Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/42QHv4NCGNbp7Pxu2LM-TI8dJyE.roa
File:                     42QHv4NCGNbp7Pxu2LM-TI8dJyE.roa (raw, json)
Hash identifier:          Pq3CmtHXNi2sMJxtE8zyI25c7dkwDnVr1Je25jc/W0A=
Subject key identifier:   E3:64:07:BF:83:42:18:D6:E9:EC:FC:6E:D8:B3:3E:4C:8F:1D:27:21
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019D01F5A7CA1FED98BBE89F45F4410E72F7
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/42QHv4NCGNbp7Pxu2LM-TI8dJyE.roa
Signing time:             Wed 18 Mar 2026 17:19:29 +0000
ROA not before:           Wed 18 Mar 2026 17:19:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25818
IP address blocks:        158.173.68.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 25 Mar 2026 15:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:f5:a7:ca:1f:ed:98:bb:e8:9f:45:f4:41:0e:72:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Mar 18 17:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e36407bf834218d6e9ecfc6ed8b33e4c8f1d2721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bb:58:c2:34:5a:f8:91:0f:37:66:a3:6b:bd:
                    15:a0:c2:53:7d:a9:01:d8:57:06:c9:36:fe:19:09:
                    fd:a4:28:b6:3b:ca:c6:7e:13:f3:ec:27:a2:1f:6b:
                    5b:cd:f4:03:db:93:18:e2:ec:21:6f:4f:7e:dc:d0:
                    ee:70:16:08:bd:50:73:e6:27:82:31:3f:6a:a5:18:
                    7f:8c:29:9c:fb:ca:89:95:14:70:ec:79:2a:81:2d:
                    5f:29:0b:ea:ce:85:fc:be:1e:a7:9b:86:f4:16:f9:
                    b1:aa:7a:6a:8d:c6:f3:d8:c7:c3:96:14:3f:89:10:
                    fa:65:0f:56:01:5c:2b:bf:11:8a:ee:a0:4c:06:79:
                    31:2c:54:11:7c:72:60:a0:7c:64:39:8e:12:87:7e:
                    29:ab:13:c5:1b:cb:a3:60:60:f0:5e:0c:62:8d:c1:
                    dc:09:e7:3a:10:5e:b3:a3:00:ab:be:e1:80:5f:fe:
                    49:a0:e4:df:33:7b:f8:b4:5b:ab:28:59:db:1a:06:
                    f0:17:f9:41:bf:88:18:16:48:48:ed:85:64:f0:6d:
                    9f:41:62:07:cc:2e:4c:8e:6b:17:63:aa:ec:b1:aa:
                    8b:84:99:c3:7a:37:a7:be:cb:7d:63:0d:f6:fb:d0:
                    af:83:aa:04:23:87:86:f5:67:23:b1:e1:ec:45:a1:
                    5d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:64:07:BF:83:42:18:D6:E9:EC:FC:6E:D8:B3:3E:4C:8F:1D:27:21
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/42QHv4NCGNbp7Pxu2LM-TI8dJyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:55:94:23:25:61:1d:e7:da:df:84:68:e5:2f:7a:10:74:be:
         23:5c:df:10:91:8d:60:a6:2d:01:39:6c:d7:b7:e1:8f:9c:53:
         92:1b:9a:d4:bd:8f:26:a0:75:65:96:c0:ae:c8:82:12:c5:17:
         27:de:ac:89:fb:5a:09:ae:90:6d:52:24:ef:f4:b1:d8:02:5c:
         22:e8:20:de:42:45:50:d3:b2:09:ff:fd:45:ad:f0:ed:bf:ce:
         c9:f4:47:6b:78:d1:a5:2e:2e:94:5d:d1:8d:12:ef:20:d5:18:
         e4:25:e0:cf:a1:21:90:8c:9c:37:d4:7d:20:b9:8f:c5:86:70:
         b5:41:cc:16:94:5d:7c:2c:02:66:b5:de:f9:30:bf:c1:91:9d:
         39:5e:50:94:bf:7d:f1:b0:45:1a:0c:72:7a:8f:e7:5d:d1:87:
         b3:5e:8a:a1:53:68:4d:b2:be:90:45:f6:94:c4:64:f1:58:7b:
         41:ad:57:8b:f4:9f:c4:f4:12:6e:3f:93:8c:e2:c8:0a:ec:fb:
         64:27:1e:9f:bf:f7:a2:fb:2e:09:bc:94:af:f9:8b:0b:28:7c:
         d5:65:12:c9:97:f3:f7:da:1d:f2:c2:5b:fc:a5:59:31:a5:e5:
         d7:30:c0:f2:53:92:f1:8b:c6:7e:d6:9a:17:d2:2a:15:e3:ca:
         9b:db:26:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0B9afKH+2Yu+ifRfRBDnL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMzE4MTcxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzY0MDdiZjgzNDIxOGQ2ZTllY2ZjNmVkOGIzM2U0YzhmMWQyNzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLtYwjRa+JEPN2aja70VoMJTfakB
2FcGyTb+GQn9pCi2O8rGfhPz7CeiH2tbzfQD25MY4uwhb09+3NDucBYIvVBz5ieC
MT9qpRh/jCmc+8qJlRRw7HkqgS1fKQvqzoX8vh6nm4b0Fvmxqnpqjcbz2MfDlhQ/
iRD6ZQ9WAVwrvxGK7qBMBnkxLFQRfHJgoHxkOY4Sh34pqxPFG8ujYGDwXgxijcHc
Cec6EF6zowCrvuGAX/5JoOTfM3v4tFurKFnbGgbwF/lBv4gYFkhI7YVk8G2fQWIH
zC5MjmsXY6rssaqLhJnDejenvst9Yw32+9Cvg6oEI4eG9WcjseHsRaFdoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONkB7+DQhjW6ez8btizPkyPHSchMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvNDJRSHY0TkNHTmJwN1B4dTJMTS1USThkSnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCnq1EMA0G
CSqGSIb3DQEBCwUAA4IBAQBUVZQjJWEd59rfhGjlL3oQdL4jXN8QkY1gpi0BOWzX
t+GPnFOSG5rUvY8moHVllsCuyIISxRcn3qyJ+1oJrpBtUiTv9LHYAlwi6CDeQkVQ
07IJ//1FrfDtv87J9EdreNGlLi6UXdGNEu8g1RjkJeDPoSGQjJw31H0guY/FhnC1
QcwWlF18LAJmtd75ML/BkZ05XlCUv33xsEUaDHJ6j+dd0YezXoqhU2hNsr6QRfaU
xGTxWHtBrVeL9J/E9BJuP5OM4sgK7PtkJx6fv/ei+y4JvJSv+YsLKHzVZRLJl/P3
2h3ywlv8pVkxpeXXMMDyU5Lxi8Z+1poX0ioV48qb2yYO
-----END CERTIFICATE-----