Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/b2598f-0631-4b5a-afe5-5ad9864532a7/1/Lte9ihIhwLMJEwykODf0-Ea8xPQ.roa
File:                     Lte9ihIhwLMJEwykODf0-Ea8xPQ.roa (raw, json)
Hash identifier:          v/rTSSPoZthEpEjHR7Sqj/7dnyWCaWiGBnHcyQGxAwA=
Subject key identifier:   2E:D7:BD:8A:12:21:C0:B3:09:13:0C:A4:38:37:F4:F8:46:BC:C4:F4
Certificate issuer:       /CN=c42e166289e1c1fc3a98b54540bcc73146d74882
Certificate serial:       019D29ACB9EB2108E26D61F119A808EED07F
Authority key identifier: C4:2E:16:62:89:E1:C1:FC:3A:98:B5:45:40:BC:C7:31:46:D7:48:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xC4WYonhwfw6mLVFQLzHMUbXSII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/b2598f-0631-4b5a-afe5-5ad9864532a7/1/Lte9ihIhwLMJEwykODf0-Ea8xPQ.roa
Signing time:             Thu 26 Mar 2026 10:24:38 +0000
ROA not before:           Thu 26 Mar 2026 10:24:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200581
IP address blocks:        158.94.175.0/24 maxlen: 24
                          2a09:5880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/b2598f-0631-4b5a-afe5-5ad9864532a7/1/xC4WYonhwfw6mLVFQLzHMUbXSII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/b2598f-0631-4b5a-afe5-5ad9864532a7/1/xC4WYonhwfw6mLVFQLzHMUbXSII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xC4WYonhwfw6mLVFQLzHMUbXSII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 22:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:ac:b9:eb:21:08:e2:6d:61:f1:19:a8:08:ee:d0:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c42e166289e1c1fc3a98b54540bcc73146d74882
        Validity
            Not Before: Mar 26 10:24:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ed7bd8a1221c0b309130ca43837f4f846bcc4f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a5:6a:c7:ee:27:b7:f3:0b:09:87:6a:ef:77:
                    54:1b:d2:98:5a:91:63:8d:e3:45:c9:9e:74:0e:ce:
                    d5:d2:54:39:46:34:59:8c:15:82:c9:50:83:e0:0f:
                    fc:62:74:7b:4c:77:b5:d8:3b:a8:14:a4:ff:ea:55:
                    7b:4f:84:36:a2:98:1e:85:61:6a:b5:39:83:a9:db:
                    10:9e:32:f3:f4:b2:82:76:86:b0:3e:b5:75:53:42:
                    c5:11:ba:7f:d8:8b:04:3f:24:3a:3d:1c:a1:b6:30:
                    61:61:9f:1e:b6:f9:17:4d:0b:40:84:b9:44:90:82:
                    bf:bc:fc:96:f6:f5:fc:fa:68:1e:c2:c5:16:42:ec:
                    f8:89:be:60:6b:7b:67:60:23:8f:f3:c7:b6:b5:80:
                    e7:7c:61:12:dc:1a:4b:d3:8e:69:49:72:3a:a0:da:
                    7f:f0:bb:2f:80:85:27:ad:18:c8:85:39:1c:83:af:
                    02:de:35:73:16:f6:de:61:e9:c8:4c:3e:75:13:91:
                    6f:14:55:3c:19:d5:be:3a:9b:1f:b7:b9:07:d2:0f:
                    5f:e5:bd:d9:fe:9a:f8:df:4b:49:66:71:6b:d0:27:
                    6a:00:fb:87:65:cc:c1:4f:d7:18:bd:1a:34:1c:12:
                    d6:f0:dd:cf:b4:05:d4:48:92:bc:8e:43:bd:23:15:
                    70:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D7:BD:8A:12:21:C0:B3:09:13:0C:A4:38:37:F4:F8:46:BC:C4:F4
            X509v3 Authority Key Identifier:
                keyid:C4:2E:16:62:89:E1:C1:FC:3A:98:B5:45:40:BC:C7:31:46:D7:48:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xC4WYonhwfw6mLVFQLzHMUbXSII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/b2598f-0631-4b5a-afe5-5ad9864532a7/1/Lte9ihIhwLMJEwykODf0-Ea8xPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/b2598f-0631-4b5a-afe5-5ad9864532a7/1/xC4WYonhwfw6mLVFQLzHMUbXSII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.175.0/24
                IPv6:
                  2a09:5880::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:ac:b5:6e:44:1a:2a:94:ea:82:f6:68:77:8d:62:f1:cb:2d:
         e5:ab:3f:24:75:3b:fe:25:ae:93:6a:91:77:ec:4d:15:79:a2:
         d4:0d:a9:56:4a:54:ba:fc:2e:9a:01:5c:b7:32:23:b6:f9:09:
         f6:c3:39:06:4f:19:65:12:5a:70:94:e5:76:18:4f:36:ee:d7:
         01:03:6a:0c:88:6a:5c:a3:b8:d2:fd:07:34:e3:96:65:7a:d7:
         bf:7f:87:66:54:3a:36:99:5e:cd:75:a0:5b:eb:9c:fb:7d:0e:
         b0:b5:67:2c:09:f8:6d:ca:cd:d4:92:e1:0c:42:57:35:6c:26:
         c4:d4:ed:b3:84:12:56:64:33:1f:32:30:c0:b7:86:a2:3a:90:
         93:64:f0:f5:ad:cd:35:9c:2c:11:bc:de:f2:40:56:63:de:1b:
         76:ed:54:cb:c2:73:ee:c9:a6:66:b4:98:a2:ae:2e:a5:36:02:
         fb:c1:ff:6e:7b:0b:a6:77:fe:ff:c6:b4:b6:41:cc:4d:e1:8f:
         d8:12:72:f5:d4:cd:39:e9:d6:8c:8d:1d:6f:3a:dd:c4:20:b8:
         d3:40:77:d7:b7:86:7c:d5:58:54:a6:b6:38:88:ce:04:78:d1:
         26:92:b4:62:39:4f:42:c2:3b:51:b2:21:93:5d:a9:dd:bb:5f:
         a7:79:cb:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0prLnrIQjibWHxGagI7tB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MmUxNjYyODllMWMxZmMzYTk4YjU0NTQwYmNjNzMxNDZk
NzQ4ODIwHhcNMjYwMzI2MTAyNDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQ3YmQ4YTEyMjFjMGIzMDkxMzBjYTQzODM3ZjRmODQ2YmNjNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKVqx+4nt/MLCYdq73dUG9KYWpFj
jeNFyZ50Ds7V0lQ5RjRZjBWCyVCD4A/8YnR7THe12DuoFKT/6lV7T4Q2opgehWFq
tTmDqdsQnjLz9LKCdoawPrV1U0LFEbp/2IsEPyQ6PRyhtjBhYZ8etvkXTQtAhLlE
kIK/vPyW9vX8+mgewsUWQuz4ib5ga3tnYCOP88e2tYDnfGES3BpL045pSXI6oNp/
8LsvgIUnrRjIhTkcg68C3jVzFvbeYenITD51E5FvFFU8GdW+Opsft7kH0g9f5b3Z
/pr430tJZnFr0CdqAPuHZczBT9cYvRo0HBLW8N3PtAXUSJK8jkO9IxVwyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC7XvYoSIcCzCRMMpDg39PhGvMT0MB8GA1UdIwQY
MBaAFMQuFmKJ4cH8Opi1RUC8xzFG10iCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEM0V1lvbmh3Znc2bUxWRlFMekhNVWJYU0lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9iMjU5OGYtMDYzMS00YjVhLWFmZTUt
NWFkOTg2NDUzMmE3LzEvTHRlOWloSWh3TE1KRXd5a09EZjAtRWE4eFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9iMjU5OGYtMDYzMS00YjVhLWFmZTUtNWFkOTg2NDUzMmE3
LzEveEM0V1lvbmh3Znc2bUxWRlFMekhNVWJYU0lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAnl6vMA0E
AgACMAcDBQMqCViAMA0GCSqGSIb3DQEBCwUAA4IBAQBwrLVuRBoqlOqC9mh3jWLx
yy3lqz8kdTv+Ja6TapF37E0VeaLUDalWSlS6/C6aAVy3MiO2+Qn2wzkGTxllElpw
lOV2GE827tcBA2oMiGpco7jS/Qc045Zlete/f4dmVDo2mV7NdaBb65z7fQ6wtWcs
Cfhtys3UkuEMQlc1bCbE1O2zhBJWZDMfMjDAt4aiOpCTZPD1rc01nCwRvN7yQFZj
3ht27VTLwnPuyaZmtJiiri6lNgL7wf9uewumd/7/xrS2QcxN4Y/YEnL11M056daM
jR1vOt3EILjTQHfXt4Z81VhUprY4iM4EeNEmkrRiOU9CwjtRsiGTXandu1+necvD
-----END CERTIFICATE-----