Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1DX39QU8ljB6Tc7mzk0lhFBJzn4.roa
File:                     1DX39QU8ljB6Tc7mzk0lhFBJzn4.roa (raw, json)
Hash identifier:          zgQn1I95z3hmzZuEzRqKQ3JCo/Vb7VuL+YDCdtL2ZqU=
Subject key identifier:   D4:35:F7:F5:05:3C:96:30:7A:4D:CE:E6:CE:4D:25:84:50:49:CE:7E
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019CC2AA0A4AC50E7F8ACB3BF7473DA4A877
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1DX39QU8ljB6Tc7mzk0lhFBJzn4.roa
Signing time:             Fri 06 Mar 2026 10:20:49 +0000
ROA not before:           Fri 06 Mar 2026 10:20:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        5.172.36.0/24 maxlen: 24
                          185.157.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:aa:0a:4a:c5:0e:7f:8a:cb:3b:f7:47:3d:a4:a8:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Mar  6 10:20:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d435f7f5053c96307a4dcee6ce4d25845049ce7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7f:2f:48:2f:4a:c8:ab:0c:9a:e8:df:f2:e1:
                    66:ca:e3:1c:b1:20:27:ec:2e:a9:5d:88:07:d2:8d:
                    3c:6b:e0:b7:c0:28:4d:43:c9:fc:8d:f4:0e:fe:88:
                    31:92:62:84:eb:23:53:dc:46:08:c4:db:db:76:06:
                    64:c5:b3:98:db:a4:26:d2:31:70:10:26:6a:f1:27:
                    29:04:43:ac:8d:9a:bf:47:9b:58:aa:cc:6b:47:68:
                    db:48:c8:10:f7:8e:af:22:21:f3:03:64:ef:09:46:
                    d1:ff:70:fa:f1:32:a2:a9:d2:5e:00:8a:58:0a:15:
                    ee:2e:ef:f0:45:c0:05:60:29:42:1b:f0:bf:73:97:
                    28:36:4f:1d:c6:46:94:f1:53:9d:83:83:75:d1:84:
                    af:dc:4e:40:d5:11:cf:43:42:d5:68:1e:4c:03:7b:
                    39:61:54:be:de:b3:9d:b8:5f:fa:27:27:83:80:81:
                    09:70:ed:d7:37:6b:51:d9:c0:33:6c:d3:f2:15:73:
                    b8:82:5e:4a:f4:ee:9d:40:e1:f6:a0:84:ce:3a:ad:
                    ad:44:f2:07:e5:22:8a:a4:d3:d4:3c:cd:52:ac:77:
                    fa:b5:00:36:6b:bc:bd:8f:74:e4:f6:90:ed:43:a0:
                    d5:6f:e1:a4:95:ae:fe:01:92:df:45:ee:f7:77:bc:
                    88:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:35:F7:F5:05:3C:96:30:7A:4D:CE:E6:CE:4D:25:84:50:49:CE:7E
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1DX39QU8ljB6Tc7mzk0lhFBJzn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.36.0/24
                  185.157.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e3:5b:02:eb:09:88:89:f3:20:68:ca:15:e0:73:c5:29:9d:
         af:15:95:1f:78:d7:30:3d:2d:01:34:11:2e:67:4c:93:6c:0e:
         06:0f:74:66:9f:11:db:7b:c9:55:b0:b6:11:fe:f1:24:b0:96:
         34:89:a0:7c:f1:45:b2:f1:e3:bc:d3:f3:7d:35:84:dd:ae:b1:
         e8:47:bb:36:02:ec:9b:a7:2a:a9:39:6a:cb:6c:0b:3a:01:8f:
         33:50:b2:d3:b2:1e:d5:ec:5d:e0:c4:99:a8:da:3c:b9:7b:68:
         22:b4:bd:9e:de:a4:f2:6a:32:dc:a1:86:84:b1:64:12:9b:27:
         7c:7a:ce:f1:ed:c3:bf:65:b1:3f:ca:5a:f1:30:ff:f2:6a:28:
         37:e6:8d:5f:85:be:15:2e:6c:c6:fb:8a:94:79:8e:35:e2:11:
         1d:59:8c:c4:20:c7:75:6f:52:01:c1:de:00:ec:a8:6e:a3:87:
         3b:71:95:9b:17:ed:43:83:ad:fb:76:1c:be:19:d0:e5:4e:87:
         15:42:2a:63:a9:42:51:5a:83:21:d8:44:ad:85:c6:f9:5b:a1:
         0b:77:42:20:6a:56:1a:80:42:a2:e1:f1:9a:a8:c8:27:b1:03:
         a4:7d:8e:43:9e:44:e1:da:67:b0:20:5a:97:3f:9e:13:d3:d4:
         4a:e4:ab:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzCqgpKxQ5/iss790c9pKh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMzA2MTAyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDM1ZjdmNTA1M2M5NjMwN2E0ZGNlZTZjZTRkMjU4NDUwNDljZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw38vSC9KyKsMmujf8uFmyuMcsSAn
7C6pXYgH0o08a+C3wChNQ8n8jfQO/ogxkmKE6yNT3EYIxNvbdgZkxbOY26Qm0jFw
ECZq8ScpBEOsjZq/R5tYqsxrR2jbSMgQ946vIiHzA2TvCUbR/3D68TKiqdJeAIpY
ChXuLu/wRcAFYClCG/C/c5coNk8dxkaU8VOdg4N10YSv3E5A1RHPQ0LVaB5MA3s5
YVS+3rOduF/6JyeDgIEJcO3XN2tR2cAzbNPyFXO4gl5K9O6dQOH2oITOOq2tRPIH
5SKKpNPUPM1SrHf6tQA2a7y9j3Tk9pDtQ6DVb+Gkla7+AZLfRe73d7yI3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNQ19/UFPJYwek3O5s5NJYRQSc5+MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvMURYMzlRVThsakI2VGM3bXprMGxoRkJKem40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABawkAwQA
uZ0uMA0GCSqGSIb3DQEBCwUAA4IBAQA+41sC6wmIifMgaMoV4HPFKZ2vFZUfeNcw
PS0BNBEuZ0yTbA4GD3RmnxHbe8lVsLYR/vEksJY0iaB88UWy8eO80/N9NYTdrrHo
R7s2AuybpyqpOWrLbAs6AY8zULLTsh7V7F3gxJmo2jy5e2gitL2e3qTyajLcoYaE
sWQSmyd8es7x7cO/ZbE/ylrxMP/yaig35o1fhb4VLmzG+4qUeY414hEdWYzEIMd1
b1IBwd4A7Khuo4c7cZWbF+1Dg637dhy+GdDlTocVQipjqUJRWoMh2ESthcb5W6EL
d0IgalYagEKi4fGaqMgnsQOkfY5DnkTh2mewIFqXP54T09RK5Kt2
-----END CERTIFICATE-----