Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/SbG-TfF_crHX7bjktc6Jm6Mw08k.roa
File:                     SbG-TfF_crHX7bjktc6Jm6Mw08k.roa (raw, json)
Hash identifier:          cILCavbni7VMAY2NB/vg63OOb75/V8DMaIDv6gy9of0=
Subject key identifier:   49:B1:BE:4D:F1:7F:72:B1:D7:ED:B8:E4:B5:CE:89:9B:A3:30:D3:C9
Certificate issuer:       /CN=bc48260763a11e77b0b5d7dd202ba4cc300538b1
Certificate serial:       0196EDAF40FD5D2E2A164926B5B8411A5E4F
Authority key identifier: BC:48:26:07:63:A1:1E:77:B0:B5:D7:DD:20:2B:A4:CC:30:05:38:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEgmB2OhHnewtdfdICukzDAFOLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/SbG-TfF_crHX7bjktc6Jm6Mw08k.roa
Signing time:             Tue 20 May 2025 12:33:27 +0000
ROA not before:           Tue 20 May 2025 12:33:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196928
IP address blocks:        109.197.40.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vEgmB2OhHnewtdfdICukzDAFOLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vEgmB2OhHnewtdfdICukzDAFOLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEgmB2OhHnewtdfdICukzDAFOLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:af:40:fd:5d:2e:2a:16:49:26:b5:b8:41:1a:5e:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc48260763a11e77b0b5d7dd202ba4cc300538b1
        Validity
            Not Before: May 20 12:33:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49b1be4df17f72b1d7edb8e4b5ce899ba330d3c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:76:d7:c6:11:8a:1a:88:a3:3a:ee:48:73:a8:
                    ae:14:fa:e3:d0:bd:db:10:42:42:4d:46:02:9d:dc:
                    6c:5a:25:db:2e:c8:c2:e4:b9:70:db:1e:dd:50:5a:
                    e3:1b:2d:42:bb:a9:ab:6f:9c:77:e7:36:73:0f:c6:
                    7d:e2:c6:4d:34:4f:79:ad:24:46:75:e1:55:09:bc:
                    34:fd:5f:49:f2:22:43:a3:a6:cf:4b:16:d3:4e:eb:
                    08:9e:b3:1a:86:5d:fe:dc:4b:b1:54:19:c9:86:3e:
                    eb:dc:72:5f:a2:91:e4:af:26:cd:a1:85:c6:d5:26:
                    ba:c5:ea:d0:97:52:82:8f:f2:56:66:f2:1c:30:b5:
                    30:da:f6:c4:be:87:fb:b9:4c:c4:8b:f9:d9:11:65:
                    55:13:66:f9:92:8e:bd:8b:d3:d6:f6:b7:bf:a3:8f:
                    c8:89:7c:79:55:55:fb:d5:73:78:da:df:72:6f:83:
                    0c:d8:38:71:c5:91:66:b1:91:2b:55:a6:81:f0:91:
                    fe:f6:c8:af:f8:bf:48:b5:db:7b:13:d2:6b:3b:0c:
                    3e:08:a4:20:ce:22:55:ab:62:80:c5:c0:d1:9f:82:
                    a8:b6:79:88:aa:b4:2e:1f:27:16:7c:77:79:cc:04:
                    da:36:82:5a:e7:eb:eb:93:bd:77:e2:13:fd:91:e3:
                    5c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B1:BE:4D:F1:7F:72:B1:D7:ED:B8:E4:B5:CE:89:9B:A3:30:D3:C9
            X509v3 Authority Key Identifier:
                keyid:BC:48:26:07:63:A1:1E:77:B0:B5:D7:DD:20:2B:A4:CC:30:05:38:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEgmB2OhHnewtdfdICukzDAFOLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/SbG-TfF_crHX7bjktc6Jm6Mw08k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vEgmB2OhHnewtdfdICukzDAFOLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.197.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         72:5b:e8:3c:de:a8:7d:35:77:06:67:52:b4:83:67:2e:b2:21:
         bd:3e:7e:51:55:d7:a8:3e:e4:e1:ef:41:e9:44:b1:19:1d:7f:
         52:46:a9:30:bb:45:49:08:e6:88:35:1f:a3:78:b6:5b:22:c7:
         cc:ca:0b:fc:d4:9e:36:80:95:15:e7:dc:e4:f6:c1:a0:d5:cf:
         0b:a4:be:c3:4a:1c:2d:76:c9:bc:ee:ac:c5:c5:c8:21:3d:b2:
         03:a5:94:90:4d:0b:75:f3:f6:3b:97:20:48:58:eb:77:00:6d:
         c3:2b:e4:00:e0:e7:dc:eb:7c:d0:15:23:56:da:54:bf:63:ad:
         fa:0c:32:24:a7:bb:73:91:53:6b:d4:1c:eb:cc:f4:af:b6:e6:
         9e:c6:a9:92:ef:a4:a8:3f:40:a5:bd:98:8a:27:14:ff:19:dd:
         ad:35:0b:e3:2c:fa:95:ca:12:5c:34:1f:2b:f4:80:7c:c5:ca:
         b2:72:76:ae:68:e0:64:c7:85:c6:f9:cb:1f:ed:7c:11:db:54:
         05:ff:ac:1f:7e:38:78:26:5c:f8:5d:be:85:0d:e4:72:ea:5e:
         c5:96:41:98:eb:ec:13:4b:8e:d4:67:2e:0c:d3:5a:6e:3f:81:
         24:44:23:d1:ce:2a:0b:c4:b2:5c:74:2e:94:7e:67:91:c4:0b:
         4e:95:d8:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtr0D9XS4qFkkmtbhBGl5PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDgyNjA3NjNhMTFlNzdiMGI1ZDdkZDIwMmJhNGNjMzAw
NTM4YjEwHhcNMjUwNTIwMTIzMzI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWIxYmU0ZGYxN2Y3MmIxZDdlZGI4ZTRiNWNlODk5YmEzMzBkM2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73bXxhGKGoijOu5Ic6iuFPrj0L3b
EEJCTUYCndxsWiXbLsjC5Llw2x7dUFrjGy1Cu6mrb5x35zZzD8Z94sZNNE95rSRG
deFVCbw0/V9J8iJDo6bPSxbTTusInrMahl3+3EuxVBnJhj7r3HJfopHkrybNoYXG
1Sa6xerQl1KCj/JWZvIcMLUw2vbEvof7uUzEi/nZEWVVE2b5ko69i9PW9re/o4/I
iXx5VVX71XN42t9yb4MM2DhxxZFmsZErVaaB8JH+9siv+L9Itdt7E9JrOww+CKQg
ziJVq2KAxcDRn4KotnmIqrQuHycWfHd5zATaNoJa5+vrk7134hP9keNcwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmxvk3xf3Kx1+245LXOiZujMNPJMB8GA1UdIwQY
MBaAFLxIJgdjoR53sLXX3SArpMwwBTixMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVnbUIyT2hIbmV3dGRmZElDdWt6REFGT0xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC85M2VkYzUtY2RlYi00NjNlLTg3YjQt
OWFiNTc2NWQ1YmI2LzEvU2JHLVRmRl9jckhYN2Jqa3RjNkptNk13MDhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC85M2VkYzUtY2RlYi00NjNlLTg3YjQtOWFiNTc2NWQ1YmI2
LzEvdkVnbUIyT2hIbmV3dGRmZElDdWt6REFGT0xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbcUoMA0G
CSqGSIb3DQEBCwUAA4IBAQByW+g83qh9NXcGZ1K0g2cusiG9Pn5RVdeoPuTh70Hp
RLEZHX9SRqkwu0VJCOaINR+jeLZbIsfMygv81J42gJUV59zk9sGg1c8LpL7DShwt
dsm87qzFxcghPbIDpZSQTQt18/Y7lyBIWOt3AG3DK+QA4Ofc63zQFSNW2lS/Y636
DDIkp7tzkVNr1BzrzPSvtuaexqmS76SoP0ClvZiKJxT/Gd2tNQvjLPqVyhJcNB8r
9IB8xcqycnauaOBkx4XG+csf7XwR21QF/6wffjh4Jlz4Xb6FDeRy6l7FlkGY6+wT
S47UZy4M01puP4EkRCPRzioLxLJcdC6UfmeRxAtOldik
-----END CERTIFICATE-----