Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/arHJPuK2zT110yPcT53yVAUMb4Q.roa
File:                     arHJPuK2zT110yPcT53yVAUMb4Q.roa (raw, json)
Hash identifier:          Hb1WuvCgOlyATjctvdvbyRIVuNywXrIO0MIGlhSnca8=
Subject key identifier:   6A:B1:C9:3E:E2:B6:CD:3D:75:D3:23:DC:4F:9D:F2:54:05:0C:6F:84
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D87753CE461A4A92F5ECAB96B48C33731
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/arHJPuK2zT110yPcT53yVAUMb4Q.roa
Signing time:             Mon 13 Apr 2026 15:28:20 +0000
ROA not before:           Mon 13 Apr 2026 15:28:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20326
IP address blocks:        109.121.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:75:3c:e4:61:a4:a9:2f:5e:ca:b9:6b:48:c3:37:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 13 15:28:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ab1c93ee2b6cd3d75d323dc4f9df254050c6f84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:df:a4:06:90:a4:aa:79:f6:c3:33:b0:24:5b:
                    a6:ad:d6:19:38:d8:21:04:5d:c9:82:39:b7:6d:95:
                    1d:b5:6e:13:f5:ea:34:1e:cb:4b:e8:c6:30:e5:b0:
                    0e:8d:60:26:d8:4c:ee:9f:5f:0c:f5:f7:81:5c:9a:
                    90:3b:56:6b:91:b0:a8:fe:83:e0:67:2a:6e:e0:bc:
                    18:79:9f:37:ff:2a:ec:7f:56:41:a5:01:f2:e0:05:
                    af:41:0d:fe:14:0e:9c:c4:e3:dc:64:e9:60:4f:fd:
                    3d:44:b4:59:78:30:5f:8b:fe:cf:77:fa:b3:67:9f:
                    09:d5:e8:4b:b2:c1:22:18:2e:5f:3e:1f:60:9a:5f:
                    c9:f1:7a:7a:83:9d:37:10:a4:1f:5e:a3:cd:29:56:
                    e6:42:49:b6:45:d9:3f:5e:2d:99:d5:71:94:7d:29:
                    99:de:cc:2c:2e:26:6e:51:6a:1e:00:b0:6c:22:4d:
                    17:a0:97:17:e3:f0:2d:0a:28:e2:38:d5:de:0e:ca:
                    07:8b:cf:6f:62:26:4e:86:cd:17:55:98:8d:e8:f2:
                    08:50:e9:b0:b0:aa:69:88:50:c8:96:d4:80:2e:80:
                    be:96:eb:fa:ea:20:62:19:37:49:45:05:1d:27:a6:
                    71:11:d6:0d:f5:79:31:43:33:97:f2:e8:d0:a9:6b:
                    0c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:B1:C9:3E:E2:B6:CD:3D:75:D3:23:DC:4F:9D:F2:54:05:0C:6F:84
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/arHJPuK2zT110yPcT53yVAUMb4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f3:29:7a:db:b8:ac:fa:88:e2:8c:72:fd:b4:5f:8a:f8:7f:
         1f:b9:20:ec:60:bf:98:44:22:1f:da:ba:d8:87:2b:c5:8a:4a:
         0d:a5:0b:46:68:8b:76:6f:dd:81:99:b8:2c:e0:f1:53:bc:ea:
         18:61:85:f5:d9:3b:64:e3:0e:b3:7b:61:1c:57:3a:2c:07:1b:
         3a:75:1e:df:7f:72:93:94:9c:be:40:9c:8b:96:25:19:aa:69:
         07:37:cc:d9:95:1a:6a:e0:c1:50:35:64:21:03:25:3d:92:fc:
         fe:54:0c:b8:2b:d5:02:bd:f6:d7:a9:64:ae:f7:6b:72:f3:99:
         16:de:ef:b9:a1:b0:f8:98:a5:b9:0c:29:f2:00:fb:10:f8:a2:
         11:1c:a0:3c:aa:41:fd:22:95:cd:c5:18:16:26:f1:96:a2:3f:
         f6:39:59:e6:49:80:d7:98:24:a4:10:60:e7:14:d8:4e:f3:2a:
         07:34:96:a2:57:bc:5e:99:82:02:46:5c:8c:ad:76:b2:2a:d8:
         8b:02:32:bc:aa:87:58:e0:e2:c5:2e:f0:ac:2d:22:ac:d9:0a:
         b6:ea:4e:6f:b3:b2:c8:a6:d6:9a:e9:18:25:1f:28:ea:bf:fd:
         34:d5:53:cc:a4:bf:e6:9b:3d:18:72:e9:f4:28:46:75:87:b1:
         88:f2:32:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2HdTzkYaSpL17KuWtIwzcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDEzMTUyODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWIxYzkzZWUyYjZjZDNkNzVkMzIzZGM0ZjlkZjI1NDA1MGM2Zjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9+kBpCkqnn2wzOwJFumrdYZONgh
BF3Jgjm3bZUdtW4T9eo0HstL6MYw5bAOjWAm2Ezun18M9feBXJqQO1ZrkbCo/oPg
Zypu4LwYeZ83/yrsf1ZBpQHy4AWvQQ3+FA6cxOPcZOlgT/09RLRZeDBfi/7Pd/qz
Z58J1ehLssEiGC5fPh9gml/J8Xp6g503EKQfXqPNKVbmQkm2Rdk/Xi2Z1XGUfSmZ
3swsLiZuUWoeALBsIk0XoJcX4/AtCijiONXeDsoHi89vYiZOhs0XVZiN6PIIUOmw
sKppiFDIltSALoC+luv66iBiGTdJRQUdJ6ZxEdYN9XkxQzOX8ujQqWsM3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqxyT7its09ddMj3E+d8lQFDG+EMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvYXJISlB1SzJ6VDExMHlQY1Q1M3lWQVVNYjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkvMA0G
CSqGSIb3DQEBCwUAA4IBAQAa8yl627is+ojijHL9tF+K+H8fuSDsYL+YRCIf2rrY
hyvFikoNpQtGaIt2b92Bmbgs4PFTvOoYYYX12Ttk4w6ze2EcVzosBxs6dR7ff3KT
lJy+QJyLliUZqmkHN8zZlRpq4MFQNWQhAyU9kvz+VAy4K9UCvfbXqWSu92ty85kW
3u+5obD4mKW5DCnyAPsQ+KIRHKA8qkH9IpXNxRgWJvGWoj/2OVnmSYDXmCSkEGDn
FNhO8yoHNJaiV7xemYICRlyMrXayKtiLAjK8qodY4OLFLvCsLSKs2Qq26k5vs7LI
ptaa6RglHyjqv/001VPMpL/mmz0Ycun0KEZ1h7GI8jJQ
-----END CERTIFICATE-----