Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/PySi_r05c6LXRDl03Ybqx22kdU8.roa
File:                     PySi_r05c6LXRDl03Ybqx22kdU8.roa (raw, json)
Hash identifier:          1VLm01zFwPWJ5jikHjHKoIVo1U6YTTKzr44kY/GZkZM=
Subject key identifier:   3F:24:A2:FE:BD:39:73:A2:D7:44:39:74:DD:86:EA:C7:6D:A4:75:4F
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019E223803B0780A6D5BFF73E1B2CB159BA6
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/PySi_r05c6LXRDl03Ybqx22kdU8.roa
Signing time:             Wed 13 May 2026 16:42:36 +0000
ROA not before:           Wed 13 May 2026 16:42:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213791
IP address blocks:        116.204.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:22:38:03:b0:78:0a:6d:5b:ff:73:e1:b2:cb:15:9b:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: May 13 16:42:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f24a2febd3973a2d7443974dd86eac76da4754f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:52:d5:37:db:4d:b0:9f:71:6b:7a:d1:e8:37:
                    fd:f7:58:e5:52:88:68:e0:a9:be:8f:c3:a2:8b:52:
                    ec:47:47:f7:48:99:20:cb:6e:75:eb:a5:e5:53:03:
                    36:a7:d3:9d:2f:39:a9:95:48:ce:0f:38:2f:4b:74:
                    80:a9:14:58:ba:d7:ac:1b:9b:9a:43:93:33:7e:59:
                    fe:27:36:dd:cb:81:f9:30:2c:c7:7c:ec:21:fe:0e:
                    d4:9b:8a:1d:13:fe:46:d4:11:79:5a:cb:19:72:ec:
                    ee:dd:56:c8:0d:76:58:02:ad:ce:16:1d:45:34:45:
                    67:98:4a:09:c1:2d:b9:2e:4a:87:45:2c:d2:b5:ad:
                    9c:26:df:ee:90:4b:ae:cc:ed:40:39:77:31:d3:00:
                    70:0d:20:f9:e0:c4:6e:da:2a:73:5f:45:a6:17:0a:
                    37:1a:4a:9c:96:bd:74:29:64:db:ee:58:d1:83:52:
                    84:fb:19:b9:90:1e:90:d6:1d:72:b6:5b:33:cc:ee:
                    3b:82:95:84:f5:55:11:cd:d4:f7:7f:4f:d2:d2:57:
                    2f:78:89:3d:a6:bc:47:40:c5:a9:41:99:80:80:b3:
                    52:af:50:46:7e:d9:33:2c:a3:b7:c2:b9:3d:c0:29:
                    75:69:97:ef:33:10:67:3f:64:b8:69:46:87:a5:17:
                    7b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:24:A2:FE:BD:39:73:A2:D7:44:39:74:DD:86:EA:C7:6D:A4:75:4F
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/PySi_r05c6LXRDl03Ybqx22kdU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.204.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:c1:e6:cf:40:68:31:d9:bd:9f:3d:37:4b:7f:1c:a4:96:31:
         8a:bc:a8:75:42:09:73:97:30:1e:be:a2:1f:8d:9c:f8:0a:aa:
         ef:39:ff:10:88:25:1a:ec:e1:de:da:6e:7a:24:68:d9:70:43:
         62:bd:d5:f7:5e:8e:b1:f8:7a:f8:b5:c7:13:53:30:86:ce:5a:
         d2:f3:91:de:57:e5:86:52:b4:91:fd:2d:80:10:d6:25:c8:ad:
         fe:7d:4c:11:2a:59:7a:cc:e7:90:c8:07:83:3d:67:20:d2:6a:
         c3:14:d2:c9:d7:0f:7e:7f:c1:19:e3:cf:91:f7:ed:50:e8:ba:
         4d:df:5f:4b:1a:73:38:34:7c:0b:23:06:84:d3:f2:1d:46:98:
         a7:fd:5a:be:90:82:c8:0c:f6:3f:ba:fb:0c:97:74:8f:b0:28:
         b8:8e:a8:ff:84:f2:a2:e9:bf:c9:e7:e0:56:05:08:55:d6:0c:
         e7:36:39:56:e3:bb:62:fa:1a:da:84:07:d5:87:36:9a:80:6b:
         d2:2c:16:4c:be:a9:c8:27:05:05:c4:ba:4b:ec:39:ac:bf:d3:
         9f:6d:f4:f0:82:17:49:99:dc:bf:e3:fa:bb:79:57:a9:96:b1:
         ae:62:49:f4:d9:29:07:fd:c5:91:e3:36:f7:ac:a7:8c:b3:0d:
         93:83:bf:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4iOAOweAptW/9z4bLLFZumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTEzMTY0MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjI0YTJmZWJkMzk3M2EyZDc0NDM5NzRkZDg2ZWFjNzZkYTQ3NTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1LVN9tNsJ9xa3rR6Df991jlUoho
4Km+j8Oii1LsR0f3SJkgy25166XlUwM2p9OdLzmplUjODzgvS3SAqRRYutesG5ua
Q5Mzfln+Jzbdy4H5MCzHfOwh/g7Um4odE/5G1BF5WssZcuzu3VbIDXZYAq3OFh1F
NEVnmEoJwS25LkqHRSzSta2cJt/ukEuuzO1AOXcx0wBwDSD54MRu2ipzX0WmFwo3
Gkqclr10KWTb7ljRg1KE+xm5kB6Q1h1ytlszzO47gpWE9VURzdT3f0/S0lcveIk9
prxHQMWpQZmAgLNSr1BGftkzLKO3wrk9wCl1aZfvMxBnP2S4aUaHpRd7XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8kov69OXOi10Q5dN2G6sdtpHVPMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvUHlTaV9yMDVjNkxYUkRsMDNZYnF4MjJrZFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAdMymMA0G
CSqGSIb3DQEBCwUAA4IBAQBNwebPQGgx2b2fPTdLfxykljGKvKh1QglzlzAevqIf
jZz4CqrvOf8QiCUa7OHe2m56JGjZcENivdX3Xo6x+Hr4tccTUzCGzlrS85HeV+WG
UrSR/S2AENYlyK3+fUwRKll6zOeQyAeDPWcg0mrDFNLJ1w9+f8EZ48+R9+1Q6LpN
319LGnM4NHwLIwaE0/IdRpin/Vq+kILIDPY/uvsMl3SPsCi4jqj/hPKi6b/J5+BW
BQhV1gznNjlW47ti+hrahAfVhzaagGvSLBZMvqnIJwUFxLpL7Dmsv9OfbfTwghdJ
mdy/4/q7eVeplrGuYkn02SkH/cWR4zb3rKeMsw2Tg7+o
-----END CERTIFICATE-----