Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/SBXXsuQ2RCCtkfka4gDFjpiCz2E.roa
File:                     SBXXsuQ2RCCtkfka4gDFjpiCz2E.roa (raw, json)
Hash identifier:          mV/+p/4ajgUkF2cImFAUrHKdi3q+SL4hKUtvs6QGwDw=
Subject key identifier:   48:15:D7:B2:E4:36:44:20:AD:91:F9:1A:E2:00:C5:8E:98:82:CF:61
Certificate issuer:       /CN=c76c3644741336b01b638563314f40d10c69d30d
Certificate serial:       019B7E385DAD4AFE223E8DB99BBD7F35E75B
Authority key identifier: C7:6C:36:44:74:13:36:B0:1B:63:85:63:31:4F:40:D1:0C:69:D3:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/SBXXsuQ2RCCtkfka4gDFjpiCz2E.roa
Signing time:             Fri 02 Jan 2026 10:19:41 +0000
ROA not before:           Fri 02 Jan 2026 10:19:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31428
IP address blocks:        193.16.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:5d:ad:4a:fe:22:3e:8d:b9:9b:bd:7f:35:e7:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76c3644741336b01b638563314f40d10c69d30d
        Validity
            Not Before: Jan  2 10:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4815d7b2e4364420ad91f91ae200c58e9882cf61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:06:49:1b:d1:e2:6b:ec:7b:4e:26:7a:78:b4:
                    a1:b9:f4:69:62:28:cb:13:b2:59:cd:19:4d:76:9d:
                    30:ac:a3:a8:af:4f:bb:91:8b:55:7c:f1:6a:d2:af:
                    37:d2:2f:eb:cd:40:d6:7c:df:31:42:82:ca:6e:aa:
                    8e:6b:58:8b:dd:ea:51:e2:0c:82:81:1f:18:4e:51:
                    3a:cc:5f:bb:2d:15:da:8d:5e:88:6c:f2:26:a2:93:
                    dc:e9:82:52:62:24:3c:f9:8a:46:3d:ec:93:50:8f:
                    06:02:45:3b:1b:b6:ef:25:67:fa:e6:7f:37:8f:a6:
                    ae:3f:9b:c0:36:13:85:0d:e4:d7:51:10:f5:17:8b:
                    8d:a9:c7:aa:47:d0:13:51:fc:46:9f:45:4a:dc:7b:
                    56:71:75:60:0d:65:22:82:b4:94:8d:2f:5b:c4:fa:
                    60:61:48:9d:aa:df:bf:57:38:c8:e4:bd:65:64:33:
                    3f:35:ca:4c:44:94:18:7e:0b:24:db:cf:c4:26:13:
                    15:1b:af:b2:39:c2:56:d0:20:27:45:67:82:0c:46:
                    4b:0f:2f:2b:f9:91:f4:ad:0a:4e:c9:11:f8:9a:0a:
                    ca:e2:a3:29:59:b1:76:a4:49:3d:cc:38:15:f9:69:
                    bf:a8:4c:de:e1:8b:e6:2b:a5:da:d3:ab:ee:f2:75:
                    55:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:15:D7:B2:E4:36:44:20:AD:91:F9:1A:E2:00:C5:8E:98:82:CF:61
            X509v3 Authority Key Identifier:
                keyid:C7:6C:36:44:74:13:36:B0:1B:63:85:63:31:4F:40:D1:0C:69:D3:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/SBXXsuQ2RCCtkfka4gDFjpiCz2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:03:e5:72:39:f3:bb:71:2e:80:80:7b:00:71:c2:c8:ab:a6:
         d5:96:1e:e4:d5:44:ed:a4:a6:8f:6a:df:83:34:5c:63:a3:e8:
         1f:7f:6e:d5:c5:4c:a1:ad:28:2f:b6:0b:61:44:0c:26:0d:20:
         3e:e7:c5:8a:52:b7:5d:93:91:71:d5:95:31:63:76:55:b2:26:
         d7:07:5b:4d:de:21:b1:3d:85:d0:50:74:1c:19:d8:85:18:27:
         83:e0:b8:be:f4:21:13:56:e6:a0:6a:33:7c:b1:bb:0d:1a:6a:
         15:02:e7:cd:e1:fd:7b:7b:61:1a:93:b9:bc:46:18:13:6a:d1:
         6b:48:e4:96:80:18:42:de:98:66:39:b4:dc:17:a3:66:e6:66:
         11:23:45:32:79:78:cf:00:dd:ce:6b:f8:1e:40:36:02:69:52:
         91:49:24:de:9a:47:c6:fc:66:77:26:c8:bb:b8:0f:ba:7d:11:
         b2:5b:e2:eb:9e:ea:9d:8a:81:22:16:06:a7:d6:f7:72:55:0e:
         ad:f2:b0:4e:f0:82:9b:57:9f:46:4c:a4:82:79:dd:ee:ce:75:
         25:c2:fa:ac:41:5b:0d:58:75:42:33:c9:3b:58:dd:b5:97:e7:
         6e:a8:8f:3f:ae:c2:26:6f:5a:5d:45:7c:fd:25:02:8f:2b:0a:
         41:88:9c:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OF2tSv4iPo25m71/NedbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmMzNjQ0NzQxMzM2YjAxYjYzODU2MzMxNGY0MGQxMGM2
OWQzMGQwHhcNMjYwMTAyMTAxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODE1ZDdiMmU0MzY0NDIwYWQ5MWY5MWFlMjAwYzU4ZTk4ODJjZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwZJG9Hia+x7TiZ6eLShufRpYijL
E7JZzRlNdp0wrKOor0+7kYtVfPFq0q830i/rzUDWfN8xQoLKbqqOa1iL3epR4gyC
gR8YTlE6zF+7LRXajV6IbPImopPc6YJSYiQ8+YpGPeyTUI8GAkU7G7bvJWf65n83
j6auP5vANhOFDeTXURD1F4uNqceqR9ATUfxGn0VK3HtWcXVgDWUigrSUjS9bxPpg
YUidqt+/VzjI5L1lZDM/NcpMRJQYfgsk28/EJhMVG6+yOcJW0CAnRWeCDEZLDy8r
+ZH0rQpOyRH4mgrK4qMpWbF2pEk9zDgV+Wm/qEze4YvmK6Xa06vu8nVVZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgV17LkNkQgrZH5GuIAxY6Ygs9hMB8GA1UdIwQY
MBaAFMdsNkR0EzawG2OFYzFPQNEMadMNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJ3MlJIUVROckFiWTRWak1VOUEwUXhwMHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ZGY3YzYtZGVjZC00YmJjLWJhYmMt
MjM2OTdmNzUyZjJlLzEvU0JYWHN1UTJSQ0N0a2ZrYTRnREZqcGlDejJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ZGY3YzYtZGVjZC00YmJjLWJhYmMtMjM2OTdmNzUyZjJl
LzEveDJ3MlJIUVROckFiWTRWak1VOUEwUXhwMHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRCZMA0G
CSqGSIb3DQEBCwUAA4IBAQAnA+VyOfO7cS6AgHsAccLIq6bVlh7k1UTtpKaPat+D
NFxjo+gff27VxUyhrSgvtgthRAwmDSA+58WKUrddk5Fx1ZUxY3ZVsibXB1tN3iGx
PYXQUHQcGdiFGCeD4Li+9CETVuagajN8sbsNGmoVAufN4f17e2Eak7m8RhgTatFr
SOSWgBhC3phmObTcF6Nm5mYRI0UyeXjPAN3Oa/geQDYCaVKRSSTemkfG/GZ3Jsi7
uA+6fRGyW+LrnuqdioEiFgan1vdyVQ6t8rBO8IKbV59GTKSCed3uznUlwvqsQVsN
WHVCM8k7WN21l+duqI8/rsImb1pdRXz9JQKPKwpBiJy3
-----END CERTIFICATE-----