Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/YtPBRWPpBZouVECTxzHqQnQhH7U.roa
File:                     YtPBRWPpBZouVECTxzHqQnQhH7U.roa (raw, json)
Hash identifier:          qqfaLVINwq7ZdqcOhElpnXC0H6U+alzVwuT/MjVdsws=
Subject key identifier:   62:D3:C1:45:63:E9:05:9A:2E:54:40:93:C7:31:EA:42:74:21:1F:B5
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D913BF9BEB74D8B406C6AEF8C6B0A959C
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/YtPBRWPpBZouVECTxzHqQnQhH7U.roa
Signing time:             Wed 15 Apr 2026 13:02:00 +0000
ROA not before:           Wed 15 Apr 2026 13:02:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26769
IP address blocks:        109.121.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:3b:f9:be:b7:4d:8b:40:6c:6a:ef:8c:6b:0a:95:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 15 13:02:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62d3c14563e9059a2e544093c731ea4274211fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1f:ec:be:71:a8:d9:fe:21:76:d4:bd:0c:e7:
                    82:14:dc:24:aa:0f:df:07:73:72:7c:f0:23:bb:a2:
                    0a:d1:24:8e:6e:19:a1:4e:24:0d:f2:20:3e:aa:0b:
                    77:fe:2d:ad:35:09:12:0c:56:ab:ab:0b:54:d3:3d:
                    e0:52:06:d8:9b:91:37:d7:6b:43:f5:c2:f3:2f:db:
                    62:39:63:39:53:fe:89:1a:64:2b:37:35:91:94:56:
                    db:bd:6b:86:c1:a1:ea:05:17:39:04:35:58:32:f4:
                    5c:02:16:15:0b:85:bb:c5:ff:38:7d:92:a4:36:2f:
                    82:23:7c:a9:a9:5e:47:dd:20:1d:bc:96:b2:81:74:
                    b6:1e:00:a5:bf:6c:c7:b8:af:3b:d7:fa:ec:6c:7a:
                    5b:7d:9a:90:cd:65:30:56:6a:fc:d7:17:d1:9a:6c:
                    8b:3b:5e:d3:34:e8:61:ab:8b:5c:db:46:20:6a:ec:
                    58:27:a6:07:d4:d3:50:85:1b:ea:0b:33:f8:a0:d2:
                    7f:c0:61:5f:7a:e3:b2:44:90:69:f9:33:dd:f8:64:
                    f3:e7:cd:b5:bb:62:31:9b:0e:38:38:30:2d:59:6f:
                    71:3f:14:b3:d8:c1:a7:44:45:e6:2a:bb:68:5e:15:
                    4f:81:ad:3f:f7:01:c7:44:df:69:57:8a:d2:0f:e0:
                    ba:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D3:C1:45:63:E9:05:9A:2E:54:40:93:C7:31:EA:42:74:21:1F:B5
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/YtPBRWPpBZouVECTxzHqQnQhH7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:4d:e4:a2:4c:ee:97:5e:0a:94:bc:9a:b7:54:ea:d1:f8:a8:
         85:f2:c2:bf:10:44:dc:0c:2b:dc:ba:82:aa:33:ff:d6:a9:9c:
         c5:1f:5c:af:da:88:2c:89:f7:65:07:1b:ce:b7:a7:a5:2b:af:
         17:03:ed:8b:79:15:76:c7:b4:32:b6:e9:6f:49:d8:9d:ca:25:
         60:b7:ce:77:bb:11:e9:0c:4b:e5:e6:eb:74:99:c1:9e:f0:54:
         3e:ad:f0:eb:bc:b7:f2:d1:39:0f:5e:df:36:43:1a:68:9a:5a:
         b2:8e:9c:8f:6e:fd:18:90:c2:a8:2a:66:f8:ba:ee:51:05:24:
         f3:9a:fe:fc:8d:56:3b:43:52:cb:73:eb:92:32:0b:f9:45:77:
         96:dc:66:3a:b3:ec:88:dd:bc:89:61:d8:36:1f:69:7f:42:87:
         1f:f6:f8:29:a0:e2:ea:66:a7:15:a6:46:1a:e3:10:cf:f3:30:
         28:3a:79:06:f1:e2:8a:90:c1:04:d8:b7:e2:0c:23:4f:da:cd:
         93:a2:b1:95:55:6b:85:18:c3:23:77:5b:c9:77:13:ed:a2:86:
         3e:3c:b9:03:3d:47:b8:89:3a:79:da:52:5c:65:96:12:1f:f5:
         e1:76:50:a6:20:75:3d:ff:e0:86:3c:30:8a:60:b4:b9:5b:6e:
         23:45:dd:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2RO/m+t02LQGxq74xrCpWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDE1MTMwMjAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmQzYzE0NTYzZTkwNTlhMmU1NDQwOTNjNzMxZWE0Mjc0MjExZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsB/svnGo2f4hdtS9DOeCFNwkqg/f
B3NyfPAju6IK0SSObhmhTiQN8iA+qgt3/i2tNQkSDFarqwtU0z3gUgbYm5E312tD
9cLzL9tiOWM5U/6JGmQrNzWRlFbbvWuGwaHqBRc5BDVYMvRcAhYVC4W7xf84fZKk
Ni+CI3ypqV5H3SAdvJaygXS2HgClv2zHuK871/rsbHpbfZqQzWUwVmr81xfRmmyL
O17TNOhhq4tc20YgauxYJ6YH1NNQhRvqCzP4oNJ/wGFfeuOyRJBp+TPd+GTz5821
u2Ixmw44ODAtWW9xPxSz2MGnREXmKrtoXhVPga0/9wHHRN9pV4rSD+C6swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLTwUVj6QWaLlRAk8cx6kJ0IR+1MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvWXRQQlJXUHBCWm91VkVDVHh6SHFRblFoSDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkmMA0G
CSqGSIb3DQEBCwUAA4IBAQBrTeSiTO6XXgqUvJq3VOrR+KiF8sK/EETcDCvcuoKq
M//WqZzFH1yv2ogsifdlBxvOt6elK68XA+2LeRV2x7QytulvSdidyiVgt853uxHp
DEvl5ut0mcGe8FQ+rfDrvLfy0TkPXt82QxpomlqyjpyPbv0YkMKoKmb4uu5RBSTz
mv78jVY7Q1LLc+uSMgv5RXeW3GY6s+yI3byJYdg2H2l/Qocf9vgpoOLqZqcVpkYa
4xDP8zAoOnkG8eKKkMEE2LfiDCNP2s2TorGVVWuFGMMjd1vJdxPtooY+PLkDPUe4
iTp52lJcZZYSH/XhdlCmIHU9/+CGPDCKYLS5W24jRd3G
-----END CERTIFICATE-----