Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/FwybOdI1NXH4LRlDxyU_N8hl6fA.roa
File:                     FwybOdI1NXH4LRlDxyU_N8hl6fA.roa (raw, json)
Hash identifier:          aNhPsMPgxbUB6wVNmSvOiza3A68aG1g3Ywpd5e200Zs=
Subject key identifier:   17:0C:9B:39:D2:35:35:71:F8:2D:19:43:C7:25:3F:37:C8:65:E9:F0
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019CD7D73543EA6CD3BD919D55DE418C1822
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/FwybOdI1NXH4LRlDxyU_N8hl6fA.roa
Signing time:             Tue 10 Mar 2026 13:02:11 +0000
ROA not before:           Tue 10 Mar 2026 13:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        109.121.39.0/24 maxlen: 24
                          178.253.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 20:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:d7:35:43:ea:6c:d3:bd:91:9d:55:de:41:8c:18:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 10 13:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=170c9b39d2353571f82d1943c7253f37c865e9f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5d:37:4b:a2:bd:0e:37:41:7a:1a:2d:68:b8:
                    d6:58:4f:18:9d:82:01:43:1b:98:c7:f0:44:73:9c:
                    84:13:72:aa:71:53:24:5a:72:d6:2b:a6:b9:0c:f8:
                    77:e3:da:d9:69:a2:72:7f:f2:47:54:5a:f2:3c:72:
                    2e:a5:ee:cd:5d:b3:cd:cb:c6:83:f5:a9:ab:6f:0c:
                    7e:71:bc:99:d2:18:51:b5:51:f0:32:f2:a3:77:d6:
                    fe:df:b3:53:dc:32:2b:c6:94:6b:54:0a:8d:4f:bf:
                    ff:5a:23:02:d7:27:30:5e:25:da:e4:30:7c:ab:e6:
                    99:f5:9d:d8:e8:e2:7a:50:96:2f:5d:92:64:31:1f:
                    6a:f5:90:cb:0c:87:82:e0:13:80:9f:6f:ff:ef:d3:
                    1d:00:c5:23:d6:d4:bf:ce:f0:7d:54:79:49:30:fd:
                    78:82:8a:d5:ed:16:17:7e:e9:87:6a:3e:ba:01:db:
                    ab:d1:61:ef:28:a8:42:84:16:ff:85:74:50:63:5c:
                    79:25:12:12:4b:3f:2f:7a:ab:3e:4f:c6:67:55:91:
                    ae:dd:4c:82:e5:17:53:60:32:96:d9:6b:f1:99:bb:
                    96:f5:58:29:a0:8c:cc:7b:ef:32:88:83:d9:c4:b0:
                    17:ae:04:1a:85:47:52:63:ff:9e:92:f4:60:c6:71:
                    94:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:0C:9B:39:D2:35:35:71:F8:2D:19:43:C7:25:3F:37:C8:65:E9:F0
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/FwybOdI1NXH4LRlDxyU_N8hl6fA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.39.0/24
                  178.253.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e0:05:4f:1f:d4:10:13:24:74:4e:8c:4b:ec:4e:f9:d3:2b:
         df:ac:bb:0c:68:9b:af:e2:ce:be:fa:b6:df:9f:2d:fd:fc:87:
         98:dc:9d:14:71:3f:fe:bb:b3:23:80:ee:c0:55:e7:a1:d3:29:
         36:36:11:89:3a:0b:73:19:73:ca:6f:c2:94:b1:62:11:f3:1e:
         b0:04:e2:f1:f0:a3:79:fe:d5:4e:76:8f:0e:a3:ec:db:c2:79:
         34:27:e5:9e:25:9d:74:80:45:55:0b:29:0d:b4:58:cd:82:0c:
         ea:e0:c3:8b:14:79:2d:60:19:fe:c8:da:40:3a:6a:6b:44:f6:
         15:82:07:97:4c:7e:de:de:87:6d:e8:35:88:f0:77:8b:cb:d8:
         28:26:87:83:88:5d:9e:73:4f:8a:e8:1b:98:7d:ba:0e:b2:5a:
         5e:b3:a5:e2:f6:71:95:be:15:07:ce:1c:aa:fb:83:3e:56:1f:
         e3:7b:e1:32:ca:43:2a:22:ac:f8:bd:cb:f7:fc:1e:fa:2c:29:
         19:e7:a0:53:76:4b:19:26:dd:b3:ed:06:c7:11:2f:58:6d:fb:
         ef:95:91:9e:36:9e:56:2b:c6:54:3f:f5:ff:0f:54:13:3c:1c:
         fa:90:58:60:5c:3b:b1:43:2b:0c:d2:0a:fe:8a:15:98:89:e3:
         c6:8b:3d:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzX1zVD6mzTvZGdVd5BjBgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMzEwMTMwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzBjOWIzOWQyMzUzNTcxZjgyZDE5NDNjNzI1M2YzN2M4NjVlOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl03S6K9DjdBehotaLjWWE8YnYIB
QxuYx/BEc5yEE3KqcVMkWnLWK6a5DPh349rZaaJyf/JHVFryPHIupe7NXbPNy8aD
9amrbwx+cbyZ0hhRtVHwMvKjd9b+37NT3DIrxpRrVAqNT7//WiMC1ycwXiXa5DB8
q+aZ9Z3Y6OJ6UJYvXZJkMR9q9ZDLDIeC4BOAn2//79MdAMUj1tS/zvB9VHlJMP14
gorV7RYXfumHaj66Adur0WHvKKhChBb/hXRQY1x5JRISSz8veqs+T8ZnVZGu3UyC
5RdTYDKW2WvxmbuW9VgpoIzMe+8yiIPZxLAXrgQahUdSY/+ekvRgxnGUrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBcMmznSNTVx+C0ZQ8clPzfIZenwMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvRnd5Yk9kSTFOWEg0TFJsRHh5VV9OOGhsNmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXknAwQA
sv3vMA0GCSqGSIb3DQEBCwUAA4IBAQB/4AVPH9QQEyR0ToxL7E750yvfrLsMaJuv
4s6++rbfny39/IeY3J0UcT/+u7MjgO7AVeeh0yk2NhGJOgtzGXPKb8KUsWIR8x6w
BOLx8KN5/tVOdo8Oo+zbwnk0J+WeJZ10gEVVCykNtFjNggzq4MOLFHktYBn+yNpA
OmprRPYVggeXTH7e3odt6DWI8HeLy9goJoeDiF2ec0+K6BuYfboOslpes6Xi9nGV
vhUHzhyq+4M+Vh/je+EyykMqIqz4vcv3/B76LCkZ56BTdksZJt2z7QbHES9Ybfvv
lZGeNp5WK8ZUP/X/D1QTPBz6kFhgXDuxQysM0gr+ihWYiePGiz1f
-----END CERTIFICATE-----