Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Sb7rXFnYcqS5XPgfn3MT8_Uf-5o.roa
File:                     Sb7rXFnYcqS5XPgfn3MT8_Uf-5o.roa (raw, json)
Hash identifier:          LmzCfMNSias4491B1qRwQLlKIfDpCiXc9ehlThOQdV4=
Subject key identifier:   49:BE:EB:5C:59:D8:72:A4:B9:5C:F8:1F:9F:73:13:F3:F5:1F:FB:9A
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019CF7CE9BC0D21268EC0E88EA68725FED35
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Sb7rXFnYcqS5XPgfn3MT8_Uf-5o.roa
Signing time:             Mon 16 Mar 2026 18:00:38 +0000
ROA not before:           Mon 16 Mar 2026 18:00:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204610
IP address blocks:        157.22.252.0/24 maxlen: 24
                          157.22.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:ce:9b:c0:d2:12:68:ec:0e:88:ea:68:72:5f:ed:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar 16 18:00:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=49beeb5c59d872a4b95cf81f9f7313f3f51ffb9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:93:b2:c0:51:85:48:b6:2e:fe:88:4c:84:3b:
                    24:70:77:a1:9f:4c:82:d0:e6:dd:e2:e4:bc:a1:65:
                    0f:42:31:1d:29:b3:a6:7f:fb:a3:28:93:f9:67:08:
                    b7:56:05:7d:60:bb:1d:bf:f5:7c:17:72:30:c7:c0:
                    30:6d:b7:22:6d:03:d4:cd:a0:98:c2:a3:52:a4:bb:
                    fa:4d:b0:c5:ef:8b:81:d0:d4:ad:f2:c8:3d:1d:40:
                    96:3a:f8:0d:e1:08:64:93:24:9d:6c:fd:50:22:21:
                    f4:dd:5d:9c:a9:66:b9:c3:03:c0:75:2c:31:6d:ae:
                    fd:b4:b7:77:31:8d:f9:ff:ab:10:5a:65:3e:0a:0e:
                    5d:15:d4:19:74:57:0c:96:de:b7:eb:a3:af:60:80:
                    5e:ad:74:60:22:11:aa:97:de:01:12:2a:dd:dd:eb:
                    e7:36:49:f7:c4:53:47:7e:f1:41:3b:ea:65:b4:9a:
                    d3:b9:95:a7:53:c2:3c:e2:fe:bf:f6:2b:66:49:f7:
                    05:fa:01:25:3d:92:f5:3f:80:76:20:42:be:a8:7c:
                    63:3e:67:ab:e1:d4:59:4f:eb:b6:26:d3:23:60:b5:
                    e9:f4:bd:24:e0:74:d6:eb:ee:ec:08:05:48:52:45:
                    11:82:44:67:8a:4b:86:58:c3:16:53:15:9f:43:6d:
                    f6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:BE:EB:5C:59:D8:72:A4:B9:5C:F8:1F:9F:73:13:F3:F5:1F:FB:9A
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Sb7rXFnYcqS5XPgfn3MT8_Uf-5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.22.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:5d:3b:03:96:1d:09:8a:73:e3:f8:3e:bb:55:41:15:ce:41:
         6c:db:5e:fc:12:50:fc:40:4a:cd:38:ab:4b:c8:fb:18:59:a7:
         9b:56:2d:61:d6:83:ed:5c:b0:15:92:32:24:b3:47:47:1b:ad:
         6b:4d:b4:ed:8d:ee:26:71:cc:28:49:48:e3:fb:17:dc:73:c2:
         c1:c9:61:64:d1:b2:d1:13:29:12:60:3d:ec:b1:ed:a7:bc:54:
         22:99:9b:cf:0d:d1:c7:de:70:d2:06:4b:d1:4e:8e:29:18:8e:
         7e:27:c2:6d:84:03:b2:da:d9:a5:63:e9:0a:5e:23:46:35:61:
         53:e4:6d:2b:2c:c1:30:6a:93:61:69:89:cf:f1:fe:e1:38:e1:
         1f:d7:16:cc:64:35:3d:dc:e2:52:69:b9:cd:41:b8:00:29:2d:
         46:d0:9d:27:9e:6a:a1:b1:35:3f:af:1c:97:48:98:05:60:d1:
         fc:ca:08:fb:a7:22:61:b0:5a:08:47:39:5a:92:10:9a:3c:1a:
         01:82:5c:69:a8:55:73:18:1e:3c:e7:f3:d1:2d:5b:e8:18:b7:
         f8:ac:dc:3d:ce:39:01:5d:5e:7f:47:70:2c:97:a7:b9:03:48:
         5a:93:4f:95:ce:4f:5d:92:36:7d:d7:84:9c:b7:1f:6a:03:4a:
         32:45:a5:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz3zpvA0hJo7A6I6mhyX+01MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzE2MTgwMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWJlZWI1YzU5ZDg3MmE0Yjk1Y2Y4MWY5ZjczMTNmM2Y1MWZmYjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpOywFGFSLYu/ohMhDskcHehn0yC
0Obd4uS8oWUPQjEdKbOmf/ujKJP5Zwi3VgV9YLsdv/V8F3Iwx8AwbbcibQPUzaCY
wqNSpLv6TbDF74uB0NSt8sg9HUCWOvgN4QhkkySdbP1QIiH03V2cqWa5wwPAdSwx
ba79tLd3MY35/6sQWmU+Cg5dFdQZdFcMlt6366OvYIBerXRgIhGql94BEird3evn
Nkn3xFNHfvFBO+pltJrTuZWnU8I84v6/9itmSfcF+gElPZL1P4B2IEK+qHxjPmer
4dRZT+u2JtMjYLXp9L0k4HTW6+7sCAVIUkURgkRnikuGWMMWUxWfQ232uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEm+61xZ2HKkuVz4H59zE/P1H/uaMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvU2I3clhGblljcVM1WFBnZm4zTVQ4X1VmLTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnRb8MA0G
CSqGSIb3DQEBCwUAA4IBAQB9XTsDlh0JinPj+D67VUEVzkFs2178ElD8QErNOKtL
yPsYWaebVi1h1oPtXLAVkjIks0dHG61rTbTtje4mccwoSUjj+xfcc8LByWFk0bLR
EykSYD3sse2nvFQimZvPDdHH3nDSBkvRTo4pGI5+J8JthAOy2tmlY+kKXiNGNWFT
5G0rLMEwapNhaYnP8f7hOOEf1xbMZDU93OJSabnNQbgAKS1G0J0nnmqhsTU/rxyX
SJgFYNH8ygj7pyJhsFoIRzlakhCaPBoBglxpqFVzGB485/PRLVvoGLf4rNw9zjkB
XV5/R3Asl6e5A0hak0+Vzk9dkjZ914Sctx9qA0oyRaVX
-----END CERTIFICATE-----