Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/eXY4C0z1i4-df4Sh_-O418VjaMY.roa
File:                     eXY4C0z1i4-df4Sh_-O418VjaMY.roa (raw, json)
Hash identifier:          SMVnQzq4TU+msFEfBwtl4Qj3QY0b4GwPt+jsoJTWqnA=
Subject key identifier:   79:76:38:0B:4C:F5:8B:8F:9D:7F:84:A1:FF:E3:B8:D7:C5:63:68:C6
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E9BA0D9AFB98751F8E7C9143CD76F5D2A
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/eXY4C0z1i4-df4Sh_-O418VjaMY.roa
Signing time:             Sat 06 Jun 2026 06:31:10 +0000
ROA not before:           Sat 06 Jun 2026 06:31:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43094
IP address blocks:        158.173.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9b:a0:d9:af:b9:87:51:f8:e7:c9:14:3c:d7:6f:5d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  6 06:31:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7976380b4cf58b8f9d7f84a1ffe3b8d7c56368c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:85:9c:99:cb:de:85:d5:01:e1:5b:74:db:ae:
                    cf:a7:7e:ce:76:09:60:42:d7:c9:7f:2a:e7:f6:fd:
                    23:e8:bb:35:42:a8:34:e2:72:d9:9a:b4:36:d6:dd:
                    7e:8c:72:6f:d1:d8:50:5c:96:ae:13:a6:83:12:d8:
                    11:4f:de:8f:a1:dc:95:d2:f7:c6:8b:4f:3c:f9:6c:
                    d1:c8:2a:be:c8:11:e5:ae:6d:52:05:77:4e:cf:a6:
                    9c:a6:3c:bc:44:a7:73:11:11:36:e5:39:95:88:5d:
                    1f:98:83:d7:ae:d1:fb:54:8b:79:3a:bf:26:8c:72:
                    2f:24:e9:09:f8:4b:e8:1e:30:23:d6:a3:d3:d3:40:
                    0f:fd:1e:bf:2c:b3:bf:82:43:4a:d5:ed:fd:e4:dc:
                    aa:d7:dc:ec:86:87:4d:8c:ab:0d:8e:57:8b:13:2a:
                    e3:88:5e:ea:37:d7:df:d9:4a:57:77:49:2b:bb:59:
                    e0:26:59:12:51:6b:3a:20:cf:27:34:05:46:ad:c2:
                    13:17:2c:d4:ce:1b:53:24:35:a9:1c:98:01:22:a1:
                    bf:5e:57:ca:85:c6:39:59:d5:99:ec:12:6b:2f:20:
                    43:88:81:82:4a:2d:a0:1d:23:d5:ba:2f:b4:d5:b1:
                    7f:a4:24:43:12:36:20:87:5e:fe:72:c6:e4:d0:bb:
                    c9:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:76:38:0B:4C:F5:8B:8F:9D:7F:84:A1:FF:E3:B8:D7:C5:63:68:C6
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/eXY4C0z1i4-df4Sh_-O418VjaMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e6:28:93:4d:d0:00:56:e7:15:ad:11:8f:31:3c:9b:dd:15:7a:
         06:a8:7e:48:11:1e:73:23:3b:e9:33:77:9f:58:7c:a6:ea:46:
         37:96:9a:64:9c:f0:7d:c3:75:d1:02:c3:54:d7:d5:69:41:e7:
         6f:e2:d3:4b:b4:2b:2b:7d:25:0d:36:35:cb:58:24:ba:4a:df:
         df:5e:b2:0e:42:0c:f4:e4:75:80:36:0d:36:9a:32:01:23:e8:
         bf:83:67:cc:83:62:f0:52:89:19:12:6e:8e:b0:2d:f9:40:92:
         f2:65:52:cb:2f:c8:5b:de:44:4e:df:4d:bf:01:b3:aa:9a:0e:
         11:33:db:42:c7:ad:d8:22:5d:6b:b7:0d:42:fc:21:1e:6f:3a:
         df:17:47:01:a9:28:af:2d:a3:9c:40:e5:2e:f3:0a:52:9a:a1:
         83:93:9a:e8:e3:1b:46:81:6a:50:9c:7e:b9:d7:0b:d5:5d:16:
         94:8f:8c:e2:51:41:8f:3e:10:8d:9d:d6:30:8b:75:bb:94:c1:
         47:27:b6:64:25:af:d5:42:d7:b7:33:62:58:cd:04:d1:da:42:
         33:e9:e3:53:45:d9:d8:0e:52:b0:ca:5c:c4:8d:f8:68:0b:f3:
         39:44:0c:6b:1f:56:5f:ab:c0:53:99:83:51:08:07:2d:1a:d9:
         d9:e4:30:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6boNmvuYdR+OfJFDzXb10qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjA2MDYzMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTc2MzgwYjRjZjU4YjhmOWQ3Zjg0YTFmZmUzYjhkN2M1NjM2OGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoWcmcvehdUB4Vt0267Pp37Odglg
QtfJfyrn9v0j6Ls1Qqg04nLZmrQ21t1+jHJv0dhQXJauE6aDEtgRT96PodyV0vfG
i088+WzRyCq+yBHlrm1SBXdOz6acpjy8RKdzERE25TmViF0fmIPXrtH7VIt5Or8m
jHIvJOkJ+EvoHjAj1qPT00AP/R6/LLO/gkNK1e395Nyq19zshodNjKsNjleLEyrj
iF7qN9ff2UpXd0kru1ngJlkSUWs6IM8nNAVGrcITFyzUzhtTJDWpHJgBIqG/XlfK
hcY5WdWZ7BJrLyBDiIGCSi2gHSPVui+01bF/pCRDEjYgh17+csbk0LvJ5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHl2OAtM9YuPnX+Eof/juNfFY2jGMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvZVhZNEMwejFpNC1kZjRTaF8tTzQxOFZqYU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3iMA0G
CSqGSIb3DQEBCwUAA4IBAQDmKJNN0ABW5xWtEY8xPJvdFXoGqH5IER5zIzvpM3ef
WHym6kY3lppknPB9w3XRAsNU19VpQedv4tNLtCsrfSUNNjXLWCS6St/fXrIOQgz0
5HWANg02mjIBI+i/g2fMg2LwUokZEm6OsC35QJLyZVLLL8hb3kRO302/AbOqmg4R
M9tCx63YIl1rtw1C/CEebzrfF0cBqSivLaOcQOUu8wpSmqGDk5ro4xtGgWpQnH65
1wvVXRaUj4ziUUGPPhCNndYwi3W7lMFHJ7ZkJa/VQte3M2JYzQTR2kIz6eNTRdnY
DlKwylzEjfhoC/M5RAxrH1Zfq8BTmYNRCActGtnZ5DAr
-----END CERTIFICATE-----