Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/S0Z-QG3S6OWhct2R_ZOJmi2BN2s.roa
File:                     S0Z-QG3S6OWhct2R_ZOJmi2BN2s.roa (raw, json)
Hash identifier:          DcFFFIgBF5pA0VbXRYkO/MxP7tMxGBn3QzgWRQGPawY=
Subject key identifier:   4B:46:7E:40:6D:D2:E8:E5:A1:72:DD:91:FD:93:89:9A:2D:81:37:6B
Certificate issuer:       /CN=c3181a923e9ac3c005eb4c73edc7a1e8325a5b1e
Certificate serial:       019E5E1B6FF655D67AC15AF459DD5D838B5B
Authority key identifier: C3:18:1A:92:3E:9A:C3:C0:05:EB:4C:73:ED:C7:A1:E8:32:5A:5B:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/S0Z-QG3S6OWhct2R_ZOJmi2BN2s.roa
Signing time:             Mon 25 May 2026 07:48:36 +0000
ROA not before:           Mon 25 May 2026 07:48:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12946
IP address blocks:        94.101.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:1b:6f:f6:55:d6:7a:c1:5a:f4:59:dd:5d:83:8b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3181a923e9ac3c005eb4c73edc7a1e8325a5b1e
        Validity
            Not Before: May 25 07:48:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b467e406dd2e8e5a172dd91fd93899a2d81376b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b5:07:c9:3d:69:ba:45:00:8a:bf:ba:4c:ee:
                    a8:a7:a3:42:cd:30:89:59:cc:b4:f9:b4:0d:4d:de:
                    45:74:2a:9f:09:fa:47:ee:88:82:1c:f8:3d:6f:97:
                    c6:03:6c:5d:e3:f9:94:e6:2a:c8:54:a2:b9:35:fc:
                    bc:8c:02:de:2c:fd:ad:12:23:17:50:a8:f4:c0:b0:
                    89:d0:a2:a8:e6:e8:5f:5b:89:7c:1a:a9:20:fc:b6:
                    37:c5:56:28:ca:3b:30:28:7d:e6:98:7c:ca:b9:c6:
                    ee:5e:4c:93:ce:6a:cc:33:9e:13:4e:c2:f9:af:4d:
                    04:29:28:c7:0e:7a:fe:4e:e9:43:52:03:34:d1:31:
                    fe:43:67:21:5a:0b:3f:25:89:90:b7:9a:45:be:12:
                    8b:68:c3:bb:22:cf:23:ca:cb:e4:30:58:a7:dc:a3:
                    c9:1d:c0:93:2d:4c:25:46:ea:2f:d8:24:b2:77:c3:
                    bd:a5:85:5b:fe:b9:27:10:c4:8b:cb:f1:27:d8:65:
                    f0:4d:5f:ba:7b:90:bf:d9:3b:de:2d:19:d2:d4:6e:
                    6a:62:52:46:9a:a2:57:87:ec:f4:2d:33:cd:04:d0:
                    a3:ce:f9:ea:e5:38:ad:ab:1f:23:05:4a:42:f3:71:
                    ac:6f:20:14:64:80:8f:04:bc:b1:2e:ac:22:d3:0f:
                    aa:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:46:7E:40:6D:D2:E8:E5:A1:72:DD:91:FD:93:89:9A:2D:81:37:6B
            X509v3 Authority Key Identifier:
                keyid:C3:18:1A:92:3E:9A:C3:C0:05:EB:4C:73:ED:C7:A1:E8:32:5A:5B:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/S0Z-QG3S6OWhct2R_ZOJmi2BN2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:e0:13:7d:6d:8f:ac:3d:43:b6:19:da:f1:3a:d5:89:23:98:
         2e:28:77:e6:3c:b7:b9:bc:37:9b:e8:fd:f5:31:7c:8c:45:ff:
         00:ed:03:c5:23:f8:7a:90:ae:59:09:48:7f:21:26:23:2d:05:
         1d:3a:46:20:77:8b:84:d1:12:1c:4e:c6:9b:bf:ec:b2:58:45:
         cc:8c:7f:de:2a:4f:ee:88:28:5b:8a:72:65:81:37:f6:97:ca:
         84:b0:30:66:0c:40:a5:e2:a4:36:58:42:cc:71:64:1c:e0:76:
         58:b4:6f:49:22:06:a2:f7:14:41:00:4e:11:46:27:24:d8:70:
         0c:91:af:9e:5d:da:0e:b8:32:24:ef:b6:57:d6:e7:74:b5:2a:
         d8:a3:c0:f3:fd:9a:85:e4:38:79:0d:02:85:22:a0:00:ec:11:
         66:e8:a2:fb:1d:8a:64:13:d4:c3:f3:40:7a:91:00:c8:6d:c1:
         f2:db:a1:a3:2b:34:cb:73:4e:cf:e6:77:5c:01:a0:1d:a0:e5:
         b1:6f:ce:25:de:be:c4:f1:a3:88:51:00:b7:31:68:d6:c1:86:
         19:26:ae:4b:07:7c:76:4b:13:a5:74:de:ee:1a:b0:29:f2:cf:
         35:b1:95:0e:d7:fd:18:c7:31:05:81:ee:01:35:c2:b9:7d:d4:
         14:65:d9:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5eG2/2VdZ6wVr0Wd1dg4tbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMTgxYTkyM2U5YWMzYzAwNWViNGM3M2VkYzdhMWU4MzI1
YTViMWUwHhcNMjYwNTI1MDc0ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQ2N2U0MDZkZDJlOGU1YTE3MmRkOTFmZDkzODk5YTJkODEzNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrUHyT1pukUAir+6TO6op6NCzTCJ
Wcy0+bQNTd5FdCqfCfpH7oiCHPg9b5fGA2xd4/mU5irIVKK5Nfy8jALeLP2tEiMX
UKj0wLCJ0KKo5uhfW4l8Gqkg/LY3xVYoyjswKH3mmHzKucbuXkyTzmrMM54TTsL5
r00EKSjHDnr+TulDUgM00TH+Q2chWgs/JYmQt5pFvhKLaMO7Is8jysvkMFin3KPJ
HcCTLUwlRuov2CSyd8O9pYVb/rknEMSLy/En2GXwTV+6e5C/2TveLRnS1G5qYlJG
mqJXh+z0LTPNBNCjzvnq5Titqx8jBUpC83GsbyAUZICPBLyxLqwi0w+qhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtGfkBt0ujloXLdkf2TiZotgTdrMB8GA1UdIwQY
MBaAFMMYGpI+msPABetMc+3HoegyWlseMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3hnYWtqNmF3OEFGNjB4ejdjZWg2REphV3g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS85YmNhZGEtZDk1NS00ZjJhLTkyNTQt
ZjllYzU2NjY4NmI5LzEvUzBaLVFHM1M2T1doY3QyUl9aT0ptaTJCTjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS85YmNhZGEtZDk1NS00ZjJhLTkyNTQtZjllYzU2NjY4NmI5
LzEvd3hnYWtqNmF3OEFGNjB4ejdjZWg2REphV3g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmVqMA0G
CSqGSIb3DQEBCwUAA4IBAQAu4BN9bY+sPUO2GdrxOtWJI5guKHfmPLe5vDeb6P31
MXyMRf8A7QPFI/h6kK5ZCUh/ISYjLQUdOkYgd4uE0RIcTsabv+yyWEXMjH/eKk/u
iChbinJlgTf2l8qEsDBmDECl4qQ2WELMcWQc4HZYtG9JIgai9xRBAE4RRick2HAM
ka+eXdoOuDIk77ZX1ud0tSrYo8Dz/ZqF5Dh5DQKFIqAA7BFm6KL7HYpkE9TD80B6
kQDIbcHy26GjKzTLc07P5ndcAaAdoOWxb84l3r7E8aOIUQC3MWjWwYYZJq5LB3x2
SxOldN7uGrAp8s81sZUO1/0YxzEFge4BNcK5fdQUZdnQ
-----END CERTIFICATE-----