Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cRyY78iSK1ccdYvXX1mJcxx0ZAA.roa
File:                     cRyY78iSK1ccdYvXX1mJcxx0ZAA.roa (raw, json)
Hash identifier:          tpsk7cKw2vnSNM4cGNe+s/H2mjO8/dmFx7r0AGJ5gZg=
Subject key identifier:   71:1C:98:EF:C8:92:2B:57:1C:75:8B:D7:5F:59:89:73:1C:74:64:00
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E1C341A379194C137CA455177E4305BCB
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cRyY78iSK1ccdYvXX1mJcxx0ZAA.roa
Signing time:             Tue 12 May 2026 12:40:37 +0000
ROA not before:           Tue 12 May 2026 12:40:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        109.121.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:34:1a:37:91:94:c1:37:ca:45:51:77:e4:30:5b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 12 12:40:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=711c98efc8922b571c758bd75f5989731c746400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:12:c2:31:25:19:56:b2:af:78:3d:01:2b:1e:
                    a2:6a:ef:8a:db:a9:87:05:f3:a6:19:f0:0a:13:12:
                    12:89:11:57:5b:1b:10:9a:39:22:7a:21:a8:73:fe:
                    97:52:8a:e3:76:73:27:cc:60:ed:76:5e:41:82:aa:
                    87:1b:5f:b9:fb:78:57:f3:63:88:72:84:df:48:de:
                    85:dc:d3:4e:67:63:cf:a1:f7:e6:02:ae:83:8e:97:
                    ec:68:fe:7b:52:da:24:18:c7:2a:c6:31:b0:b4:9d:
                    94:0d:ce:51:2f:5f:98:85:1f:72:22:ee:82:f3:1f:
                    0a:89:c9:bc:59:8e:f7:f1:54:d9:0b:c3:5b:64:ac:
                    d4:ca:e4:25:d4:3a:dc:db:3e:01:f7:29:23:0c:2c:
                    c6:95:54:3e:5a:92:42:e7:49:c8:8f:81:3b:db:94:
                    09:88:f1:fb:c5:e1:d1:5e:a8:25:96:ee:72:45:76:
                    50:42:d0:99:48:6f:97:81:09:82:ed:de:b5:24:96:
                    0d:9f:86:07:f7:5b:a7:8f:3f:73:e4:57:77:bd:14:
                    1e:12:08:12:1f:c3:c1:68:56:08:78:26:97:04:d9:
                    47:35:10:5b:8f:c2:21:02:a5:c4:e5:ed:f3:d3:77:
                    b8:2f:a2:c1:e0:d2:4e:8c:64:20:38:e0:6e:d5:86:
                    62:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1C:98:EF:C8:92:2B:57:1C:75:8B:D7:5F:59:89:73:1C:74:64:00
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cRyY78iSK1ccdYvXX1mJcxx0ZAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:db:f7:69:ab:db:0c:ef:cf:47:80:64:1e:1f:6f:de:a7:44:
         57:8d:f0:65:ae:e5:df:ab:ed:9a:47:f3:12:92:60:87:1f:83:
         42:32:96:d6:22:04:8b:0a:80:4d:13:22:59:a4:02:7f:c7:02:
         a8:c0:a7:a4:e5:9a:1f:9e:03:ad:5d:69:e8:7b:e5:b2:06:85:
         20:9c:e0:40:f8:5b:b4:4a:7a:a2:6e:83:e0:c2:69:c3:11:60:
         ab:3f:ea:20:4b:dd:d3:c7:b7:71:bd:07:4e:19:d8:6b:01:cc:
         2b:ff:7b:98:a8:b8:5c:65:22:fa:89:33:35:c1:c7:ed:f4:9c:
         d4:27:58:49:1e:2b:28:1b:de:44:a2:a7:eb:21:cc:97:36:a2:
         15:1a:c9:ac:1a:74:55:11:ce:e4:87:4a:f2:34:e0:59:fc:15:
         ee:f9:54:10:33:ba:1d:f5:f5:5f:e5:8e:09:cc:a3:43:61:fa:
         51:d9:ab:12:4f:c7:34:92:b1:1c:f5:a5:04:4a:26:64:2e:c0:
         f5:c5:9b:2b:9c:5b:ec:7f:1c:1e:60:79:ff:84:80:db:e1:8a:
         d8:4a:0a:20:02:74:53:b4:b8:b9:14:96:51:ea:0c:21:53:e3:
         eb:0a:9a:4c:c7:56:57:f3:b0:27:97:24:3e:52:6b:fb:74:4a:
         d7:cb:b1:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4cNBo3kZTBN8pFUXfkMFvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTEyMTI0MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTFjOThlZmM4OTIyYjU3MWM3NThiZDc1ZjU5ODk3MzFjNzQ2NDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxLCMSUZVrKveD0BKx6iau+K26mH
BfOmGfAKExISiRFXWxsQmjkieiGoc/6XUorjdnMnzGDtdl5BgqqHG1+5+3hX82OI
coTfSN6F3NNOZ2PPoffmAq6DjpfsaP57UtokGMcqxjGwtJ2UDc5RL1+YhR9yIu6C
8x8Kicm8WY738VTZC8NbZKzUyuQl1Drc2z4B9ykjDCzGlVQ+WpJC50nIj4E725QJ
iPH7xeHRXqgllu5yRXZQQtCZSG+XgQmC7d61JJYNn4YH91unjz9z5Fd3vRQeEggS
H8PBaFYIeCaXBNlHNRBbj8IhAqXE5e3z03e4L6LB4NJOjGQgOOBu1YZiUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEcmO/IkitXHHWL119ZiXMcdGQAMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvY1J5WTc4aVNLMWNjZFl2WFgxbUpjeHgwWkFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXknMA0G
CSqGSIb3DQEBCwUAA4IBAQAy2/dpq9sM789HgGQeH2/ep0RXjfBlruXfq+2aR/MS
kmCHH4NCMpbWIgSLCoBNEyJZpAJ/xwKowKek5ZofngOtXWnoe+WyBoUgnOBA+Fu0
SnqiboPgwmnDEWCrP+ogS93Tx7dxvQdOGdhrAcwr/3uYqLhcZSL6iTM1wcft9JzU
J1hJHisoG95EoqfrIcyXNqIVGsmsGnRVEc7kh0ryNOBZ/BXu+VQQM7od9fVf5Y4J
zKNDYfpR2asST8c0krEc9aUESiZkLsD1xZsrnFvsfxweYHn/hIDb4YrYSgogAnRT
tLi5FJZR6gwhU+PrCppMx1ZX87AnlyQ+Umv7dErXy7FJ
-----END CERTIFICATE-----