Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/_kXaQ2FdCpwF3M9nzoyWI9BFlCQ.roa
File:                     _kXaQ2FdCpwF3M9nzoyWI9BFlCQ.roa (raw, json)
Hash identifier:          97UVb+hen49ZRqbTWGdoa5CM13JgLH3wxGVphYzTsW0=
Subject key identifier:   FE:45:DA:43:61:5D:0A:9C:05:DC:CF:67:CE:8C:96:23:D0:45:94:24
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       0199618582ADB723B53EF86159C1B604D31D
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/_kXaQ2FdCpwF3M9nzoyWI9BFlCQ.roa
Signing time:             Fri 19 Sep 2025 10:29:23 +0000
ROA not before:           Fri 19 Sep 2025 10:29:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        158.173.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:85:82:ad:b7:23:b5:3e:f8:61:59:c1:b6:04:d3:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Sep 19 10:29:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe45da43615d0a9c05dccf67ce8c9623d0459424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:53:dc:6d:a7:d1:3b:4b:66:4b:c2:29:9c:c5:
                    8a:97:ed:a8:13:6c:c1:69:c3:05:f5:08:c8:9d:76:
                    da:d5:cd:1e:2d:d0:c1:48:2d:f0:79:50:09:70:c5:
                    c6:50:71:0a:04:51:56:0c:75:15:82:a4:04:85:18:
                    96:18:e2:1e:18:92:fa:ce:c3:eb:83:f9:69:3a:5e:
                    da:48:1e:24:27:2e:d4:12:6b:2f:05:70:ae:e8:d3:
                    47:9b:bb:0b:07:9d:49:d9:c1:78:81:13:cf:9e:1e:
                    e5:5e:e0:a6:7f:81:01:fa:42:d8:5c:bd:8d:29:e5:
                    b2:28:8a:c9:98:7d:fd:3a:e1:47:f2:1a:5e:99:fd:
                    b8:49:c0:e2:ff:ab:9a:6f:09:55:bb:ce:4d:a5:e6:
                    dd:7c:b0:f6:7f:f4:6c:bf:18:f1:dc:85:04:0d:16:
                    44:aa:ff:30:89:bc:6f:53:56:8f:aa:f7:20:52:61:
                    51:f3:58:49:dc:43:7d:82:da:f9:91:aa:62:84:70:
                    e9:f8:42:57:b4:ad:44:0d:43:6b:d3:65:ed:d4:b9:
                    37:6f:ea:7a:27:9c:07:c1:6d:7d:99:61:64:55:95:
                    ea:1a:78:40:c6:40:a4:f9:bc:60:f4:08:a4:40:ea:
                    e6:d4:9a:d3:28:8b:1a:d5:84:e1:44:e0:b0:bc:1c:
                    c8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:45:DA:43:61:5D:0A:9C:05:DC:CF:67:CE:8C:96:23:D0:45:94:24
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/_kXaQ2FdCpwF3M9nzoyWI9BFlCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:6b:bc:e8:7f:01:cd:b1:44:38:9e:db:29:25:be:48:15:36:
         c2:e3:85:07:4a:09:83:91:49:8d:51:91:ed:d3:d2:42:49:19:
         ce:cf:bc:b5:ce:1e:4a:70:0c:d3:cf:69:9e:23:e6:25:71:11:
         26:9a:49:d6:4e:f9:62:ab:cc:16:4c:9f:75:77:59:c4:29:cc:
         4b:90:09:4a:c5:a6:47:79:e7:00:d4:38:dc:31:03:c7:e8:d8:
         44:2b:0f:02:08:41:df:b6:d2:5b:ad:fc:9c:67:8d:8f:1f:75:
         95:4a:34:d4:1e:a4:f6:b3:0c:a8:63:0f:80:9a:2a:d3:69:68:
         9e:4b:5a:1d:4b:b3:2c:3f:ff:b2:6b:13:cc:2a:84:fd:13:39:
         1a:62:62:a1:85:b8:e8:ea:5b:21:f1:c8:27:bf:3f:91:45:44:
         cd:9a:f5:b6:17:45:85:1d:36:2c:49:b8:2e:c5:33:37:4b:64:
         72:66:7c:3b:eb:e3:ad:65:e2:fa:27:90:f1:5d:aa:a2:d9:28:
         ef:91:d3:6e:ee:8f:9b:ab:87:44:81:24:a4:8c:9a:52:35:34:
         8a:c5:1d:51:e3:3d:96:ce:f5:18:c6:88:9a:87:8c:86:f9:8f:
         80:c1:32:a3:11:5f:d6:e1:c0:04:20:ef:49:55:c4:4d:52:0b:
         3c:4b:fc:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlhhYKttyO1PvhhWcG2BNMdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjUwOTE5MTAyOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTQ1ZGE0MzYxNWQwYTljMDVkY2NmNjdjZThjOTYyM2QwNDU5NDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlPcbafRO0tmS8IpnMWKl+2oE2zB
acMF9QjInXba1c0eLdDBSC3weVAJcMXGUHEKBFFWDHUVgqQEhRiWGOIeGJL6zsPr
g/lpOl7aSB4kJy7UEmsvBXCu6NNHm7sLB51J2cF4gRPPnh7lXuCmf4EB+kLYXL2N
KeWyKIrJmH39OuFH8hpemf24ScDi/6uabwlVu85NpebdfLD2f/Rsvxjx3IUEDRZE
qv8wibxvU1aPqvcgUmFR81hJ3EN9gtr5kapihHDp+EJXtK1EDUNr02Xt1Lk3b+p6
J5wHwW19mWFkVZXqGnhAxkCk+bxg9AikQOrm1JrTKIsa1YThROCwvBzIsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5F2kNhXQqcBdzPZ86MliPQRZQkMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvX2tYYVEyRmRDcHdGM005bnpveVdJOUJGbENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0kMA0G
CSqGSIb3DQEBCwUAA4IBAQBGa7zofwHNsUQ4ntspJb5IFTbC44UHSgmDkUmNUZHt
09JCSRnOz7y1zh5KcAzTz2meI+YlcREmmknWTvliq8wWTJ91d1nEKcxLkAlKxaZH
eecA1DjcMQPH6NhEKw8CCEHfttJbrfycZ42PH3WVSjTUHqT2swyoYw+AmirTaWie
S1odS7MsP/+yaxPMKoT9EzkaYmKhhbjo6lsh8cgnvz+RRUTNmvW2F0WFHTYsSbgu
xTM3S2RyZnw76+OtZeL6J5DxXaqi2SjvkdNu7o+bq4dEgSSkjJpSNTSKxR1R4z2W
zvUYxoiah4yG+Y+AwTKjEV/W4cAEIO9JVcRNUgs8S/zP
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:40 2025 by rpki-client