Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/sbcX3dD-IzvBjjiuOceGuIya184.roa
File:                     sbcX3dD-IzvBjjiuOceGuIya184.roa (raw, json)
Hash identifier:          OgKPXFMnHlbOLdXfkb/OHlLV/72L9AOodiZ4Hgh7ss4=
Subject key identifier:   B1:B7:17:DD:D0:FE:23:3B:C1:8E:38:AE:39:C7:86:B8:8C:9A:D7:CE
Certificate issuer:       /CN=5dd7336fa915721ce3bfee217f4e99164db9532b
Certificate serial:       0197CA311259D335F5A5D2CDD9F79DA88316
Authority key identifier: 5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/sbcX3dD-IzvBjjiuOceGuIya184.roa
Signing time:             Wed 02 Jul 2025 08:11:42 +0000
ROA not before:           Wed 02 Jul 2025 08:11:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133480
IP address blocks:        5.62.22.0/24 maxlen: 24
                          5.62.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:31:12:59:d3:35:f5:a5:d2:cd:d9:f7:9d:a8:83:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd7336fa915721ce3bfee217f4e99164db9532b
        Validity
            Not Before: Jul  2 08:11:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1b717ddd0fe233bc18e38ae39c786b88c9ad7ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:71:6b:eb:b1:ce:ea:98:9c:0b:82:a5:95:79:
                    b0:5e:70:ce:fc:1e:37:6f:04:6e:fa:a8:10:09:82:
                    0c:d1:bd:b9:3f:e5:d4:b4:8b:ea:32:81:eb:27:e6:
                    ef:1b:c2:82:38:d8:f0:a9:81:aa:c9:e3:8d:8e:18:
                    dc:23:03:0d:98:29:3b:b6:0c:63:01:a2:6a:a3:ca:
                    67:58:6e:dc:7c:b8:b2:39:a4:9b:c9:a6:7b:05:10:
                    59:2a:81:a5:22:ac:55:bf:92:0d:03:3a:0e:c9:84:
                    13:d0:50:80:c6:34:df:ad:ab:c8:06:84:ad:08:ff:
                    84:7f:07:1c:cc:0b:1c:8c:42:eb:0d:6c:d3:0a:ab:
                    31:4f:c9:84:24:82:b9:bc:16:d3:45:ed:c9:1e:6d:
                    1d:84:27:3f:b2:92:34:08:b6:64:b7:b3:c6:ce:20:
                    d3:d2:77:4c:35:27:28:02:6d:ef:55:3f:79:5d:2d:
                    eb:3f:2c:9f:71:81:d8:ab:76:f7:08:45:db:9e:f8:
                    a9:61:d7:52:09:81:6b:3f:66:af:19:55:b0:04:30:
                    86:36:31:fc:fa:1f:27:f6:42:ca:d4:da:4c:b4:d8:
                    fc:3e:64:4c:34:0f:e0:31:87:19:7b:26:a4:b6:9f:
                    4d:34:ef:26:10:15:07:1f:18:ae:7f:23:37:2c:6d:
                    1f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B7:17:DD:D0:FE:23:3B:C1:8E:38:AE:39:C7:86:B8:8C:9A:D7:CE
            X509v3 Authority Key Identifier:
                keyid:5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/sbcX3dD-IzvBjjiuOceGuIya184.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:16:64:58:7a:f0:3f:e1:62:48:1e:ef:f7:7c:b0:30:f7:eb:
         19:de:ce:96:a8:fe:39:59:8e:d8:92:66:0a:95:a5:c8:cf:94:
         97:8c:03:00:39:d2:90:dd:62:65:1b:cd:e5:f2:eb:59:48:e7:
         6e:33:43:e2:13:ea:cd:e0:e3:cb:46:84:47:1c:8e:d1:60:6e:
         25:f9:9c:b0:07:be:9c:e9:45:48:d3:d8:04:ba:d8:cd:01:7a:
         cc:7e:5a:a7:d8:7e:a5:76:7b:6f:07:92:d1:85:c3:35:65:ef:
         12:f7:28:3d:e4:21:4f:f2:dd:10:ed:08:c2:ae:67:78:12:b7:
         aa:26:9b:e5:99:e9:d4:ba:7b:93:7f:7a:89:1d:7c:c0:16:23:
         4a:52:7c:2c:ad:d9:de:fc:09:e7:3e:15:3d:f5:92:28:90:22:
         1a:da:37:49:3d:81:55:f0:4f:b9:bb:53:e4:70:61:e9:ba:e0:
         83:29:dc:b7:d5:ba:bd:7a:64:a6:ae:9a:86:f2:d4:64:03:f7:
         53:bb:6a:bb:cb:14:db:50:17:ad:95:92:34:19:eb:3a:d9:76:
         bc:b2:40:f0:f1:c6:bc:2f:4e:77:3d:80:f9:3e:39:b1:e9:c4:
         99:90:31:ff:67:62:19:8c:46:7e:2c:0d:e1:0f:92:ed:fa:57:
         e8:25:a9:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfKMRJZ0zX1pdLN2fedqIMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDczMzZmYTkxNTcyMWNlM2JmZWUyMTdmNGU5OTE2NGRi
OTUzMmIwHhcNMjUwNzAyMDgxMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWI3MTdkZGQwZmUyMzNiYzE4ZTM4YWUzOWM3ODZiODhjOWFkN2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3Fr67HO6picC4KllXmwXnDO/B43
bwRu+qgQCYIM0b25P+XUtIvqMoHrJ+bvG8KCONjwqYGqyeONjhjcIwMNmCk7tgxj
AaJqo8pnWG7cfLiyOaSbyaZ7BRBZKoGlIqxVv5INAzoOyYQT0FCAxjTfravIBoSt
CP+EfwcczAscjELrDWzTCqsxT8mEJIK5vBbTRe3JHm0dhCc/spI0CLZkt7PGziDT
0ndMNScoAm3vVT95XS3rPyyfcYHYq3b3CEXbnvipYddSCYFrP2avGVWwBDCGNjH8
+h8n9kLK1NpMtNj8PmRMNA/gMYcZeyaktp9NNO8mEBUHHxiufyM3LG0feQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLG3F93Q/iM7wY44rjnHhriMmtfOMB8GA1UdIwQY
MBaAFF3XM2+pFXIc47/uIX9OmRZNuVMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEt
OGM0YmM0NTkyN2EzLzEvc2JjWDNkRC1JenZCamppdU9jZUd1SXlhMTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEtOGM0YmM0NTkyN2Ez
LzEvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBT4WMA0G
CSqGSIb3DQEBCwUAA4IBAQBgFmRYevA/4WJIHu/3fLAw9+sZ3s6WqP45WY7YkmYK
laXIz5SXjAMAOdKQ3WJlG83l8utZSOduM0PiE+rN4OPLRoRHHI7RYG4l+ZywB76c
6UVI09gEutjNAXrMflqn2H6ldntvB5LRhcM1Ze8S9yg95CFP8t0Q7QjCrmd4Ereq
JpvlmenUunuTf3qJHXzAFiNKUnwsrdne/AnnPhU99ZIokCIa2jdJPYFV8E+5u1Pk
cGHpuuCDKdy31bq9emSmrpqG8tRkA/dTu2q7yxTbUBetlZI0Ges62Xa8skDw8ca8
L053PYD5Pjmx6cSZkDH/Z2IZjEZ+LA3hD5Lt+lfoJak4
-----END CERTIFICATE-----
Generated at Wed Aug 6 13:06:17 2025 by rpki-client