Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/c7r736GsJzZ364ISBJVy0ABp-hQ.roa
File:                     c7r736GsJzZ364ISBJVy0ABp-hQ.roa (raw, json)
Hash identifier:          QDEAxxD3Izu5ElPHsNeXsihw9iwxEM9CcotDV28ouM4=
Subject key identifier:   73:BA:FB:DF:A1:AC:27:36:77:EB:82:12:04:95:72:D0:00:69:FA:14
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E1AB2AAEA384F443B088C20CF8CD60D3A
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/c7r736GsJzZ364ISBJVy0ABp-hQ.roa
Signing time:             Tue 12 May 2026 05:39:37 +0000
ROA not before:           Tue 12 May 2026 05:39:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46011
IP address blocks:        109.121.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1a:b2:aa:ea:38:4f:44:3b:08:8c:20:cf:8c:d6:0d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 12 05:39:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73bafbdfa1ac273677eb8212049572d00069fa14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b3:5f:a6:35:1f:a2:26:9b:e8:1b:83:2a:47:
                    97:f8:f9:6a:47:05:5c:76:39:ef:40:31:67:b1:39:
                    87:42:7e:7b:b0:39:d5:bf:13:50:97:1d:78:63:49:
                    0e:2a:9e:f6:18:83:ff:29:77:8b:85:a9:42:64:91:
                    8c:f9:8a:60:a1:d2:c4:52:dd:1e:f2:dc:07:96:13:
                    ad:b1:ed:87:62:e8:10:0f:06:0d:5a:0f:de:78:ef:
                    c1:8c:8a:d6:6f:4a:40:4c:10:99:39:b2:fc:89:d1:
                    e9:89:5a:09:2e:50:b2:07:9d:20:8c:34:30:3e:c6:
                    5a:1e:1f:86:5a:d5:29:40:d5:a5:11:d6:f5:d7:67:
                    1a:5d:ce:39:7c:30:d1:bc:d8:22:fd:3e:f0:f1:28:
                    91:57:ee:c1:d7:13:20:97:13:46:a8:a6:24:29:62:
                    f3:b1:23:1f:02:a4:57:e0:6e:82:cc:aa:68:7d:bb:
                    f0:9f:95:2a:26:b9:66:98:54:b3:b4:cb:03:6c:6b:
                    df:67:f4:a7:f3:5b:fa:2e:94:3b:1d:8b:6c:51:cd:
                    05:5e:81:da:3c:a6:78:9f:bc:6b:63:70:ed:b7:b2:
                    0e:16:15:ad:9f:34:3c:29:93:22:c9:2a:8d:f0:5e:
                    d8:b8:31:44:f9:4c:ec:01:45:ac:8c:da:de:6d:56:
                    39:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BA:FB:DF:A1:AC:27:36:77:EB:82:12:04:95:72:D0:00:69:FA:14
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/c7r736GsJzZ364ISBJVy0ABp-hQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:ee:25:4a:4a:64:fa:a3:85:26:7d:a5:f8:a4:25:4f:7d:45:
         e2:96:c6:b7:c3:2b:13:c5:7d:77:5b:bc:ad:8d:83:7a:6f:30:
         de:5e:fb:26:b5:ae:59:4f:67:59:0a:f7:cc:79:ff:27:05:45:
         66:be:8e:bc:54:db:43:6f:95:00:76:65:b9:0e:2f:9a:b9:d6:
         d9:73:09:14:de:5f:85:8a:95:53:d8:92:1b:fe:65:81:65:56:
         02:63:8b:fc:e9:0e:a4:fa:df:bf:bd:32:59:6a:2f:ca:50:e0:
         cf:75:6d:04:a9:d1:08:3a:19:58:3c:c0:e1:75:5b:a8:00:b2:
         1f:3e:25:44:f6:39:08:1d:1a:b3:a3:e0:94:46:61:59:7b:4e:
         c1:04:34:34:fa:a9:1d:94:e4:47:53:34:a7:54:82:57:58:d4:
         1c:97:a0:9a:40:48:ee:76:7e:3a:73:dc:8f:fd:e4:2e:4c:e0:
         d3:4c:5e:5f:9d:f0:86:7f:fc:70:13:f0:8e:7c:a6:72:d0:87:
         24:6a:65:5c:80:74:2a:82:c4:ce:3a:57:23:37:6b:fc:c9:4e:
         03:00:32:7d:d1:12:8f:58:e1:5d:a6:71:d1:db:77:0f:d0:ee:
         29:e9:05:69:19:c5:91:7c:32:1f:62:30:d7:87:c6:64:b1:c3:
         6c:9a:0e:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4asqrqOE9EOwiMIM+M1g06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTEyMDUzOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JhZmJkZmExYWMyNzM2NzdlYjgyMTIwNDk1NzJkMDAwNjlmYTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLNfpjUfoiab6BuDKkeX+PlqRwVc
djnvQDFnsTmHQn57sDnVvxNQlx14Y0kOKp72GIP/KXeLhalCZJGM+YpgodLEUt0e
8twHlhOtse2HYugQDwYNWg/eeO/BjIrWb0pATBCZObL8idHpiVoJLlCyB50gjDQw
PsZaHh+GWtUpQNWlEdb112caXc45fDDRvNgi/T7w8SiRV+7B1xMglxNGqKYkKWLz
sSMfAqRX4G6CzKpofbvwn5UqJrlmmFSztMsDbGvfZ/Sn81v6LpQ7HYtsUc0FXoHa
PKZ4n7xrY3Dtt7IOFhWtnzQ8KZMiySqN8F7YuDFE+UzsAUWsjNrebVY5aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHO6+9+hrCc2d+uCEgSVctAAafoUMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvYzdyNzM2R3NKelozNjRJU0JKVnkwQUJwLWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkkMA0G
CSqGSIb3DQEBCwUAA4IBAQAf7iVKSmT6o4UmfaX4pCVPfUXilsa3wysTxX13W7yt
jYN6bzDeXvsmta5ZT2dZCvfMef8nBUVmvo68VNtDb5UAdmW5Di+audbZcwkU3l+F
ipVT2JIb/mWBZVYCY4v86Q6k+t+/vTJZai/KUODPdW0EqdEIOhlYPMDhdVuoALIf
PiVE9jkIHRqzo+CURmFZe07BBDQ0+qkdlORHUzSnVIJXWNQcl6CaQEjudn46c9yP
/eQuTODTTF5fnfCGf/xwE/COfKZy0IckamVcgHQqgsTOOlcjN2v8yU4DADJ90RKP
WOFdpnHR23cP0O4p6QVpGcWRfDIfYjDXh8ZkscNsmg5q
-----END CERTIFICATE-----