Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/yj5bxMYtNcJkVWDxs0AAjqMz_kc.roa
File:                     yj5bxMYtNcJkVWDxs0AAjqMz_kc.roa (raw, json)
Hash identifier:          bugT/WniK0ngTqjECEz+sVbv2cbJbdXJGIyfBWBHc+g=
Subject key identifier:   CA:3E:5B:C4:C6:2D:35:C2:64:55:60:F1:B3:40:00:8E:A3:33:FE:47
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019D007F3450DAE9FD01048D42855223A5E2
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/yj5bxMYtNcJkVWDxs0AAjqMz_kc.roa
Signing time:             Wed 18 Mar 2026 10:30:29 +0000
ROA not before:           Wed 18 Mar 2026 10:30:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206804
IP address blocks:        158.173.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:7f:34:50:da:e9:fd:01:04:8d:42:85:52:23:a5:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Mar 18 10:30:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca3e5bc4c62d35c2645560f1b340008ea333fe47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d2:66:e3:2e:bb:ab:55:f8:d4:dd:83:98:dc:
                    d8:45:41:1c:b1:9e:dd:92:9a:bf:43:2b:aa:38:ea:
                    71:e8:51:13:55:d2:6f:ba:60:17:55:ef:bc:cf:f9:
                    49:a1:6f:60:7e:46:e7:45:37:93:23:dd:b8:71:02:
                    d4:14:ae:6d:61:b1:76:f7:80:99:0d:9b:cb:5c:43:
                    d6:5e:57:b6:32:20:9d:8f:72:03:d9:0d:4f:4c:89:
                    02:1d:98:02:91:a9:ce:c3:f4:01:5e:70:c9:40:f6:
                    c8:f5:66:95:27:c7:5c:06:64:34:3f:40:fd:b8:05:
                    15:be:5c:74:f1:b0:87:46:0f:c7:c7:ee:ff:3b:55:
                    63:04:94:22:67:71:3d:e1:0b:f7:62:5d:84:71:da:
                    e5:20:d6:a3:6a:b0:93:44:3e:c1:13:01:ca:c6:9a:
                    13:f5:01:cf:49:3b:6c:5d:b2:86:eb:3c:8f:91:50:
                    72:dd:c4:94:e2:1c:01:3e:91:ab:17:cf:93:2b:92:
                    21:5f:6c:0e:6b:5e:ed:6a:97:ca:6e:69:7f:66:d5:
                    8b:de:94:5e:f7:5f:a1:75:9d:f1:b0:96:85:24:43:
                    0c:ad:3e:f8:6a:66:9f:b3:bc:ba:77:57:1f:2c:86:
                    36:44:4e:e8:d2:82:6a:f3:7e:c1:24:3d:b1:1c:a9:
                    33:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:3E:5B:C4:C6:2D:35:C2:64:55:60:F1:B3:40:00:8E:A3:33:FE:47
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/yj5bxMYtNcJkVWDxs0AAjqMz_kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d7:21:18:e7:e3:54:6e:b9:4f:cc:35:2b:12:23:25:5e:fe:
         22:89:70:11:40:68:5d:9c:ce:3d:ce:ad:7e:de:db:2b:5e:96:
         57:a6:e8:93:22:4e:bc:37:10:14:86:52:f0:f8:65:bf:ce:3e:
         aa:67:15:52:59:be:c1:78:63:e7:bd:73:8b:f9:52:df:92:9a:
         08:fc:b4:20:9c:f7:7b:51:d3:97:e6:56:c7:b7:f2:00:b1:8d:
         7f:53:c7:53:c7:9d:f1:69:48:29:68:f8:83:fe:88:1e:73:88:
         ff:e3:e3:51:a2:8a:ef:2a:b3:d6:e0:cc:72:07:f6:41:c7:61:
         12:f5:38:27:29:5c:31:d0:bd:70:a0:98:95:4b:66:2a:ab:82:
         4c:ad:21:07:24:b5:3f:03:e3:17:3c:3d:bc:49:39:84:dc:8e:
         6c:db:f7:00:e2:57:7c:ca:b7:cf:07:0b:63:4e:1e:59:29:39:
         52:ec:4d:cc:2c:7d:36:d9:70:8d:61:b0:47:69:d3:98:81:49:
         a1:36:45:6b:b3:ae:d5:5e:1d:f7:65:82:17:13:2b:a2:9d:b9:
         14:9e:e8:15:82:90:df:3b:2e:2e:64:01:be:63:64:cb:99:3d:
         20:44:2f:79:98:ed:0b:57:33:ad:64:ad:0d:d6:cb:73:5e:70:
         4e:1b:23:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AfzRQ2un9AQSNQoVSI6XiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMzE4MTAzMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTNlNWJjNGM2MmQzNWMyNjQ1NTYwZjFiMzQwMDA4ZWEzMzNmZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtJm4y67q1X41N2DmNzYRUEcsZ7d
kpq/QyuqOOpx6FETVdJvumAXVe+8z/lJoW9gfkbnRTeTI924cQLUFK5tYbF294CZ
DZvLXEPWXle2MiCdj3ID2Q1PTIkCHZgCkanOw/QBXnDJQPbI9WaVJ8dcBmQ0P0D9
uAUVvlx08bCHRg/Hx+7/O1VjBJQiZ3E94Qv3Yl2EcdrlINajarCTRD7BEwHKxpoT
9QHPSTtsXbKG6zyPkVBy3cSU4hwBPpGrF8+TK5IhX2wOa17tapfKbml/ZtWL3pRe
91+hdZ3xsJaFJEMMrT74amafs7y6d1cfLIY2RE7o0oJq837BJD2xHKkzNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMo+W8TGLTXCZFVg8bNAAI6jM/5HMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEveWo1YnhNWXROY0prVldEeHMwQUFqcU16X2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq1LMA0G
CSqGSIb3DQEBCwUAA4IBAQAh1yEY5+NUbrlPzDUrEiMlXv4iiXARQGhdnM49zq1+
3tsrXpZXpuiTIk68NxAUhlLw+GW/zj6qZxVSWb7BeGPnvXOL+VLfkpoI/LQgnPd7
UdOX5lbHt/IAsY1/U8dTx53xaUgpaPiD/ogec4j/4+NRoorvKrPW4MxyB/ZBx2ES
9TgnKVwx0L1woJiVS2Yqq4JMrSEHJLU/A+MXPD28STmE3I5s2/cA4ld8yrfPBwtj
Th5ZKTlS7E3MLH022XCNYbBHadOYgUmhNkVrs67VXh33ZYIXEyuinbkUnugVgpDf
Oy4uZAG+Y2TLmT0gRC95mO0LVzOtZK0N1stzXnBOGyN4
-----END CERTIFICATE-----