Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/i5ey-5S28-bGA_2nSnz5d5n6bXI.roa
File:                     i5ey-5S28-bGA_2nSnz5d5n6bXI.roa (raw, json)
Hash identifier:          hejh/sSeg+qQxUHm7ROigjfZESQGDPWpnUHHXGnnm8g=
Subject key identifier:   8B:97:B2:FB:94:B6:F3:E6:C6:03:FD:A7:4A:7C:F9:77:99:FA:6D:72
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E2A3ACC86CD47505804D26B4DE5F60BAC
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/i5ey-5S28-bGA_2nSnz5d5n6bXI.roa
Signing time:             Fri 15 May 2026 06:02:36 +0000
ROA not before:           Fri 15 May 2026 06:02:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1239
IP address blocks:        109.121.0.0/19 maxlen: 24
                          212.69.10.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2a:3a:cc:86:cd:47:50:58:04:d2:6b:4d:e5:f6:0b:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 15 06:02:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b97b2fb94b6f3e6c603fda74a7cf97799fa6d72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8b:01:81:23:bd:25:54:9a:bc:11:8d:08:a0:
                    7e:84:86:86:72:8f:32:ab:9d:ae:de:05:91:2b:76:
                    6a:8f:be:68:05:f8:bc:4f:ba:21:7a:bd:92:c3:3b:
                    90:ea:0b:50:ef:f8:41:2c:f2:3f:2c:f6:1b:87:5e:
                    f7:6d:fb:91:3a:6f:29:37:68:c7:e6:93:3f:fd:e0:
                    59:71:aa:49:43:a6:b0:d9:32:2c:42:af:f6:76:1c:
                    62:fc:9a:e8:14:8e:4f:dc:fb:23:d2:5b:61:c8:e9:
                    17:f3:a2:85:2f:98:97:b2:26:90:1e:cc:c9:e3:71:
                    7c:28:e1:9e:2d:e9:a9:15:23:c9:4e:5f:72:2a:87:
                    2a:da:9f:52:4f:83:7b:da:61:57:3e:68:0f:ab:4d:
                    cd:ab:80:ab:af:14:0f:cc:c9:41:e3:48:4d:d3:e6:
                    23:29:b9:e7:3d:22:5f:22:9e:bd:8f:5c:9e:07:28:
                    96:14:19:51:8d:72:10:2e:c7:ef:7c:4d:e1:cb:44:
                    19:53:45:72:2c:83:9c:24:0f:35:b0:4b:1b:53:d9:
                    18:aa:b9:01:41:33:7d:58:46:6c:fa:27:70:82:19:
                    51:37:ef:fe:8a:c2:2d:d8:f4:15:65:13:36:cf:4f:
                    2d:c4:e0:48:5b:f8:8e:38:f8:7e:85:80:28:df:0b:
                    75:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:97:B2:FB:94:B6:F3:E6:C6:03:FD:A7:4A:7C:F9:77:99:FA:6D:72
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/i5ey-5S28-bGA_2nSnz5d5n6bXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.0.0/19
                  212.69.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:ce:d9:01:02:6f:c3:9d:61:31:6a:74:df:90:af:81:cc:af:
         ef:05:32:e3:60:d7:a6:1e:16:f5:1c:b9:75:bb:f7:88:2f:41:
         96:21:78:05:1e:6b:aa:7d:24:44:e9:47:09:ff:c4:f2:f8:ce:
         0c:84:36:ef:73:1e:30:86:93:71:5a:0c:ee:4a:78:fb:13:1e:
         ec:76:84:ae:e9:ba:c7:a2:5a:d3:83:3a:69:26:8a:19:fd:67:
         cf:a3:92:f4:69:8b:e1:d8:8f:ec:2e:5b:32:63:58:83:0a:32:
         bf:3e:50:bf:05:5c:87:1e:cf:f9:b3:ba:dc:a3:58:52:c5:81:
         c6:85:d0:73:f7:77:76:06:9a:86:75:08:99:2e:bf:74:bd:bb:
         2e:c5:cb:13:34:75:e0:e7:0f:58:9b:f0:79:77:6e:b6:71:2c:
         bc:b4:93:be:20:6e:5f:12:e5:33:7f:2c:9c:d9:1a:ee:34:cf:
         0e:a9:0a:72:69:04:82:04:af:fe:6c:ca:8f:15:16:32:f2:dc:
         9d:dc:33:65:b9:35:b7:2b:d0:46:55:ec:21:e9:a1:77:bb:8a:
         bc:bc:05:de:f7:25:a9:df:68:d0:f8:2b:7e:0f:a5:e6:ed:ef:
         5b:9c:38:d8:2d:0a:80:5d:fe:87:f6:84:35:e3:52:8c:64:56:
         a0:95:24:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4qOsyGzUdQWATSa03l9gusMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTE1MDYwMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjk3YjJmYjk0YjZmM2U2YzYwM2ZkYTc0YTdjZjk3Nzk5ZmE2ZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIsBgSO9JVSavBGNCKB+hIaGco8y
q52u3gWRK3Zqj75oBfi8T7oher2SwzuQ6gtQ7/hBLPI/LPYbh173bfuROm8pN2jH
5pM//eBZcapJQ6aw2TIsQq/2dhxi/JroFI5P3Psj0lthyOkX86KFL5iXsiaQHszJ
43F8KOGeLempFSPJTl9yKocq2p9ST4N72mFXPmgPq03Nq4CrrxQPzMlB40hN0+Yj
KbnnPSJfIp69j1yeByiWFBlRjXIQLsfvfE3hy0QZU0VyLIOcJA81sEsbU9kYqrkB
QTN9WEZs+idwghlRN+/+isIt2PQVZRM2z08txOBIW/iOOPh+hYAo3wt1nQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIuXsvuUtvPmxgP9p0p8+XeZ+m1yMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvaTVleS01UzI4LWJHQV8yblNuejVkNW42YlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFbXkAAwQB
1EUKMA0GCSqGSIb3DQEBCwUAA4IBAQAKztkBAm/DnWExanTfkK+BzK/vBTLjYNem
Hhb1HLl1u/eIL0GWIXgFHmuqfSRE6UcJ/8Ty+M4MhDbvcx4whpNxWgzuSnj7Ex7s
doSu6brHolrTgzppJooZ/WfPo5L0aYvh2I/sLlsyY1iDCjK/PlC/BVyHHs/5s7rc
o1hSxYHGhdBz93d2BpqGdQiZLr90vbsuxcsTNHXg5w9Ym/B5d262cSy8tJO+IG5f
EuUzfyyc2RruNM8OqQpyaQSCBK/+bMqPFRYy8tyd3DNluTW3K9BGVewh6aF3u4q8
vAXe9yWp32jQ+Ct+D6Xm7e9bnDjYLQqAXf6H9oQ141KMZFaglSQR
-----END CERTIFICATE-----