Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/3dcc4b-9352-411d-925a-cc7d463c820b/1/SiTbwMGtFl7yz90TOcACIfl_jbM.roa
File:                     SiTbwMGtFl7yz90TOcACIfl_jbM.roa (raw, json)
Hash identifier:          bZN6RaXx0CwbNISBjFsu0G8tFXjESLVVXcSOexStvD8=
Subject key identifier:   4A:24:DB:C0:C1:AD:16:5E:F2:CF:DD:13:39:C0:02:21:F9:7F:8D:B3
Certificate issuer:       /CN=7728155856b8ce4d85f8da4f6d35b055b30dbd3c
Certificate serial:       019DCFBFCC9C2689014A4929941757BA5DCF
Authority key identifier: 77:28:15:58:56:B8:CE:4D:85:F8:DA:4F:6D:35:B0:55:B3:0D:BD:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dygVWFa4zk2F-NpPbTWwVbMNvTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/3dcc4b-9352-411d-925a-cc7d463c820b/1/SiTbwMGtFl7yz90TOcACIfl_jbM.roa
Signing time:             Mon 27 Apr 2026 16:22:26 +0000
ROA not before:           Mon 27 Apr 2026 16:22:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216068
IP address blocks:        94.232.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/3dcc4b-9352-411d-925a-cc7d463c820b/1/dygVWFa4zk2F-NpPbTWwVbMNvTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/3dcc4b-9352-411d-925a-cc7d463c820b/1/dygVWFa4zk2F-NpPbTWwVbMNvTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dygVWFa4zk2F-NpPbTWwVbMNvTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:bf:cc:9c:26:89:01:4a:49:29:94:17:57:ba:5d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7728155856b8ce4d85f8da4f6d35b055b30dbd3c
        Validity
            Not Before: Apr 27 16:22:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a24dbc0c1ad165ef2cfdd1339c00221f97f8db3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0d:d9:ec:1e:aa:a2:75:c0:95:64:75:86:b3:
                    47:b4:9d:1a:45:79:80:db:0e:48:42:53:4b:73:e8:
                    bf:77:e5:22:43:b7:0d:b4:58:e5:a5:34:56:2a:5a:
                    9a:a9:37:6d:78:0b:4f:e1:57:e1:3e:9b:f0:c5:d2:
                    9e:ad:26:0e:33:0b:38:bc:71:93:fa:ad:25:d8:78:
                    c7:07:e8:63:15:50:dc:06:5b:27:de:20:6c:d8:e8:
                    f2:2e:57:f0:e0:c5:a6:28:8d:6f:b7:7b:be:3a:f4:
                    60:01:4e:de:f6:dd:49:be:40:16:d6:79:0d:68:7a:
                    ca:c0:00:93:8a:c5:42:3a:9c:30:5e:70:bb:76:e1:
                    6f:5a:e2:19:e1:0b:87:f4:15:da:f5:eb:83:15:4b:
                    d0:65:a3:08:28:3a:94:80:90:b8:90:95:4d:fe:d6:
                    bc:24:84:73:db:74:45:99:2d:32:a1:70:41:16:2f:
                    9b:f1:21:bc:c6:4e:c6:f2:a8:5b:89:28:25:11:0c:
                    a1:07:cc:52:a1:5d:7c:5d:c6:74:6d:15:26:05:b7:
                    15:56:2c:10:05:83:04:52:7e:7d:51:d0:a7:37:d5:
                    ca:3c:fd:07:5f:98:bc:e5:3a:19:52:f2:93:21:a4:
                    7b:81:34:e2:04:d7:00:41:58:72:e2:ec:41:31:f3:
                    82:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:24:DB:C0:C1:AD:16:5E:F2:CF:DD:13:39:C0:02:21:F9:7F:8D:B3
            X509v3 Authority Key Identifier:
                keyid:77:28:15:58:56:B8:CE:4D:85:F8:DA:4F:6D:35:B0:55:B3:0D:BD:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dygVWFa4zk2F-NpPbTWwVbMNvTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/3dcc4b-9352-411d-925a-cc7d463c820b/1/SiTbwMGtFl7yz90TOcACIfl_jbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/3dcc4b-9352-411d-925a-cc7d463c820b/1/dygVWFa4zk2F-NpPbTWwVbMNvTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:9a:38:d1:66:c0:38:27:f1:ff:0b:19:f9:9c:b1:3d:5c:20:
         7a:bc:00:a8:86:05:ec:45:07:80:b0:59:21:4c:50:78:45:86:
         d7:25:da:52:de:b5:fa:b5:f5:b8:30:23:96:6b:f8:21:1f:73:
         0c:ba:99:0c:b0:3b:c2:4e:51:67:d2:f1:21:d2:9c:8f:02:46:
         da:47:5a:50:99:13:a5:ca:0b:ec:f0:79:9f:eb:87:87:b7:6e:
         96:9b:2b:82:e8:ab:76:23:2d:bb:6a:8f:f1:87:bf:3a:95:ca:
         f7:c7:49:29:c1:d9:f5:7d:35:bd:9e:03:66:e8:4f:67:1a:83:
         9e:12:e0:bf:7e:3a:f4:93:ff:17:e4:de:51:9b:f9:12:0e:19:
         af:b9:77:5f:02:6c:44:aa:91:e9:53:ed:e0:af:9a:2f:ea:b5:
         93:c4:f1:28:e0:e1:21:ed:fe:ba:76:50:6b:83:39:25:e8:39:
         87:42:29:88:d8:68:87:62:03:ea:4b:16:7d:1c:70:93:d1:09:
         c5:aa:f6:10:13:91:50:95:b0:9f:22:18:0d:73:36:67:9e:0d:
         78:09:21:c1:37:05:2b:6b:4f:98:cb:56:32:a5:8e:c8:e7:af:
         1f:95:27:bc:e2:ec:47:24:04:7f:37:df:90:c4:a8:40:7d:dd:
         b8:b4:5f:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Pv8ycJokBSkkplBdXul3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MjgxNTU4NTZiOGNlNGQ4NWY4ZGE0ZjZkMzViMDU1YjMw
ZGJkM2MwHhcNMjYwNDI3MTYyMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTI0ZGJjMGMxYWQxNjVlZjJjZmRkMTMzOWMwMDIyMWY5N2Y4ZGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQ3Z7B6qonXAlWR1hrNHtJ0aRXmA
2w5IQlNLc+i/d+UiQ7cNtFjlpTRWKlqaqTdteAtP4VfhPpvwxdKerSYOMws4vHGT
+q0l2HjHB+hjFVDcBlsn3iBs2OjyLlfw4MWmKI1vt3u+OvRgAU7e9t1JvkAW1nkN
aHrKwACTisVCOpwwXnC7duFvWuIZ4QuH9BXa9euDFUvQZaMIKDqUgJC4kJVN/ta8
JIRz23RFmS0yoXBBFi+b8SG8xk7G8qhbiSglEQyhB8xSoV18XcZ0bRUmBbcVViwQ
BYMEUn59UdCnN9XKPP0HX5i85ToZUvKTIaR7gTTiBNcAQVhy4uxBMfOCzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEok28DBrRZe8s/dEznAAiH5f42zMB8GA1UdIwQY
MBaAFHcoFVhWuM5NhfjaT201sFWzDb08MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHlnVldGYTR6azJGLU5wUGJUV3dWYk1OdlR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zZGNjNGItOTM1Mi00MTFkLTkyNWEt
Y2M3ZDQ2M2M4MjBiLzEvU2lUYndNR3RGbDd5ejkwVE9jQUNJZmxfamJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zZGNjNGItOTM1Mi00MTFkLTkyNWEtY2M3ZDQ2M2M4MjBi
LzEvZHlnVldGYTR6azJGLU5wUGJUV3dWYk1OdlR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXugvMA0G
CSqGSIb3DQEBCwUAA4IBAQC9mjjRZsA4J/H/Cxn5nLE9XCB6vACohgXsRQeAsFkh
TFB4RYbXJdpS3rX6tfW4MCOWa/ghH3MMupkMsDvCTlFn0vEh0pyPAkbaR1pQmROl
ygvs8Hmf64eHt26WmyuC6Kt2Iy27ao/xh786lcr3x0kpwdn1fTW9ngNm6E9nGoOe
EuC/fjr0k/8X5N5Rm/kSDhmvuXdfAmxEqpHpU+3gr5ov6rWTxPEo4OEh7f66dlBr
gzkl6DmHQimI2GiHYgPqSxZ9HHCT0QnFqvYQE5FQlbCfIhgNczZnng14CSHBNwUr
a0+Yy1YypY7I568flSe84uxHJAR/N9+QxKhAfd24tF/X
-----END CERTIFICATE-----