Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/vxqTOg38wW26HT7cypf16sp9KAg.roa
File:                     vxqTOg38wW26HT7cypf16sp9KAg.roa (raw, json)
Hash identifier:          AoKw/NGVXblBdPHlr3LZ77OsrkHekk6SADTDXFTSxQg=
Subject key identifier:   BF:1A:93:3A:0D:FC:C1:6D:BA:1D:3E:DC:CA:97:F5:EA:CA:7D:28:08
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E1AB2AC0A75C8DB716B16B77C2ED62054
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/vxqTOg38wW26HT7cypf16sp9KAg.roa
Signing time:             Tue 12 May 2026 05:39:37 +0000
ROA not before:           Tue 12 May 2026 05:39:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        109.121.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1a:b2:ac:0a:75:c8:db:71:6b:16:b7:7c:2e:d6:20:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 12 05:39:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf1a933a0dfcc16dba1d3edcca97f5eaca7d2808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:86:e8:6a:7f:8a:b1:75:f2:49:c1:75:c3:33:
                    ce:af:70:18:db:f1:e5:b4:05:9d:62:23:97:f8:5c:
                    88:33:7f:10:f7:a1:a6:b9:bd:8b:6f:50:10:9c:07:
                    d4:24:5c:a7:be:e4:bc:ed:42:eb:c7:a7:57:69:a4:
                    13:76:6e:c3:11:37:31:ad:3e:03:dd:19:5d:9f:82:
                    1e:18:29:58:28:3d:eb:86:e5:78:bd:02:cc:98:94:
                    76:b2:d6:dd:41:30:38:8b:66:63:a8:3b:ad:7b:d2:
                    84:c5:ee:79:0e:f3:0c:57:8f:43:7d:76:e3:a6:1b:
                    d5:f2:99:61:18:05:33:e8:84:95:cb:d0:b8:a4:1b:
                    13:31:53:12:70:a8:01:4e:8f:05:c5:3e:61:1e:37:
                    53:4b:c4:96:cc:8d:4f:85:f8:2e:56:1f:93:be:c3:
                    43:13:ff:fc:6d:a7:c4:db:28:b0:94:e3:22:27:0b:
                    91:33:93:f1:71:7d:13:de:1e:8b:ac:6e:90:56:a3:
                    d8:59:a5:6b:a3:76:98:54:13:99:f9:a9:e6:ff:17:
                    8e:33:8d:3d:47:74:51:b5:fa:20:b6:a3:d0:c5:3e:
                    6e:c8:0a:d1:c7:49:06:3e:ed:ff:7a:df:fe:65:6d:
                    74:ce:46:c9:df:bf:f6:3e:8e:b8:67:e7:0c:e0:72:
                    13:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:1A:93:3A:0D:FC:C1:6D:BA:1D:3E:DC:CA:97:F5:EA:CA:7D:28:08
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/vxqTOg38wW26HT7cypf16sp9KAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:5c:59:e8:f0:8b:51:66:f9:f3:be:6d:4d:f4:24:bf:da:35:
         07:90:80:24:bc:fc:87:55:84:20:e2:98:c9:a6:1b:d7:cf:27:
         e4:e0:71:85:89:4a:b1:52:e9:12:8c:d2:04:09:49:ae:89:31:
         63:63:13:5b:fc:44:31:04:79:ca:6d:4b:52:19:21:d8:08:c3:
         ab:df:12:70:26:8d:19:69:57:1d:f0:c1:41:0a:c6:15:bd:c9:
         10:1f:bd:c7:8b:b8:77:09:f4:c7:2a:44:cb:3b:7b:3a:07:76:
         c5:f6:86:0d:35:d1:0a:fc:bf:f4:fa:5e:74:20:9d:3a:5a:f9:
         54:27:8f:5d:97:86:4f:b9:d2:ec:41:c0:33:ac:99:d3:c8:5e:
         09:d9:9c:bf:c4:bb:6f:0a:8d:6b:cd:44:27:35:04:4e:17:a7:
         71:5d:3a:10:f9:e3:06:f3:23:f1:36:bc:96:0a:f2:6c:fa:52:
         f9:34:2a:f8:34:1f:18:8d:a4:57:cd:c2:aa:42:e4:46:08:43:
         8a:00:28:33:ed:f6:da:99:a1:38:f5:0e:35:e3:84:c8:5c:2f:
         25:8d:23:a9:c9:66:ab:91:f9:25:34:e4:6b:0a:de:30:88:c0:
         26:b5:5b:1f:a9:b5:8b:fc:fb:cc:1f:f9:69:1a:c6:b8:c8:b9:
         98:34:ee:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4asqwKdcjbcWsWt3wu1iBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTEyMDUzOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjFhOTMzYTBkZmNjMTZkYmExZDNlZGNjYTk3ZjVlYWNhN2QyODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoboan+KsXXyScF1wzPOr3AY2/Hl
tAWdYiOX+FyIM38Q96Gmub2Lb1AQnAfUJFynvuS87ULrx6dXaaQTdm7DETcxrT4D
3Rldn4IeGClYKD3rhuV4vQLMmJR2stbdQTA4i2ZjqDute9KExe55DvMMV49DfXbj
phvV8plhGAUz6ISVy9C4pBsTMVMScKgBTo8FxT5hHjdTS8SWzI1PhfguVh+TvsND
E//8bafE2yiwlOMiJwuRM5PxcX0T3h6LrG6QVqPYWaVro3aYVBOZ+anm/xeOM409
R3RRtfogtqPQxT5uyArRx0kGPu3/et/+ZW10zkbJ37/2Po64Z+cM4HIToQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8akzoN/MFtuh0+3MqX9erKfSgIMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvdnhxVE9nMzh3VzI2SFQ3Y3lwZjE2c3A5S0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkkMA0G
CSqGSIb3DQEBCwUAA4IBAQCCXFno8ItRZvnzvm1N9CS/2jUHkIAkvPyHVYQg4pjJ
phvXzyfk4HGFiUqxUukSjNIECUmuiTFjYxNb/EQxBHnKbUtSGSHYCMOr3xJwJo0Z
aVcd8MFBCsYVvckQH73Hi7h3CfTHKkTLO3s6B3bF9oYNNdEK/L/0+l50IJ06WvlU
J49dl4ZPudLsQcAzrJnTyF4J2Zy/xLtvCo1rzUQnNQROF6dxXToQ+eMG8yPxNryW
CvJs+lL5NCr4NB8YjaRXzcKqQuRGCEOKACgz7fbamaE49Q4144TIXC8ljSOpyWar
kfklNORrCt4wiMAmtVsfqbWL/PvMH/lpGsa4yLmYNO5f
-----END CERTIFICATE-----