Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/rhdlIPf0kldmF9zarlD8waw_XUo.roa
File:                     rhdlIPf0kldmF9zarlD8waw_XUo.roa (raw, json)
Hash identifier:          k5ckTcIRM+plzWJGrblXeTQwycMXQLLi0LTQTmpE/UQ=
Subject key identifier:   AE:17:65:20:F7:F4:92:57:66:17:DC:DA:AE:50:FC:C1:AC:3F:5D:4A
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       0199E7EC7C27490EF5D0ED28B3240FC0E7E7
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/rhdlIPf0kldmF9zarlD8waw_XUo.roa
Signing time:             Wed 15 Oct 2025 12:50:59 +0000
ROA not before:           Wed 15 Oct 2025 12:50:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400696
IP address blocks:        158.173.35.0/24 maxlen: 24
                          158.173.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:ec:7c:27:49:0e:f5:d0:ed:28:b3:24:0f:c0:e7:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Oct 15 12:50:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae176520f7f492576617dcdaae50fcc1ac3f5d4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:70:a1:2e:00:d4:14:01:f5:88:42:42:8f:fb:
                    d2:4d:84:52:77:93:61:e1:1e:21:81:0a:47:6b:8c:
                    3e:3f:41:f8:d6:28:66:e4:7d:c0:20:76:cb:a4:81:
                    72:8a:53:99:3b:67:7a:8e:d2:f5:ce:74:75:53:9a:
                    8a:f7:24:3b:4a:91:23:87:b2:b1:42:f9:f4:fc:9b:
                    95:29:a9:8a:a1:70:a1:3a:0f:ce:01:03:7b:91:8a:
                    a1:ef:0b:7a:b8:58:54:59:be:e6:5b:17:00:3c:59:
                    04:a3:96:43:92:3f:05:51:69:dd:08:04:8e:11:46:
                    9c:b0:63:e5:4d:a4:20:98:3e:b6:3a:10:45:c0:ae:
                    49:c3:d4:24:7e:9d:60:e1:ed:64:d1:db:db:e1:42:
                    82:9a:0f:35:c7:ec:a1:d2:04:0e:88:5e:ea:c4:31:
                    d8:51:ca:2d:01:2b:a2:90:07:9b:fe:d5:dc:45:89:
                    c4:e7:88:5e:48:8d:b0:14:8a:6f:fa:ff:af:27:aa:
                    83:02:7c:3f:2d:16:7f:40:16:24:d9:43:a0:a8:f1:
                    b6:05:9d:30:c5:a6:f1:a4:e4:87:36:b9:cd:96:93:
                    13:0a:c3:da:be:34:67:c8:86:8b:31:2d:99:63:5c:
                    8b:d5:bc:e6:b1:9c:4a:29:47:61:0b:21:04:fe:4b:
                    5d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:17:65:20:F7:F4:92:57:66:17:DC:DA:AE:50:FC:C1:AC:3F:5D:4A
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/rhdlIPf0kldmF9zarlD8waw_XUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.35.0/24
                  158.173.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:65:ca:c4:47:5c:0d:e5:00:b1:62:98:9a:a9:83:61:f0:35:
         36:32:19:92:4d:ee:c4:d8:d1:1f:1f:f4:4b:ac:8d:a3:3f:b4:
         92:3c:d0:2b:c3:6a:2f:e2:9c:c4:9d:f3:b7:a3:82:08:7e:b9:
         da:a3:be:5a:84:6f:e8:f5:8b:42:74:80:fb:30:b3:f2:19:ca:
         fa:4c:35:2c:89:86:d6:49:08:60:71:8f:43:0d:1f:5f:25:27:
         36:bd:74:0c:1c:b4:17:dc:e0:02:b1:af:f6:46:7b:0e:c0:1a:
         cb:43:95:d4:a7:b4:72:24:01:1d:4e:4e:5a:96:8c:21:f0:63:
         a9:99:b6:e2:3c:86:58:f5:59:df:19:b7:f0:07:8f:57:63:c6:
         a5:3f:12:93:aa:29:c8:b6:b3:f9:a8:b1:5d:dd:3a:9f:1c:cb:
         b0:71:c1:be:e5:35:da:9c:84:09:e2:d5:df:cb:68:e1:ac:af:
         96:51:f5:32:42:0c:64:20:07:d7:c0:f9:9f:ae:a3:61:da:eb:
         b5:f9:9b:c6:03:87:37:14:e5:8b:fd:d8:92:ac:d9:94:64:e4:
         54:2e:cd:38:da:63:e1:0c:46:ba:ac:29:a7:ed:a3:8b:65:10:
         4a:7f:fc:7d:e7:34:e0:d0:00:31:78:b2:85:f9:d6:12:66:4c:
         53:67:c7:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnn7HwnSQ710O0osyQPwOfnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjUxMDE1MTI1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE3NjUyMGY3ZjQ5MjU3NjYxN2RjZGFhZTUwZmNjMWFjM2Y1ZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunChLgDUFAH1iEJCj/vSTYRSd5Nh
4R4hgQpHa4w+P0H41ihm5H3AIHbLpIFyilOZO2d6jtL1znR1U5qK9yQ7SpEjh7Kx
Qvn0/JuVKamKoXChOg/OAQN7kYqh7wt6uFhUWb7mWxcAPFkEo5ZDkj8FUWndCASO
EUacsGPlTaQgmD62OhBFwK5Jw9Qkfp1g4e1k0dvb4UKCmg81x+yh0gQOiF7qxDHY
UcotASuikAeb/tXcRYnE54heSI2wFIpv+v+vJ6qDAnw/LRZ/QBYk2UOgqPG2BZ0w
xabxpOSHNrnNlpMTCsPavjRnyIaLMS2ZY1yL1bzmsZxKKUdhCyEE/ktduwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK4XZSD39JJXZhfc2q5Q/MGsP11KMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvcmhkbElQZjBrbGRtRjl6YXJsRDh3YXdfWFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAnq0jAwQA
nq0mMA0GCSqGSIb3DQEBCwUAA4IBAQAxZcrER1wN5QCxYpiaqYNh8DU2MhmSTe7E
2NEfH/RLrI2jP7SSPNArw2ov4pzEnfO3o4IIfrnao75ahG/o9YtCdID7MLPyGcr6
TDUsiYbWSQhgcY9DDR9fJSc2vXQMHLQX3OACsa/2RnsOwBrLQ5XUp7RyJAEdTk5a
lowh8GOpmbbiPIZY9VnfGbfwB49XY8alPxKTqinItrP5qLFd3TqfHMuwccG+5TXa
nIQJ4tXfy2jhrK+WUfUyQgxkIAfXwPmfrqNh2uu1+ZvGA4c3FOWL/diSrNmUZORU
Ls042mPhDEa6rCmn7aOLZRBKf/x95zTg0AAxeLKF+dYSZkxTZ8c/
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:54 2025 by rpki-client