Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/3UNOuzDX5B98fh0_g5Sa3aJDiXI.roa
File:                     3UNOuzDX5B98fh0_g5Sa3aJDiXI.roa (raw, json)
Hash identifier:          P1HR0tfq6P44nnXN4KTYVpigPqQb3PCpv4SbdoKzcOs=
Subject key identifier:   DD:43:4E:BB:30:D7:E4:1F:7C:7E:1D:3F:83:94:9A:DD:A2:43:89:72
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019D8CC69E755A13BDB738A529DA691DF191
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/3UNOuzDX5B98fh0_g5Sa3aJDiXI.roa
Signing time:             Tue 14 Apr 2026 16:15:20 +0000
ROA not before:           Tue 14 Apr 2026 16:15:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212477
IP address blocks:        158.173.80.0/21 maxlen: 24
                          158.173.90.0/23 maxlen: 24
                          158.173.92.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 00:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8c:c6:9e:75:5a:13:bd:b7:38:a5:29:da:69:1d:f1:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Apr 14 16:15:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd434ebb30d7e41f7c7e1d3f83949adda2438972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e3:b6:39:0d:ee:bd:a2:46:a9:a4:e0:68:77:
                    b2:ea:5e:96:8e:5d:91:03:43:9d:94:b4:42:03:c7:
                    24:e0:e8:35:5c:3b:a6:c8:21:32:f7:0d:e2:7c:b5:
                    7b:43:ec:ed:c4:60:5d:28:37:e2:36:5a:68:95:8f:
                    ff:c0:a0:e3:80:32:00:91:dc:b7:8a:af:5f:cb:5d:
                    a6:49:a7:39:2a:b2:0f:3f:4e:71:53:46:c2:a2:bf:
                    b1:f8:54:3e:8f:10:c1:2d:2e:46:02:52:fb:7f:5c:
                    af:f1:84:9b:c5:09:1a:25:d2:f8:b3:10:b7:73:eb:
                    33:9a:4e:c1:63:f1:39:7d:5d:e0:3e:ce:1b:88:33:
                    34:7a:76:9c:47:6e:27:c0:f9:b6:b5:e9:63:b6:b1:
                    82:3f:69:7d:1e:dc:99:8e:52:39:0a:6b:c1:60:b0:
                    1d:a9:45:fe:dc:af:b2:cd:fc:03:cf:05:0e:c1:c5:
                    ce:9a:77:10:b8:f3:0c:d4:03:0e:8e:5a:19:36:e5:
                    e3:60:e5:f7:c5:55:bb:74:b7:a3:76:ef:02:d4:f9:
                    f3:5c:7c:4a:32:12:ba:e5:bc:5f:c8:b3:24:2c:a4:
                    a0:68:0e:ad:fd:fc:65:33:91:aa:46:48:89:26:0f:
                    13:1f:02:c5:7c:2e:cd:90:27:c2:00:d4:7a:0e:f1:
                    74:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:43:4E:BB:30:D7:E4:1F:7C:7E:1D:3F:83:94:9A:DD:A2:43:89:72
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/3UNOuzDX5B98fh0_g5Sa3aJDiXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.80.0/21
                  158.173.90.0-158.173.95.255

    Signature Algorithm: sha256WithRSAEncryption
         45:e6:d9:bb:b0:0f:b9:88:58:95:72:ff:71:84:dd:cf:1a:cb:
         a4:28:68:76:bb:8e:04:83:ba:1d:36:e6:96:2a:35:41:b1:d6:
         a2:09:5e:a8:51:28:e8:96:39:29:f4:45:e6:1b:b0:27:55:29:
         1c:c8:89:48:43:87:3e:21:03:2e:b1:8f:46:c8:64:09:e5:c3:
         87:46:50:67:cf:58:2b:f9:63:d5:5f:28:3c:e4:99:be:e0:60:
         4e:dc:e7:fc:f9:68:07:e4:1d:4e:26:20:9c:67:d0:07:5a:cc:
         b7:5e:16:9b:f4:9d:a1:0d:02:99:49:c8:b6:df:4b:a9:d9:17:
         ec:4e:a2:65:e8:72:ec:6f:5a:d1:0a:04:3b:cf:be:f0:73:a3:
         6d:ea:0e:77:92:7c:21:8d:82:15:57:18:f2:65:d0:bc:b6:f4:
         9e:88:ea:8f:5c:a7:23:9e:6f:b6:31:f3:55:ec:4b:2c:7c:9a:
         6a:7d:43:9e:c2:01:26:c6:72:aa:fd:b6:75:4a:7d:05:fc:b1:
         33:ea:40:f3:c9:95:4e:e3:96:ec:98:26:7b:0c:6a:dd:28:c7:
         6c:ae:ad:22:b7:99:3c:7f:37:1c:fb:54:73:72:cd:54:ea:e8:
         17:d6:b4:7f:f6:00:e8:1c:83:10:6b:1b:6e:88:91:ce:d8:29:
         6e:09:38:b7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2Mxp51WhO9tzilKdppHfGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwNDE0MTYxNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQzNGViYjMwZDdlNDFmN2M3ZTFkM2Y4Mzk0OWFkZGEyNDM4OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOO2OQ3uvaJGqaTgaHey6l6Wjl2R
A0OdlLRCA8ck4Og1XDumyCEy9w3ifLV7Q+ztxGBdKDfiNlpolY//wKDjgDIAkdy3
iq9fy12mSac5KrIPP05xU0bCor+x+FQ+jxDBLS5GAlL7f1yv8YSbxQkaJdL4sxC3
c+szmk7BY/E5fV3gPs4biDM0enacR24nwPm2teljtrGCP2l9HtyZjlI5CmvBYLAd
qUX+3K+yzfwDzwUOwcXOmncQuPMM1AMOjloZNuXjYOX3xVW7dLejdu8C1PnzXHxK
MhK65bxfyLMkLKSgaA6t/fxlM5GqRkiJJg8THwLFfC7NkCfCANR6DvF0PwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFN1DTrsw1+QffH4dP4OUmt2iQ4lyMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvM1VOT3V6RFg1Qjk4ZmgwX2c1U2EzYUpEaVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDnq1QMAwD
BAGerVoDBAWerUAwDQYJKoZIhvcNAQELBQADggEBAEXm2buwD7mIWJVy/3GE3c8a
y6QoaHa7jgSDuh025pYqNUGx1qIJXqhRKOiWOSn0ReYbsCdVKRzIiUhDhz4hAy6x
j0bIZAnlw4dGUGfPWCv5Y9VfKDzkmb7gYE7c5/z5aAfkHU4mIJxn0AdazLdeFpv0
naENAplJyLbfS6nZF+xOomXocuxvWtEKBDvPvvBzo23qDneSfCGNghVXGPJl0Ly2
9J6I6o9cpyOeb7Yx81XsSyx8mmp9Q57CASbGcqr9tnVKfQX8sTPqQPPJlU7jluyY
JnsMat0ox2yurSK3mTx/Nxz7VHNyzVTq6BfWtH/2AOgcgxBrG26Ikc7YKW4JOLc=
-----END CERTIFICATE-----