Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/pjCEKUtW32VO_L6FBu3lWdp5e_4.roa
File:                     pjCEKUtW32VO_L6FBu3lWdp5e_4.roa (raw, json)
Hash identifier:          4O6y7KQRBf95S6oKVN2ZSM4aXH7LYJFuQCieMQA7GmQ=
Subject key identifier:   A6:30:84:29:4B:56:DF:65:4E:FC:BE:85:06:ED:E5:59:DA:79:7B:FE
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D70DEC3FE4FA228C9B054466A97E3D0A6
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/pjCEKUtW32VO_L6FBu3lWdp5e_4.roa
Signing time:             Thu 09 Apr 2026 06:12:20 +0000
ROA not before:           Thu 09 Apr 2026 06:12:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        109.121.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:70:de:c3:fe:4f:a2:28:c9:b0:54:46:6a:97:e3:d0:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr  9 06:12:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a63084294b56df654efcbe8506ede559da797bfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bb:2b:52:cd:2d:2d:7f:9f:a3:85:36:5a:a0:
                    0b:ee:1d:d2:65:ed:00:38:1d:3c:1d:c2:e5:0c:d0:
                    ac:4f:d7:d7:ce:8b:6b:d2:ab:1a:08:f4:8e:f4:81:
                    f3:6e:03:fc:7a:82:a7:a1:73:97:90:a8:8b:b9:bd:
                    1a:20:a9:77:11:fa:5a:09:0c:10:55:ef:94:c5:e1:
                    9b:d5:b9:7c:81:19:35:c6:9b:31:77:c6:48:02:11:
                    ae:54:e2:50:a1:c2:81:e2:26:84:8b:a1:a5:d3:b8:
                    00:d9:f8:a1:1b:25:66:d7:83:44:b3:57:7b:40:7e:
                    f7:1b:8a:12:79:f2:ab:de:36:bf:6a:1e:ac:28:2e:
                    82:bf:aa:1b:37:37:bc:46:3e:db:e9:ff:bd:b1:bd:
                    ec:0f:19:6a:b8:82:e8:13:f4:da:13:7a:ca:07:8b:
                    77:0b:74:bb:3b:0e:84:87:0b:93:47:bb:5a:e8:bc:
                    51:12:ea:ff:a0:c0:5a:d2:7b:4c:c8:ed:64:52:41:
                    c5:6a:86:18:9d:ca:33:cf:25:96:5c:00:1b:27:b7:
                    ff:25:10:fb:e9:8a:cf:37:97:20:27:96:24:ce:8e:
                    5a:f8:32:b0:5c:23:f4:17:91:37:d2:ba:0d:9f:ff:
                    2e:b0:ea:f0:dd:df:c0:02:b6:fb:96:9d:0c:d0:75:
                    10:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:30:84:29:4B:56:DF:65:4E:FC:BE:85:06:ED:E5:59:DA:79:7B:FE
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/pjCEKUtW32VO_L6FBu3lWdp5e_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:88:8b:64:03:82:6c:85:07:df:36:a1:3b:8d:b7:a8:4a:8e:
         e5:0e:2d:8f:3e:77:08:a4:5f:8f:9a:99:1e:3a:3b:9f:3d:e6:
         bb:f4:b5:a4:f6:3a:0b:c0:85:d7:46:0e:11:14:d8:6e:ec:bf:
         b1:8e:97:e5:d1:11:2b:76:08:18:0b:22:8d:d1:5d:15:32:ba:
         23:3b:70:5a:25:1e:65:14:99:de:cc:de:bc:c8:93:93:ed:6d:
         28:da:ac:d4:7d:0e:66:47:95:a1:95:d5:95:02:24:38:52:b9:
         c1:f1:0a:9f:61:db:c6:82:e0:01:ed:07:b3:a8:d7:0f:92:4b:
         37:c2:9e:b0:28:48:b1:16:72:c8:78:9a:b0:b6:ce:06:21:19:
         c1:59:d9:b6:3a:9f:ee:17:85:67:56:3f:9a:03:6b:f7:ac:60:
         a2:2e:60:13:71:f9:3e:89:42:48:30:45:68:cb:5c:7b:09:a4:
         de:fa:ca:9a:9f:79:4c:9a:21:ae:80:41:6d:a5:37:ee:c0:53:
         75:45:5e:17:70:8f:18:d6:84:2e:e1:a8:f0:2c:a7:e3:63:44:
         67:8e:c1:8b:5b:73:fd:47:e3:e5:b2:63:1b:76:dc:41:ea:9a:
         1b:7a:34:8f:2e:68:23:28:0b:85:58:76:7f:7b:bc:54:5d:9a:
         c3:de:2c:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1w3sP+T6IoybBURmqX49CmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDA5MDYxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjMwODQyOTRiNTZkZjY1NGVmY2JlODUwNmVkZTU1OWRhNzk3YmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLsrUs0tLX+fo4U2WqAL7h3SZe0A
OB08HcLlDNCsT9fXzotr0qsaCPSO9IHzbgP8eoKnoXOXkKiLub0aIKl3EfpaCQwQ
Ve+UxeGb1bl8gRk1xpsxd8ZIAhGuVOJQocKB4iaEi6Gl07gA2fihGyVm14NEs1d7
QH73G4oSefKr3ja/ah6sKC6Cv6obNze8Rj7b6f+9sb3sDxlquILoE/TaE3rKB4t3
C3S7Ow6EhwuTR7ta6LxREur/oMBa0ntMyO1kUkHFaoYYncozzyWWXAAbJ7f/JRD7
6YrPN5cgJ5Ykzo5a+DKwXCP0F5E30roNn/8usOrw3d/AArb7lp0M0HUQAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYwhClLVt9lTvy+hQbt5VnaeXv+MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvcGpDRUtVdFczMlZPX0w2RkJ1M2xXZHA1ZV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkkMA0G
CSqGSIb3DQEBCwUAA4IBAQCEiItkA4JshQffNqE7jbeoSo7lDi2PPncIpF+Pmpke
OjufPea79LWk9joLwIXXRg4RFNhu7L+xjpfl0RErdggYCyKN0V0VMrojO3BaJR5l
FJnezN68yJOT7W0o2qzUfQ5mR5WhldWVAiQ4UrnB8QqfYdvGguAB7QezqNcPkks3
wp6wKEixFnLIeJqwts4GIRnBWdm2Op/uF4VnVj+aA2v3rGCiLmATcfk+iUJIMEVo
y1x7CaTe+sqan3lMmiGugEFtpTfuwFN1RV4XcI8Y1oQu4ajwLKfjY0RnjsGLW3P9
R+PlsmMbdtxB6pobejSPLmgjKAuFWHZ/e7xUXZrD3iyH
-----END CERTIFICATE-----