Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/KA7dGrzhOQMG7_5Ikp2IvxS1PBo.roa
File:                     KA7dGrzhOQMG7_5Ikp2IvxS1PBo.roa (raw, json)
Hash identifier:          /KEyJ5aLisoBqoGHi7wko4VMmBTnFGEKwHIeaOcJOUo=
Subject key identifier:   28:0E:DD:1A:BC:E1:39:03:06:EF:FE:48:92:9D:88:BF:14:B5:3C:1A
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019D0083C8AEAED7F1FC40DB11FFB4D0E3A9
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/KA7dGrzhOQMG7_5Ikp2IvxS1PBo.roa
Signing time:             Wed 18 Mar 2026 10:35:29 +0000
ROA not before:           Wed 18 Mar 2026 10:35:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61272
IP address blocks:        158.173.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:83:c8:ae:ae:d7:f1:fc:40:db:11:ff:b4:d0:e3:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Mar 18 10:35:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=280edd1abce1390306effe48929d88bf14b53c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:aa:87:07:97:df:bf:6e:2e:0a:8d:a0:33:61:
                    96:f1:51:f1:ae:2b:be:bb:81:18:8a:7e:f4:6e:d5:
                    ed:51:8a:7f:86:cd:29:78:6f:83:66:72:df:9d:d2:
                    21:e5:4b:39:0c:af:9c:6e:bc:ba:cf:9f:6a:e1:ea:
                    1a:90:74:7f:b4:39:a9:53:4c:84:9b:14:2b:ce:9b:
                    d1:59:96:e4:b8:bc:94:36:de:fb:9e:bc:11:df:33:
                    2c:f5:05:7a:e0:04:f2:aa:d7:50:8f:ff:40:57:4d:
                    a2:76:0e:3e:75:0b:39:8e:ec:a3:73:bd:29:30:8f:
                    ee:f5:e2:fb:9d:c1:98:32:f9:df:1f:17:a7:93:d9:
                    75:cb:c3:de:73:ea:f7:97:53:6a:78:d3:bb:95:ee:
                    5d:aa:72:ed:2b:ce:1d:be:b6:03:db:c1:10:ca:b6:
                    de:b1:f1:63:81:6f:6b:bc:97:cd:22:e4:f4:03:23:
                    93:b1:2c:d4:e8:8d:cb:5c:cc:65:23:75:3c:f5:7e:
                    e3:70:ce:43:8b:65:80:02:59:ba:6f:cc:5b:7f:39:
                    67:90:13:4f:f1:b9:06:50:20:10:e3:8a:01:fa:cd:
                    71:a1:5f:a8:d9:9c:3c:60:77:89:78:b8:16:65:5d:
                    9f:04:9f:09:66:44:47:af:8c:11:9f:a5:00:3b:34:
                    62:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:0E:DD:1A:BC:E1:39:03:06:EF:FE:48:92:9D:88:BF:14:B5:3C:1A
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/KA7dGrzhOQMG7_5Ikp2IvxS1PBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:66:52:d1:b6:e7:2c:44:05:c8:61:77:1f:67:fa:bf:27:39:
         88:b8:a8:c9:ef:59:79:e1:45:1f:31:1c:a0:c6:47:00:7b:fe:
         b9:d3:32:9a:fa:f7:f6:d5:09:27:47:03:a2:e7:68:f2:df:d5:
         01:dd:09:2d:cb:c2:5b:e8:71:d7:ff:c7:26:4d:d0:4b:cd:a8:
         36:61:5d:9f:de:06:eb:65:b6:bb:a2:84:cb:f9:4a:27:94:e7:
         43:9b:06:82:85:36:87:23:b5:f4:93:ac:58:5b:17:15:5d:9c:
         66:bc:64:c7:e1:a7:60:76:d8:f9:16:99:56:36:d2:71:19:a8:
         18:5f:22:67:96:5d:94:c1:34:45:54:26:7f:bd:bb:b6:51:13:
         ed:b7:b8:78:86:80:72:cd:bf:cd:f9:1e:0c:5c:d5:a7:fb:ad:
         3e:d0:2a:f8:7f:45:e9:3e:ac:73:cf:6e:d7:e6:dd:61:c2:53:
         ec:3d:91:a5:74:58:d3:9e:1d:a8:fb:98:d2:c7:3e:0d:38:d3:
         48:bf:a4:e3:95:18:75:4f:69:48:f9:b9:0f:9d:4c:98:f7:68:
         9a:f4:8a:6f:8f:6b:2f:49:98:02:34:49:90:8b:11:b9:c4:4d:
         c7:d4:25:23:61:a8:b5:0b:00:12:a2:65:67:55:72:06:78:65:
         8e:90:20:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Ag8iurtfx/EDbEf+00OOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMzE4MTAzNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODBlZGQxYWJjZTEzOTAzMDZlZmZlNDg5MjlkODhiZjE0YjUzYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76qHB5ffv24uCo2gM2GW8VHxriu+
u4EYin70btXtUYp/hs0peG+DZnLfndIh5Us5DK+cbry6z59q4eoakHR/tDmpU0yE
mxQrzpvRWZbkuLyUNt77nrwR3zMs9QV64ATyqtdQj/9AV02idg4+dQs5juyjc70p
MI/u9eL7ncGYMvnfHxenk9l1y8Pec+r3l1NqeNO7le5dqnLtK84dvrYD28EQyrbe
sfFjgW9rvJfNIuT0AyOTsSzU6I3LXMxlI3U89X7jcM5Di2WAAlm6b8xbfzlnkBNP
8bkGUCAQ44oB+s1xoV+o2Zw8YHeJeLgWZV2fBJ8JZkRHr4wRn6UAOzRiwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgO3Rq84TkDBu/+SJKdiL8UtTwaMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvS0E3ZEdyemhPUU1HN181SWtwMkl2eFMxUEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq1PMA0G
CSqGSIb3DQEBCwUAA4IBAQBsZlLRtucsRAXIYXcfZ/q/JzmIuKjJ71l54UUfMRyg
xkcAe/650zKa+vf21QknRwOi52jy39UB3Qkty8Jb6HHX/8cmTdBLzag2YV2f3gbr
Zba7ooTL+UonlOdDmwaChTaHI7X0k6xYWxcVXZxmvGTH4adgdtj5FplWNtJxGagY
XyJnll2UwTRFVCZ/vbu2URPtt7h4hoByzb/N+R4MXNWn+60+0Cr4f0XpPqxzz27X
5t1hwlPsPZGldFjTnh2o+5jSxz4NONNIv6TjlRh1T2lI+bkPnUyY92ia9Ipvj2sv
SZgCNEmQixG5xE3H1CUjYai1CwASomVnVXIGeGWOkCAb
-----END CERTIFICATE-----