Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2WesvUdaHnIkx-XoJ9-YwGNWDgE.roa
File:                     2WesvUdaHnIkx-XoJ9-YwGNWDgE.roa (raw, json)
Hash identifier:          vOXrBFUK13PbI1SMcChdW9oZftH4nZLPpn/zWSKkZhw=
Subject key identifier:   D9:67:AC:BD:47:5A:1E:72:24:C7:E5:E8:27:DF:98:C0:63:56:0E:01
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DA97A0E6BE13771DA64A17F95F33A4081
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2WesvUdaHnIkx-XoJ9-YwGNWDgE.roa
Signing time:             Mon 20 Apr 2026 06:00:41 +0000
ROA not before:           Mon 20 Apr 2026 06:00:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199524
IP address blocks:        109.121.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:57:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:7a:0e:6b:e1:37:71:da:64:a1:7f:95:f3:3a:40:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 20 06:00:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d967acbd475a1e7224c7e5e827df98c063560e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:25:ec:73:ed:03:01:2b:80:39:89:37:3e:27:
                    e9:84:8c:f5:66:16:33:e9:4e:95:50:a3:86:8e:e8:
                    cb:17:79:6e:ab:04:4d:f7:64:4f:4b:3d:6e:d0:25:
                    20:61:1f:cc:18:64:92:4b:6e:6a:d7:1d:f9:75:24:
                    b5:c1:48:9c:7d:ba:74:97:e7:99:03:50:ce:f7:e8:
                    c9:50:26:59:54:93:6a:1a:5a:86:b8:5e:03:e8:81:
                    9d:03:c1:cc:da:03:5f:f2:7f:7c:30:30:13:42:e6:
                    3e:b6:5e:c2:62:51:4b:8f:e9:b3:99:11:fe:3e:ab:
                    26:84:f8:3f:bc:5a:ad:0f:81:99:48:2c:00:1e:24:
                    fa:f2:5b:71:3f:92:46:a1:7c:ca:1b:9f:66:89:5a:
                    23:07:52:92:a7:90:53:76:0a:30:25:ee:6e:70:e8:
                    9b:bb:a2:89:fb:1f:ff:7c:41:ca:14:76:bf:26:54:
                    82:35:b4:8c:92:b9:5d:c7:32:95:35:9f:70:e1:35:
                    67:49:0d:1a:ec:cc:43:ce:b6:e8:cc:8e:81:20:6e:
                    43:a0:0a:13:d1:9a:42:af:de:c1:3b:dc:63:4e:48:
                    92:e1:52:e2:fc:25:37:72:53:80:f6:52:ce:3c:07:
                    3a:30:6f:24:90:38:9e:fd:54:7e:8d:22:76:44:72:
                    1b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:67:AC:BD:47:5A:1E:72:24:C7:E5:E8:27:DF:98:C0:63:56:0E:01
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2WesvUdaHnIkx-XoJ9-YwGNWDgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7b:53:89:94:3f:f4:7b:2f:42:1e:77:29:65:d6:78:bb:bf:
         35:dc:71:53:85:ac:8b:32:d4:9b:cd:dd:05:b0:26:d6:9e:d9:
         cc:dd:32:d2:72:0a:ab:b6:95:63:5c:59:79:73:65:82:8e:5d:
         2f:fe:34:30:ad:5d:79:ba:5d:9b:b3:a3:dd:57:20:a3:43:c2:
         da:1a:0a:c0:20:7c:4a:8c:77:d2:c0:27:bd:80:72:fc:10:c4:
         a6:b9:a9:c1:92:0e:60:fc:9d:9b:d9:0a:e3:5a:f8:76:c3:80:
         e6:ed:bc:1f:34:40:01:14:92:6b:8e:47:d5:65:ca:b7:44:46:
         f6:5b:dd:f8:68:48:4a:32:9b:c8:b8:d2:16:b5:28:8d:94:a3:
         c5:f0:4b:2f:ea:14:fe:49:60:72:7b:be:54:a4:40:08:55:3d:
         a7:8f:12:d1:20:5f:f0:aa:c2:f5:ef:1a:5c:c4:1c:3a:69:ec:
         27:07:fe:b6:de:35:a5:fa:b7:dc:26:1a:eb:3c:95:89:09:47:
         f4:e7:93:6d:87:89:e1:4d:20:39:36:75:66:5e:96:7b:07:b9:
         20:20:b5:33:55:48:77:4a:79:23:11:be:c9:84:b5:c4:10:55:
         d9:fd:e9:67:24:02:af:ac:3e:4f:99:61:a3:f2:34:00:35:66:
         f5:33:3c:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2peg5r4Tdx2mShf5XzOkCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDIwMDYwMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTY3YWNiZDQ3NWExZTcyMjRjN2U1ZTgyN2RmOThjMDYzNTYwZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyXsc+0DASuAOYk3PifphIz1ZhYz
6U6VUKOGjujLF3luqwRN92RPSz1u0CUgYR/MGGSSS25q1x35dSS1wUicfbp0l+eZ
A1DO9+jJUCZZVJNqGlqGuF4D6IGdA8HM2gNf8n98MDATQuY+tl7CYlFLj+mzmRH+
PqsmhPg/vFqtD4GZSCwAHiT68ltxP5JGoXzKG59miVojB1KSp5BTdgowJe5ucOib
u6KJ+x//fEHKFHa/JlSCNbSMkrldxzKVNZ9w4TVnSQ0a7MxDzrbozI6BIG5DoAoT
0ZpCr97BO9xjTkiS4VLi/CU3clOA9lLOPAc6MG8kkDie/VR+jSJ2RHIbEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlnrL1HWh5yJMfl6CffmMBjVg4BMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMldlc3ZVZGFIbklreC1Yb0o5LVl3R05XRGdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXklMA0G
CSqGSIb3DQEBCwUAA4IBAQAue1OJlD/0ey9CHncpZdZ4u7813HFThayLMtSbzd0F
sCbWntnM3TLScgqrtpVjXFl5c2WCjl0v/jQwrV15ul2bs6PdVyCjQ8LaGgrAIHxK
jHfSwCe9gHL8EMSmuanBkg5g/J2b2QrjWvh2w4Dm7bwfNEABFJJrjkfVZcq3REb2
W934aEhKMpvIuNIWtSiNlKPF8Esv6hT+SWBye75UpEAIVT2njxLRIF/wqsL17xpc
xBw6aewnB/623jWl+rfcJhrrPJWJCUf055Nth4nhTSA5NnVmXpZ7B7kgILUzVUh3
SnkjEb7JhLXEEFXZ/elnJAKvrD5PmWGj8jQANWb1MzxM
-----END CERTIFICATE-----