Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wv4gJXNVuMtxsnHKy0k8eNKjMmc.roa
File:                     wv4gJXNVuMtxsnHKy0k8eNKjMmc.roa (raw, json)
Hash identifier:          qnSD8pMdO9T19FUsNufx9gk6V0gyfuIKL4VCnV1vmho=
Subject key identifier:   C2:FE:20:25:73:55:B8:CB:71:B2:71:CA:CB:49:3C:78:D2:A3:32:67
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D877627A71468A7D2CB9938D321D0615E
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wv4gJXNVuMtxsnHKy0k8eNKjMmc.roa
Signing time:             Mon 13 Apr 2026 15:29:20 +0000
ROA not before:           Mon 13 Apr 2026 15:29:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        109.121.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:76:27:a7:14:68:a7:d2:cb:99:38:d3:21:d0:61:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 13 15:29:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2fe20257355b8cb71b271cacb493c78d2a33267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7a:0d:f4:db:f8:19:1c:71:22:ae:4c:15:28:
                    64:60:ff:04:56:07:8d:26:30:d5:cd:bf:fc:e3:b6:
                    6a:ba:a7:05:9d:0a:99:cc:c1:54:b1:eb:d9:43:57:
                    52:dd:dd:fc:10:11:30:f1:a4:3f:32:58:c4:66:ae:
                    77:d2:b3:ba:23:3e:5b:9b:ac:ba:ab:2e:a9:d4:b5:
                    4c:61:6b:e5:88:09:c7:16:24:d6:c5:45:9c:12:ec:
                    ec:fa:a5:90:6a:c9:93:2a:93:51:5e:31:d3:ab:a1:
                    f5:eb:8f:4d:4d:27:6d:1c:a8:f0:16:fd:93:3f:53:
                    e9:4a:a1:3e:0e:a8:5f:9b:86:22:8c:de:49:fd:f8:
                    89:42:42:d3:30:a0:ac:ee:de:5d:41:20:dc:ed:2d:
                    7b:37:87:18:af:3b:bc:1b:14:a4:80:8c:20:da:64:
                    51:95:8c:a2:67:e6:4d:b4:00:68:fa:9a:f2:de:10:
                    b0:63:0b:4c:d6:fa:78:ba:cb:57:9b:b1:9f:10:3e:
                    66:85:1d:be:c5:11:c1:90:9b:3e:a0:41:c2:57:ef:
                    43:f2:02:58:c4:72:d3:81:a3:c5:9d:df:75:df:00:
                    9e:39:f6:c0:4a:2c:60:c3:91:af:5e:a4:77:57:72:
                    1b:2e:b3:10:55:68:4f:d8:2a:b8:0d:02:19:63:58:
                    3a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:FE:20:25:73:55:B8:CB:71:B2:71:CA:CB:49:3C:78:D2:A3:32:67
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wv4gJXNVuMtxsnHKy0k8eNKjMmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:e5:d9:cd:79:bd:82:cb:03:46:ce:11:89:96:bf:32:8e:62:
         a9:0c:7c:49:91:c3:61:71:7d:5b:ac:82:f9:d3:3d:04:9b:fe:
         08:38:3b:65:ab:6b:27:cd:00:23:f3:f2:f9:17:73:fc:d0:57:
         72:8a:0c:b0:25:63:c8:2b:0c:14:9a:00:9e:5f:1a:4a:a1:be:
         41:9e:f7:c2:41:9a:03:cc:39:26:ae:86:15:93:4e:81:dc:e9:
         16:49:71:42:34:98:5f:b8:a7:a2:d5:49:c2:8e:d7:ad:95:65:
         e8:21:fb:4c:a0:9d:5b:93:4e:88:2e:47:6e:da:aa:e8:ae:e6:
         7a:35:72:08:de:b3:f9:7f:e7:9d:11:6d:fa:2b:67:09:7d:6f:
         ce:e8:d9:50:1f:5e:df:57:0a:49:9f:1b:04:35:de:84:9d:ae:
         b4:a3:ff:5a:1a:39:c0:4d:c2:f8:0c:c5:ae:b8:ba:c1:18:3c:
         d9:2c:34:22:1f:e7:63:dd:3c:46:9e:e5:c3:a3:f3:f7:ae:65:
         61:04:18:8c:c5:83:e0:54:96:17:7a:af:9e:f2:44:7c:bc:79:
         d8:a4:65:5f:0a:0f:e6:a1:6a:c5:78:70:d7:b6:ad:fb:25:a6:
         1d:da:9b:43:1f:fc:e5:ed:99:97:78:be:db:c8:38:e4:43:51:
         6c:c0:01:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2HdienFGin0suZONMh0GFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDEzMTUyOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmZlMjAyNTczNTViOGNiNzFiMjcxY2FjYjQ5M2M3OGQyYTMzMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHoN9Nv4GRxxIq5MFShkYP8EVgeN
JjDVzb/847ZquqcFnQqZzMFUsevZQ1dS3d38EBEw8aQ/MljEZq530rO6Iz5bm6y6
qy6p1LVMYWvliAnHFiTWxUWcEuzs+qWQasmTKpNRXjHTq6H1649NTSdtHKjwFv2T
P1PpSqE+Dqhfm4YijN5J/fiJQkLTMKCs7t5dQSDc7S17N4cYrzu8GxSkgIwg2mRR
lYyiZ+ZNtABo+pry3hCwYwtM1vp4ustXm7GfED5mhR2+xRHBkJs+oEHCV+9D8gJY
xHLTgaPFnd913wCeOfbASixgw5GvXqR3V3IbLrMQVWhP2Cq4DQIZY1g6AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFML+ICVzVbjLcbJxystJPHjSozJnMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvd3Y0Z0pYTlZ1TXR4c25IS3kwazhlTktqTW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkmMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ5dnNeb2CywNGzhGJlr8yjmKpDHxJkcNhcX1brIL5
0z0Em/4IODtlq2snzQAj8/L5F3P80FdyigywJWPIKwwUmgCeXxpKob5BnvfCQZoD
zDkmroYVk06B3OkWSXFCNJhfuKei1UnCjtetlWXoIftMoJ1bk06ILkdu2qroruZ6
NXII3rP5f+edEW36K2cJfW/O6NlQH17fVwpJnxsENd6Ena60o/9aGjnATcL4DMWu
uLrBGDzZLDQiH+dj3TxGnuXDo/P3rmVhBBiMxYPgVJYXeq+e8kR8vHnYpGVfCg/m
oWrFeHDXtq37JaYd2ptDH/zl7ZmXeL7byDjkQ1FswAGp
-----END CERTIFICATE-----