Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wsixZuzNwrrVfCpDdR4fMq2uquI.roa
File:                     wsixZuzNwrrVfCpDdR4fMq2uquI.roa (raw, json)
Hash identifier:          +M++fRx9kZwQa1aDDiDqhEOMEdN7b0A+PBp06ZlnvQc=
Subject key identifier:   C2:C8:B1:66:EC:CD:C2:BA:D5:7C:2A:43:75:1E:1F:32:AD:AE:AA:E2
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E2A3ACD2DE74902F2CA3B20A9EF0D8F19
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wsixZuzNwrrVfCpDdR4fMq2uquI.roa
Signing time:             Fri 15 May 2026 06:02:37 +0000
ROA not before:           Fri 15 May 2026 06:02:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        109.121.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 12:27:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2a:3a:cd:2d:e7:49:02:f2:ca:3b:20:a9:ef:0d:8f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 15 06:02:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2c8b166eccdc2bad57c2a43751e1f32adaeaae2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f4:16:23:63:2a:f2:f8:55:fa:c7:0e:34:36:
                    66:02:21:bb:37:b9:c7:66:32:fe:14:5c:9c:a2:71:
                    3d:2a:fd:b7:5e:8f:76:f9:dd:2a:82:43:6e:10:32:
                    92:8b:c5:40:d1:38:b2:e9:8d:74:6c:a6:99:b6:4c:
                    e8:85:b1:9a:43:fe:38:07:bc:ae:3a:5d:a4:e8:2f:
                    a1:ef:f5:8d:8f:87:09:28:b7:de:bb:27:9f:4f:d8:
                    3a:44:f3:c1:14:df:54:3d:b4:8c:c1:5d:7f:cc:e5:
                    5d:77:85:23:78:91:a6:b7:16:d3:99:dd:10:14:6e:
                    ee:d4:e4:73:95:86:64:c7:2b:27:6f:62:2b:3d:07:
                    40:dd:6e:9e:29:c1:58:a2:ed:71:eb:dc:8c:2a:21:
                    b0:37:24:2a:e4:ad:79:0c:43:e5:d5:77:7d:6d:ed:
                    33:3a:85:3b:c2:1a:03:b0:a5:14:cc:6f:16:26:e3:
                    b8:26:53:e3:dd:ee:c9:52:fa:b0:45:c1:b1:83:38:
                    11:65:46:54:72:9a:58:bb:f0:cf:17:7f:17:8f:de:
                    ce:26:14:9c:2a:30:42:0c:d5:6b:89:44:23:76:6c:
                    84:5b:d4:1b:0d:ff:1f:48:a3:3c:44:0a:c9:7a:d3:
                    4c:2e:87:2d:1e:00:37:5e:26:d9:f6:32:33:a9:05:
                    2f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C8:B1:66:EC:CD:C2:BA:D5:7C:2A:43:75:1E:1F:32:AD:AE:AA:E2
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wsixZuzNwrrVfCpDdR4fMq2uquI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         70:02:ca:91:7e:23:8d:a6:f5:b5:8c:36:d2:cf:94:95:c6:19:
         00:f8:86:96:67:65:d4:c8:a8:da:6f:0f:1d:76:70:58:01:34:
         5d:d9:7f:f1:4d:a0:6a:c0:fb:b3:56:1e:21:a3:2b:8f:8b:03:
         e2:ca:21:4e:e0:cc:28:0e:bb:94:0c:3c:fe:dc:12:91:73:47:
         4f:10:31:f2:40:d8:07:ea:33:3a:0d:77:04:8f:2c:ee:3a:16:
         22:16:97:45:0a:dc:37:49:62:ca:2a:3e:ea:2b:27:b8:78:87:
         98:ae:86:93:c2:f0:81:97:83:24:a0:e7:e1:50:b5:0c:7e:ec:
         2d:7e:0b:42:1a:53:c6:ba:78:0b:54:42:46:f1:38:59:3d:04:
         52:d1:bf:e1:d7:68:18:18:2c:2e:36:85:11:35:e6:6f:de:bd:
         c9:9a:e3:8e:de:39:a5:b4:53:95:9c:14:88:fa:69:36:d8:33:
         d1:bd:aa:fb:2d:1e:5f:56:6f:ef:e3:3e:8c:c7:e1:2f:1b:48:
         f5:62:27:ed:a6:ca:f0:be:9b:5b:d4:b1:93:cf:4e:cd:d5:54:
         28:3c:de:63:eb:54:73:08:34:52:ef:19:06:bf:a2:56:2a:77:
         1e:12:87:79:8b:a9:97:16:e6:cd:ae:0c:aa:89:87:ac:e0:58:
         bc:49:c7:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4qOs0t50kC8so7IKnvDY8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTE1MDYwMjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmM4YjE2NmVjY2RjMmJhZDU3YzJhNDM3NTFlMWYzMmFkYWVhYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvQWI2Mq8vhV+scONDZmAiG7N7nH
ZjL+FFyconE9Kv23Xo92+d0qgkNuEDKSi8VA0Tiy6Y10bKaZtkzohbGaQ/44B7yu
Ol2k6C+h7/WNj4cJKLfeuyefT9g6RPPBFN9UPbSMwV1/zOVdd4UjeJGmtxbTmd0Q
FG7u1ORzlYZkxysnb2IrPQdA3W6eKcFYou1x69yMKiGwNyQq5K15DEPl1Xd9be0z
OoU7whoDsKUUzG8WJuO4JlPj3e7JUvqwRcGxgzgRZUZUcppYu/DPF38Xj97OJhSc
KjBCDNVriUQjdmyEW9QbDf8fSKM8RArJetNMLoctHgA3XibZ9jIzqQUvqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLIsWbszcK61XwqQ3UeHzKtrqriMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvd3NpeFp1ek53cnJWZkNwRGRSNGZNcTJ1cXVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbXkAMA0G
CSqGSIb3DQEBCwUAA4IBAQBwAsqRfiONpvW1jDbSz5SVxhkA+IaWZ2XUyKjabw8d
dnBYATRd2X/xTaBqwPuzVh4hoyuPiwPiyiFO4MwoDruUDDz+3BKRc0dPEDHyQNgH
6jM6DXcEjyzuOhYiFpdFCtw3SWLKKj7qKye4eIeYroaTwvCBl4MkoOfhULUMfuwt
fgtCGlPGungLVEJG8ThZPQRS0b/h12gYGCwuNoURNeZv3r3JmuOO3jmltFOVnBSI
+mk22DPRvar7LR5fVm/v4z6Mx+EvG0j1Yiftpsrwvptb1LGTz07N1VQoPN5j61Rz
CDRS7xkGv6JWKnceEod5i6mXFubNrgyqiYes4Fi8ScdS
-----END CERTIFICATE-----