Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/I0N9a55asQQTH-pKHDrcf5fTUkE.roa
File:                     I0N9a55asQQTH-pKHDrcf5fTUkE.roa (raw, json)
Hash identifier:          njC6Ek7xhl4EUWbqCuTHsZgoXU5PTUprtwuOy2CgITI=
Subject key identifier:   23:43:7D:6B:9E:5A:B1:04:13:1F:EA:4A:1C:3A:DC:7F:97:D3:52:41
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019CF637FD34423DFFE946E64CF882C67DD8
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/I0N9a55asQQTH-pKHDrcf5fTUkE.roa
Signing time:             Mon 16 Mar 2026 10:36:30 +0000
ROA not before:           Mon 16 Mar 2026 10:36:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        109.121.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 12:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:37:fd:34:42:3d:ff:e9:46:e6:4c:f8:82:c6:7d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 16 10:36:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23437d6b9e5ab104131fea4a1c3adc7f97d35241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3d:f1:a2:a8:72:04:29:f9:64:4e:5c:09:6b:
                    10:fd:99:31:f4:fb:9b:6f:a8:64:27:f9:f2:a7:f6:
                    5b:01:5f:11:14:25:ea:dc:56:68:27:ce:7c:0a:13:
                    b2:50:17:f3:32:22:c6:51:33:55:08:05:d5:d8:eb:
                    27:22:84:b1:76:70:8d:09:40:d7:ad:fd:19:d3:e1:
                    b5:68:bd:2e:57:2b:89:78:b8:d5:8d:f5:5a:ff:22:
                    06:5b:6a:04:d1:be:cc:b6:c6:16:9c:1c:58:b9:63:
                    91:23:fb:ab:0c:cf:60:ef:61:29:aa:72:71:53:98:
                    2d:ef:c6:45:2a:09:b8:62:a1:60:be:35:33:d6:e4:
                    2f:23:72:c1:12:13:75:9a:a7:f2:fd:16:69:46:ae:
                    c9:c8:12:6c:3b:12:a9:f0:94:61:6d:20:56:ab:d7:
                    eb:32:fa:05:ae:ab:43:5e:54:79:6b:90:69:9e:86:
                    ce:95:21:e6:bc:73:43:33:4c:6b:34:22:f2:81:fa:
                    04:ee:04:cd:09:77:17:81:1b:99:95:49:30:57:5b:
                    35:3f:fe:32:fa:c3:a5:e9:c9:9d:75:1c:7b:c8:82:
                    6c:85:fa:71:68:83:1b:84:af:b5:00:0c:19:51:7b:
                    fa:8a:91:57:28:c0:42:98:03:26:65:8a:40:19:ac:
                    f2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:43:7D:6B:9E:5A:B1:04:13:1F:EA:4A:1C:3A:DC:7F:97:D3:52:41
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/I0N9a55asQQTH-pKHDrcf5fTUkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:44:9b:26:fa:69:29:eb:a0:98:46:d2:6b:ee:ff:83:22:ba:
         33:80:07:25:6e:86:c9:c2:a2:b9:10:a8:c7:ba:80:6e:44:7d:
         43:d1:0f:fc:04:1e:61:df:35:a0:fa:4b:20:be:a7:9f:f5:41:
         89:b0:20:b3:6d:c5:af:9c:60:c3:4a:4a:12:48:80:78:ef:fc:
         79:00:c7:90:a2:e5:17:58:07:a5:15:28:64:18:3c:64:ee:90:
         f4:3c:54:c0:d8:ac:b6:bb:59:b5:15:eb:8e:06:b3:2b:df:03:
         7a:b4:01:79:2e:cb:82:c4:48:13:b8:9d:1f:39:80:57:6c:f2:
         da:ac:bb:2a:8b:d8:e7:f3:10:08:8d:f8:91:7c:b6:92:39:01:
         0c:6f:f9:33:0f:88:64:a8:84:ff:c8:ab:d9:e8:b6:c7:fa:5e:
         d6:dc:a8:be:95:e7:2e:53:a1:5a:f7:0e:96:f1:c8:fe:1c:95:
         30:7a:27:e1:e5:b9:7c:9e:00:38:12:4a:c8:ae:11:5a:9d:96:
         75:79:8f:d6:29:47:71:81:18:3b:60:46:52:b2:38:b1:58:84:
         fc:ee:5e:29:02:64:18:e8:ba:07:d6:99:a6:02:93:9a:65:39:
         f3:65:1c:60:9e:7c:ea:99:a4:92:d0:ec:78:6c:9c:35:79:af:
         43:f0:6b:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz2N/00Qj3/6UbmTPiCxn3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMzE2MTAzNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQzN2Q2YjllNWFiMTA0MTMxZmVhNGExYzNhZGM3Zjk3ZDM1MjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArz3xoqhyBCn5ZE5cCWsQ/Zkx9Pub
b6hkJ/nyp/ZbAV8RFCXq3FZoJ858ChOyUBfzMiLGUTNVCAXV2OsnIoSxdnCNCUDX
rf0Z0+G1aL0uVyuJeLjVjfVa/yIGW2oE0b7MtsYWnBxYuWORI/urDM9g72EpqnJx
U5gt78ZFKgm4YqFgvjUz1uQvI3LBEhN1mqfy/RZpRq7JyBJsOxKp8JRhbSBWq9fr
MvoFrqtDXlR5a5BpnobOlSHmvHNDM0xrNCLygfoE7gTNCXcXgRuZlUkwV1s1P/4y
+sOl6cmddRx7yIJshfpxaIMbhK+1AAwZUXv6ipFXKMBCmAMmZYpAGazyJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNDfWueWrEEEx/qShw63H+X01JBMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvSTBOOWE1NWFzUVFUSC1wS0hEcmNmNWZUVWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXklMA0G
CSqGSIb3DQEBCwUAA4IBAQCZRJsm+mkp66CYRtJr7v+DIrozgAclbobJwqK5EKjH
uoBuRH1D0Q/8BB5h3zWg+ksgvqef9UGJsCCzbcWvnGDDSkoSSIB47/x5AMeQouUX
WAelFShkGDxk7pD0PFTA2Ky2u1m1FeuOBrMr3wN6tAF5LsuCxEgTuJ0fOYBXbPLa
rLsqi9jn8xAIjfiRfLaSOQEMb/kzD4hkqIT/yKvZ6LbH+l7W3Ki+lecuU6Fa9w6W
8cj+HJUweifh5bl8ngA4EkrIrhFanZZ1eY/WKUdxgRg7YEZSsjixWIT87l4pAmQY
6LoH1pmmApOaZTnzZRxgnnzqmaSS0Ox4bJw1ea9D8Gsp
-----END CERTIFICATE-----