Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/sbfAkA7H-Szs8U4pMGUpwhJuU48.roa
File:                     sbfAkA7H-Szs8U4pMGUpwhJuU48.roa (raw, json)
Hash identifier:          dZ9aXjp2r1NAiCJ79h91KYouoMe/pfGvhZ6kp2jSGYA=
Subject key identifier:   B1:B7:C0:90:0E:C7:F9:2C:EC:F1:4E:29:30:65:29:C2:12:6E:53:8F
Certificate issuer:       /CN=fbcd0233808570e31ffb2fcde1b877071cbc6603
Certificate serial:       019D1AACDDD6E18A3CA1DC6642A05F3B34EE
Authority key identifier: FB:CD:02:33:80:85:70:E3:1F:FB:2F:CD:E1:B8:77:07:1C:BC:66:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/sbfAkA7H-Szs8U4pMGUpwhJuU48.roa
Signing time:             Mon 23 Mar 2026 12:30:29 +0000
ROA not before:           Mon 23 Mar 2026 12:30:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200255
IP address blocks:        109.104.108.0/24 maxlen: 24
                          109.104.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:ac:dd:d6:e1:8a:3c:a1:dc:66:42:a0:5f:3b:34:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbcd0233808570e31ffb2fcde1b877071cbc6603
        Validity
            Not Before: Mar 23 12:30:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1b7c0900ec7f92cecf14e29306529c2126e538f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a0:0a:b5:ba:1b:53:5c:46:82:f4:be:0e:e5:
                    37:7f:6c:db:60:8b:eb:9c:88:c7:e5:dc:6e:01:8a:
                    15:60:fb:c6:0e:29:51:a2:be:a2:c9:1e:21:be:b9:
                    89:a7:90:9a:e3:62:df:1a:cd:02:b5:fb:f2:1d:ab:
                    07:62:9f:48:b8:58:f6:7c:e8:d5:1b:28:8a:c0:44:
                    b6:4c:67:c1:63:8a:23:90:da:83:69:76:6b:38:6f:
                    90:59:a2:f4:53:16:fe:a6:73:13:6a:b5:92:41:2f:
                    8b:0a:17:d4:f0:c4:ec:54:fb:98:53:45:db:98:04:
                    53:20:84:64:a0:2b:e9:b2:01:c1:21:0b:35:88:17:
                    d5:e1:af:26:0d:9e:6a:35:ce:e3:d6:8c:48:ef:26:
                    06:ba:55:49:59:f4:c0:73:99:11:e2:6f:4a:8a:fb:
                    00:9b:bf:95:e8:c2:bb:fd:99:4d:ca:b8:85:e2:50:
                    4c:ea:b3:80:82:73:8f:bf:a6:0f:a6:f8:05:81:c5:
                    ac:2a:91:c6:b6:37:51:28:61:af:b1:7c:ad:62:7b:
                    3c:d7:b8:ea:59:12:fa:42:a6:0b:cd:39:fe:84:4f:
                    5b:6b:e6:13:8d:df:ce:4c:01:70:8a:20:e7:71:cc:
                    97:98:84:30:6d:6b:ef:6a:ec:9b:08:e0:5f:1a:e6:
                    b2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B7:C0:90:0E:C7:F9:2C:EC:F1:4E:29:30:65:29:C2:12:6E:53:8F
            X509v3 Authority Key Identifier:
                keyid:FB:CD:02:33:80:85:70:E3:1F:FB:2F:CD:E1:B8:77:07:1C:BC:66:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/sbfAkA7H-Szs8U4pMGUpwhJuU48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:b7:1a:75:b4:5d:0c:be:8b:1f:25:40:19:32:de:a6:f9:c4:
         d0:d3:94:12:31:0d:de:8b:b1:d8:cb:6a:ca:b2:e8:4c:74:2d:
         e8:f2:2d:7b:65:41:b6:6a:86:42:01:66:0f:69:fd:59:77:dd:
         0a:a1:88:67:4e:4a:52:de:a5:3e:b6:cd:78:60:8e:df:fb:3c:
         ab:06:da:58:2c:cf:05:8d:db:39:6a:4c:24:5c:1c:0d:cc:d8:
         b9:5b:63:b5:49:23:20:ac:f6:16:9a:34:a1:27:64:91:d7:03:
         a3:c3:f5:1e:08:0b:53:26:6d:21:29:f5:74:10:7f:bc:91:f8:
         42:33:72:bf:78:37:2f:b8:48:b9:6d:b8:ae:c8:0b:d2:29:15:
         97:7b:a6:4f:73:77:6c:81:44:64:56:f1:f5:a3:9a:ea:9a:0a:
         49:7d:c6:a8:f4:44:f5:79:7c:af:2c:eb:bd:9c:b4:3b:9c:82:
         be:bd:84:78:3b:c7:13:2c:2f:a2:b7:8f:78:23:56:7a:fe:c3:
         f3:3d:94:cd:cb:b0:c1:77:58:eb:64:2d:ee:ef:31:0a:6d:42:
         e8:dc:aa:d5:b6:6a:c4:20:f5:18:fe:92:76:77:bc:25:73:09:
         f2:51:cf:16:d7:bb:bb:ae:3e:02:39:0b:29:af:a0:23:86:4d:
         7c:8d:0a:aa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ0arN3W4Yo8odxmQqBfOzTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiY2QwMjMzODA4NTcwZTMxZmZiMmZjZGUxYjg3NzA3MWNi
YzY2MDMwHhcNMjYwMzIzMTIzMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWI3YzA5MDBlYzdmOTJjZWNmMTRlMjkzMDY1MjljMjEyNmU1MzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKAKtbobU1xGgvS+DuU3f2zbYIvr
nIjH5dxuAYoVYPvGDilRor6iyR4hvrmJp5Ca42LfGs0CtfvyHasHYp9IuFj2fOjV
GyiKwES2TGfBY4ojkNqDaXZrOG+QWaL0Uxb+pnMTarWSQS+LChfU8MTsVPuYU0Xb
mARTIIRkoCvpsgHBIQs1iBfV4a8mDZ5qNc7j1oxI7yYGulVJWfTAc5kR4m9KivsA
m7+V6MK7/ZlNyriF4lBM6rOAgnOPv6YPpvgFgcWsKpHGtjdRKGGvsXytYns817jq
WRL6QqYLzTn+hE9ba+YTjd/OTAFwiiDnccyXmIQwbWvvauybCOBfGuayOwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLG3wJAOx/ks7PFOKTBlKcISblOPMB8GA1UdIwQY
MBaAFPvNAjOAhXDjH/svzeG4dwccvGYDMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS04MENNNENGY09NZi15X040YmgzQnh5OFpnTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvM2I1MTEwLTUxNjctNDhlMC04NTk3
LTYxZDczMzNmODU3MC8xL3NiZkFrQTdILVN6czhVNHBNR1Vwd2hKdVU0OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmQvM2I1MTEwLTUxNjctNDhlMC04NTk3LTYxZDczMzNmODU3
MC8xLzEtODBDTTRDRmNPTWYteV9ONGJoM0J4eThaZ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFtaGww
DQYJKoZIhvcNAQELBQADggEBAAW3GnW0XQy+ix8lQBky3qb5xNDTlBIxDd6LsdjL
asqy6Ex0LejyLXtlQbZqhkIBZg9p/Vl33QqhiGdOSlLepT62zXhgjt/7PKsG2lgs
zwWN2zlqTCRcHA3M2LlbY7VJIyCs9haaNKEnZJHXA6PD9R4IC1MmbSEp9XQQf7yR
+EIzcr94Ny+4SLltuK7IC9IpFZd7pk9zd2yBRGRW8fWjmuqaCkl9xqj0RPV5fK8s
672ctDucgr69hHg7xxMsL6K3j3gjVnr+w/M9lM3LsMF3WOtkLe7vMQptQujcqtW2
asQg9Rj+knZ3vCVzCfJRzxbXu7uuPgI5CymvoCOGTXyNCqo=
-----END CERTIFICATE-----