Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/XEX0Yqt8GHVlU5dtpVsJiJtXADk.roa
File:                     XEX0Yqt8GHVlU5dtpVsJiJtXADk.roa (raw, json)
Hash identifier:          lxlgzUBtgUzC4nWXovBa2rdUzIIq3tRPQSgdtkCQdJg=
Subject key identifier:   5C:45:F4:62:AB:7C:18:75:65:53:97:6D:A5:5B:09:88:9B:57:00:39
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019CCC981E2E982C1D24115CD94554CC4251
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/XEX0Yqt8GHVlU5dtpVsJiJtXADk.roa
Signing time:             Sun 08 Mar 2026 08:37:27 +0000
ROA not before:           Sun 08 Mar 2026 08:37:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215442
IP address blocks:        158.173.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 02:37:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:cc:98:1e:2e:98:2c:1d:24:11:5c:d9:45:54:cc:42:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Mar  8 08:37:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c45f462ab7c18756553976da55b09889b570039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ef:ed:33:2b:03:d5:d7:d8:09:b7:19:59:92:
                    5a:d6:d3:d4:fb:7b:3d:db:f7:45:32:37:ef:8a:cc:
                    fc:bc:93:20:8b:cb:73:94:20:99:1c:e9:3f:f3:31:
                    4b:f9:6d:4f:21:4d:a9:be:1a:86:43:c9:dd:51:70:
                    db:92:f2:26:0e:3d:52:f6:6f:82:78:73:96:0d:9e:
                    e4:76:08:ea:8a:06:fd:63:d9:4c:19:9c:38:d9:e6:
                    ae:ea:78:ff:3f:fa:ee:50:23:98:4e:77:88:21:d9:
                    78:2f:92:f0:eb:99:c3:8e:48:f3:c3:aa:3e:86:f1:
                    41:b8:f4:fc:76:6b:32:ba:a8:4f:e9:93:12:67:80:
                    4c:e1:04:5a:f3:ed:2f:7e:56:ee:c8:ff:88:83:52:
                    a3:b6:1a:03:0b:c0:fc:5a:48:b6:2c:af:cc:2b:43:
                    c7:64:89:cd:c2:4d:a3:d6:be:f8:51:f2:4c:e4:de:
                    f3:d5:7c:23:f8:06:36:b8:07:74:54:38:f4:9b:cf:
                    fe:d7:30:1d:4f:e6:97:6e:da:c4:1a:c2:81:0b:a1:
                    e9:f8:37:32:80:51:f6:a6:30:cd:e8:fe:46:56:a8:
                    2c:f8:cc:c0:f4:c8:8f:3a:a0:97:8f:67:6a:41:6b:
                    50:07:f8:41:fa:a1:26:09:b4:6f:84:ea:26:ff:17:
                    dd:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:45:F4:62:AB:7C:18:75:65:53:97:6D:A5:5B:09:88:9B:57:00:39
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/XEX0Yqt8GHVlU5dtpVsJiJtXADk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d7:59:85:fc:ac:92:fb:6f:33:a3:f4:c9:81:dc:ba:60:f9:
         0b:5d:ad:ff:52:66:14:dd:1e:88:c7:9d:5b:0e:96:95:86:99:
         76:f9:60:32:12:a7:41:76:a2:7c:73:78:e0:27:89:8f:0b:bd:
         23:05:22:17:5c:24:55:c4:cf:b6:ac:e4:bc:2f:8d:17:ad:2c:
         c5:34:60:4a:cd:f6:75:fa:26:b9:69:5c:a7:cd:25:3d:68:19:
         81:db:eb:66:08:ae:2f:cf:3b:30:fc:6c:07:3c:1c:0e:39:6e:
         04:e1:24:e8:05:df:a0:ce:9a:99:2d:df:86:77:d3:f7:02:b7:
         5a:f6:e4:f3:8c:d3:8b:a9:4d:d0:d3:fc:15:82:a3:b0:0d:1c:
         78:3b:c6:8d:a4:dc:19:fc:0e:f4:97:c5:6b:65:b8:f8:6d:7e:
         1a:fd:72:c8:04:14:a9:4a:71:88:49:5b:c9:0f:d8:ae:86:b8:
         60:28:e6:f8:ed:91:59:2e:4a:38:59:cd:81:85:cf:05:ad:bb:
         e3:16:42:55:fc:9d:72:3f:eb:3e:b5:45:1b:8d:5f:7d:3b:c2:
         3a:20:72:3a:06:76:de:71:42:80:4b:f8:20:69:d6:5e:70:5f:
         57:2a:39:21:e7:0d:e8:b1:73:1b:01:fe:e3:37:34:69:f3:ff:
         a8:c2:22:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzMmB4umCwdJBFc2UVUzEJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMzA4MDgzNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQ1ZjQ2MmFiN2MxODc1NjU1Mzk3NmRhNTViMDk4ODliNTcwMDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApu/tMysD1dfYCbcZWZJa1tPU+3s9
2/dFMjfvisz8vJMgi8tzlCCZHOk/8zFL+W1PIU2pvhqGQ8ndUXDbkvImDj1S9m+C
eHOWDZ7kdgjqigb9Y9lMGZw42eau6nj/P/ruUCOYTneIIdl4L5Lw65nDjkjzw6o+
hvFBuPT8dmsyuqhP6ZMSZ4BM4QRa8+0vflbuyP+Ig1KjthoDC8D8Wki2LK/MK0PH
ZInNwk2j1r74UfJM5N7z1Xwj+AY2uAd0VDj0m8/+1zAdT+aXbtrEGsKBC6Hp+Dcy
gFH2pjDN6P5GVqgs+MzA9MiPOqCXj2dqQWtQB/hB+qEmCbRvhOom/xfdxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxF9GKrfBh1ZVOXbaVbCYibVwA5MB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvWEVYMFlxdDhHSFZsVTVkdHBWc0ppSnRYQURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq1AMA0G
CSqGSIb3DQEBCwUAA4IBAQAv11mF/KyS+28zo/TJgdy6YPkLXa3/UmYU3R6Ix51b
DpaVhpl2+WAyEqdBdqJ8c3jgJ4mPC70jBSIXXCRVxM+2rOS8L40XrSzFNGBKzfZ1
+ia5aVynzSU9aBmB2+tmCK4vzzsw/GwHPBwOOW4E4SToBd+gzpqZLd+Gd9P3Arda
9uTzjNOLqU3Q0/wVgqOwDRx4O8aNpNwZ/A70l8VrZbj4bX4a/XLIBBSpSnGISVvJ
D9iuhrhgKOb47ZFZLko4Wc2Bhc8FrbvjFkJV/J1yP+s+tUUbjV99O8I6IHI6Bnbe
cUKAS/ggadZecF9XKjkh5w3osXMbAf7jNzRp8/+owiLI
-----END CERTIFICATE-----