Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/XzTPcPuZIAtR3148TDqL-DBLTho.roa
File:                     XzTPcPuZIAtR3148TDqL-DBLTho.roa (raw, json)
Hash identifier:          DUtfOVX1Ig6abI7pEVSMB6rYJJ84XUGtt2dbqnxEB4M=
Subject key identifier:   5F:34:CF:70:FB:99:20:0B:51:DF:5E:3C:4C:3A:8B:F8:30:4B:4E:1A
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019E43B15A79FA34B8185FC3ABBEB813466A
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/XzTPcPuZIAtR3148TDqL-DBLTho.roa
Signing time:             Wed 20 May 2026 04:42:36 +0000
ROA not before:           Wed 20 May 2026 04:42:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400696
IP address blocks:        158.173.35.0/24 maxlen: 24
                          158.173.38.0/24 maxlen: 24
                          158.173.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 19:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:43:b1:5a:79:fa:34:b8:18:5f:c3:ab:be:b8:13:46:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: May 20 04:42:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f34cf70fb99200b51df5e3c4c3a8bf8304b4e1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c8:0c:88:4e:a8:15:2d:40:12:71:61:15:ca:
                    20:7e:5d:8c:28:d8:39:19:b6:92:de:71:70:26:ef:
                    f5:f5:5a:e4:06:99:1b:63:a8:6b:a6:90:f5:39:3f:
                    cb:24:bf:b5:28:23:6b:00:77:3c:a3:46:8f:32:a3:
                    f4:5d:ef:93:76:e9:4b:e8:74:aa:b2:f8:86:3b:7f:
                    52:e1:40:94:0e:f1:26:00:d4:ab:96:18:db:e8:03:
                    35:45:93:06:70:49:79:c5:b9:54:dd:9a:03:7c:5d:
                    d7:04:e6:34:d4:1f:04:02:9e:c0:f8:96:d8:5f:3d:
                    cd:76:2b:ae:35:3d:9b:7e:80:cd:7d:79:90:24:d5:
                    91:d6:60:e2:51:4b:54:65:61:d7:7a:ae:4c:50:53:
                    49:6b:be:1a:0a:05:57:4e:5f:51:59:8a:17:bd:5f:
                    1e:83:4f:78:53:ff:fc:99:bd:33:36:90:ad:94:f7:
                    96:9e:43:93:ec:12:97:c0:51:d3:37:ea:98:84:0a:
                    cd:1d:b8:68:1f:60:4b:19:bd:4a:b4:95:37:6c:16:
                    cc:4d:43:24:1f:48:af:5a:c0:ae:d1:58:ed:dd:0f:
                    19:20:d1:1e:50:49:d6:b9:54:5e:b7:1a:1f:1a:d7:
                    dc:dd:a6:6e:3c:4c:3f:46:60:07:5a:8c:e9:18:49:
                    aa:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:34:CF:70:FB:99:20:0B:51:DF:5E:3C:4C:3A:8B:F8:30:4B:4E:1A
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/XzTPcPuZIAtR3148TDqL-DBLTho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.35.0/24
                  158.173.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:81:0e:f9:53:12:44:00:64:15:f6:b7:d9:84:06:12:3a:5a:
         f8:22:2f:0a:34:e9:81:36:a9:79:38:a2:6b:29:86:e5:79:03:
         7d:1c:9e:aa:21:45:2e:a8:ce:57:16:c0:e2:86:9e:0b:c3:5e:
         8d:9f:9c:b7:f8:fa:56:3e:23:d4:8a:b3:d0:40:b7:4d:82:79:
         af:82:75:be:51:26:1c:b5:e2:63:df:13:2d:b7:19:55:ec:c8:
         3a:a0:4b:0b:ed:1c:46:d8:ac:b7:b6:b2:e2:3c:07:2f:13:c5:
         ed:3d:84:91:bc:5d:03:8f:9a:70:9d:92:e9:19:35:5b:e9:e3:
         89:ed:eb:da:c3:0d:bb:69:70:29:2e:1a:f8:41:80:af:b8:b3:
         eb:a8:80:1c:ca:0b:a6:7f:f1:b3:04:72:4b:93:ed:72:39:2d:
         c0:22:a6:45:72:50:8b:1d:25:fe:67:e6:c4:ca:d4:1a:30:03:
         be:07:72:c6:dd:64:bd:93:3f:56:75:ff:0b:13:34:b2:ad:b4:
         f7:25:99:38:48:99:6b:5f:58:da:2c:5e:a8:c3:69:b2:e5:ca:
         02:d6:23:8e:95:b5:cd:e6:29:81:28:a5:f1:43:50:ec:e7:cb:
         f8:b0:91:21:b1:e5:ab:a4:21:6e:25:4c:30:62:b9:0b:49:a6:
         38:c4:5e:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5DsVp5+jS4GF/Dq764E0ZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwNTIwMDQ0MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjM0Y2Y3MGZiOTkyMDBiNTFkZjVlM2M0YzNhOGJmODMwNGI0ZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8gMiE6oFS1AEnFhFcogfl2MKNg5
GbaS3nFwJu/19VrkBpkbY6hrppD1OT/LJL+1KCNrAHc8o0aPMqP0Xe+TdulL6HSq
sviGO39S4UCUDvEmANSrlhjb6AM1RZMGcEl5xblU3ZoDfF3XBOY01B8EAp7A+JbY
Xz3NdiuuNT2bfoDNfXmQJNWR1mDiUUtUZWHXeq5MUFNJa74aCgVXTl9RWYoXvV8e
g094U//8mb0zNpCtlPeWnkOT7BKXwFHTN+qYhArNHbhoH2BLGb1KtJU3bBbMTUMk
H0ivWsCu0Vjt3Q8ZINEeUEnWuVRetxofGtfc3aZuPEw/RmAHWozpGEmqMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF80z3D7mSALUd9ePEw6i/gwS04aMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvWHpUUGNQdVpJQXRSMzE0OFREcUwtREJMVGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAnq0jAwQB
nq0mMA0GCSqGSIb3DQEBCwUAA4IBAQBCgQ75UxJEAGQV9rfZhAYSOlr4Ii8KNOmB
Nql5OKJrKYbleQN9HJ6qIUUuqM5XFsDihp4Lw16Nn5y3+PpWPiPUirPQQLdNgnmv
gnW+USYcteJj3xMttxlV7Mg6oEsL7RxG2Ky3trLiPAcvE8XtPYSRvF0Dj5pwnZLp
GTVb6eOJ7evaww27aXApLhr4QYCvuLPrqIAcygumf/GzBHJLk+1yOS3AIqZFclCL
HSX+Z+bEytQaMAO+B3LG3WS9kz9Wdf8LEzSyrbT3JZk4SJlrX1jaLF6ow2my5coC
1iOOlbXN5imBKKXxQ1Ds58v4sJEhseWrpCFuJUwwYrkLSaY4xF6o
-----END CERTIFICATE-----