.36.0/24 maxlen: 24
                          158.173.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:82:47:93:c4:fb:45:8f:46:47:be:f4:45:2b:ca:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Mar 18 10:33:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=197a590c7c42d6e2fb36f134cb05aa2d5a91ae4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fc:b0:39:b0:d8:66:e2:ba:47:9c:a4:ff:f9:
                    e9:30:64:0c:64:0c:80:fc:cb:ec:4e:e0:df:60:f2:
                    3f:2d:b7:85:c0:ed:f2:e3:5e:fb:31:da:2e:3a:17:
                    81:95:f5:af:60:fa:50:0b:43:88:91:d9:21:2d:db:
                    4f:04:84:63:1a:29:e4:1b:06:f7:29:9b:62:8a:1b:
                    b6:c9:af:fc:f0:50:e7:e0:01:71:06:aa:b9:c7:d3:
                    83:57:4e:42:48:43:0e:27:e3:d8:79:35:57:4e:f2:
                    25:b5:56:04:4a:fa:5d:f0:46:60:9e:e4:08:4f:bd:
                    1f:53:61:e2:e8:30:66:b9:3a:d1:6b:56:1e:3e:89:
                    c8:88:9a:e1:5d:43:fb:2d:6b:49:be:2f:44:ea:42:
                    26:dc:8d:e2:00:c4:50:c2:31:d7:eb:6a:83:22:51:
                    f4:f4:02:46:d4:83:a0:65:b8:c9:bd:88:12:f4:52:
                    d4:78:8f:7d:df:28:ca:cf:7a:fd:fd:bb:51:83:05:
                    ac:15:4c:55:34:6a:b1:bb:eb:9c:1a:af:62:36:a3:
                    c3:5c:bc:4f:b6:32:b6:08:fd:41:0b:9e:bd:20:b5:
                    67:17:4c:cc:23:8c:2c:8a:69:d5:07:bc:10:e2:c4:
                    70:a9:19:f5:bf:af:a3:10:19:0c:b7:68:ba:fd:08:
                    dc:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:7A:59:0C:7C:42:D6:E2:FB:36:F1:34:CB:05:AA:2D:5A:91:AE:4F
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/GXpZDHxC1uL7NvE0ywWqLVqRrk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.36.0/24
                  158.173.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:c0:70:67:31:1b:d3:b5:73:19:52:89:5c:32:86:bc:b7:09:
         18:b2:86:bd:8e:5b:8b:42:a2:a4:7a:df:5f:ab:f5:26:42:97:
         38:3e:e4:81:c1:9f:92:ff:59:86:b6:f5:08:f1:e8:4e:81:5e:
         21:07:7e:49:2b:35:60:98:24:1e:83:cf:fa:fc:35:60:09:8f:
         69:d1:e0:1c:fd:98:43:b1:94:aa:ed:07:3a:37:5e:ac:8c:01:
         21:a0:d7:cb:c4:2e:08:a4:0c:34:1d:8c:f0:32:c0:31:1f:80:
         21:b3:7e:e4:ca:0f:2b:9b:ad:e8:ae:4f:c4:ad:94:c4:03:57:
         37:28:96:fc:a1:6d:b9:4b:c3:9a:03:08:a8:42:a2:80:32:2a:
         97:8c:f7:81:3c:91:d0:5e:a2:2d:1d:f7:2b:a7:9f:44:a3:89:
         23:06:7d:1a:79:d1:95:c8:9b:06:c8:99:fe:82:1c:df:58:63:
         b2:28:ae:50:8e:16:be:9d:8a:8c:ee:58:d0:ed:be:75:6a:4c:
         44:5b:f0:39:19:5e:a7:2d:15:fe:09:b8:bc:3b:00:38:9b:41:
         85:26:25:8e:ec:97:18:0c:50:b3:b7:56:e8:3d:dd:b1:33:bd:
         34:f9:cf:ea:a7:57:e1:a3:5e:d3:2d:39:e6:bf:a1:69:2c:76:
         f7:ec:2c:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0AgkeTxPtFj0ZHvvRFK8okMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMzE4MTAzMzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTdhNTkwYzdjNDJkNmUyZmIzNmYxMzRjYjA1YWEyZDVhOTFhZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfywObDYZuK6R5yk//npMGQMZAyA
/MvsTuDfYPI/LbeFwO3y4177MdouOheBlfWvYPpQC0OIkdkhLdtPBIRjGinkGwb3
KZtiihu2ya/88FDn4AFxBqq5x9ODV05CSEMOJ+PYeTVXTvIltVYESvpd8EZgnuQI
T70fU2Hi6DBmuTrRa1YePonIiJrhXUP7LWtJvi9E6kIm3I3iAMRQwjHX62qDIlH0
9AJG1IOgZbjJvYgS9FLUeI993yjKz3r9/btRgwWsFUxVNGqxu+ucGq9iNqPDXLxP
tjK2CP1BC569ILVnF0zMI4wsimnVB7wQ4sRwqRn1v6+jEBkMt2i6/Qjc+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBl6WQx8Qtbi+zbxNMsFqi1aka5PMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvR1hwWkRIeEMxdUw3TnZFMHl3V3FMVnFScms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAnq0kAwQA
nq1NMA0GCSqGSIb3DQEBCwUAA4IBAQBWwHBnMRvTtXMZUolcMoa8twkYsoa9jluL
QqKket9fq/UmQpc4PuSBwZ+S/1mGtvUI8ehOgV4hB35JKzVgmCQeg8/6/DVgCY9p
0eAc/ZhDsZSq7Qc6N16sjAEhoNfLxC4IpAw0HYzwMsAxH4Ahs37kyg8rm63ork/E
rZTEA1c3KJb8oW25S8OaAwioQqKAMiqXjPeBPJHQXqItHfcrp59Eo4kjBn0aedGV
yJsGyJn+ghzfWGOyKK5Qjha+nYqM7ljQ7b51akxEW/A5GV6nLRX+Cbi8OwA4m0GF
JiWO7JcYDFCzt1boPd2xM700+c/qp1fho17TLTnmv6FpLHb37CzY
-----END CERTIFICATE-----