Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/a5832b-789a-40bf-a712-628d950137f2/1/sbMYQYJxwfNPp6440gILA9mzbx0.roa
File:                     sbMYQYJxwfNPp6440gILA9mzbx0.roa (raw, json)
Hash identifier:          RnVE2MTd07RWpWjHS41qs+TCVp95W8O0zBW8ou5pEzA=
Subject key identifier:   B1:B3:18:41:82:71:C1:F3:4F:A7:AE:38:D2:02:0B:03:D9:B3:6F:1D
Certificate issuer:       /CN=17d7a52ab6ec78bc4a759b7c46632aa3e260b2e8
Certificate serial:       0198BDEF4C2240C2C3F6C6932468999A9ED0
Authority key identifier: 17:D7:A5:2A:B6:EC:78:BC:4A:75:9B:7C:46:63:2A:A3:E2:60:B2:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9elKrbseLxKdZt8RmMqo-Jgsug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/a5832b-789a-40bf-a712-628d950137f2/1/sbMYQYJxwfNPp6440gILA9mzbx0.roa
Signing time:             Mon 18 Aug 2025 16:07:13 +0000
ROA not before:           Mon 18 Aug 2025 16:07:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215511
IP address blocks:        185.159.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/a5832b-789a-40bf-a712-628d950137f2/1/F9elKrbseLxKdZt8RmMqo-Jgsug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/a5832b-789a-40bf-a712-628d950137f2/1/F9elKrbseLxKdZt8RmMqo-Jgsug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9elKrbseLxKdZt8RmMqo-Jgsug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bd:ef:4c:22:40:c2:c3:f6:c6:93:24:68:99:9a:9e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d7a52ab6ec78bc4a759b7c46632aa3e260b2e8
        Validity
            Not Before: Aug 18 16:07:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1b318418271c1f34fa7ae38d2020b03d9b36f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d3:64:59:60:de:d2:00:48:2c:47:d2:a0:dc:
                    e4:d7:ef:02:60:8f:f1:05:93:58:bb:d5:45:cb:82:
                    81:a0:c1:4d:44:39:e3:a6:c5:73:01:76:02:22:d8:
                    ab:96:02:8e:bf:07:77:39:3b:07:0b:8a:38:4c:dc:
                    4f:e0:16:e0:cc:82:b6:0e:c6:2b:a7:5c:11:7b:e0:
                    77:62:62:aa:21:ad:a3:07:0a:dc:39:60:24:cc:2d:
                    6e:4c:e6:de:b1:79:b3:d2:db:31:19:e2:c1:58:45:
                    d0:36:55:91:a2:11:8e:ec:f7:2c:30:da:18:40:74:
                    d8:36:e0:7a:71:9b:5f:22:65:d7:39:d4:57:56:08:
                    80:72:84:91:01:80:f0:8a:1b:73:7f:31:ad:92:7b:
                    ed:b4:25:ef:f0:2d:a1:9b:c2:cd:78:df:bc:96:0c:
                    b5:36:a1:84:ca:b0:08:af:69:8b:49:cd:84:b4:df:
                    16:1a:b5:33:16:c4:ef:2d:2f:d1:e2:27:f4:5a:82:
                    d3:58:15:23:fa:24:c2:bd:c3:f1:84:02:1d:0b:ab:
                    a1:be:5d:66:75:fe:14:cf:4d:92:49:ad:f0:ce:53:
                    51:16:41:81:bd:4f:20:74:8e:75:6b:f7:08:91:a0:
                    b8:7f:f4:13:41:4f:38:d5:59:a5:b8:bc:5a:0c:6d:
                    2d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B3:18:41:82:71:C1:F3:4F:A7:AE:38:D2:02:0B:03:D9:B3:6F:1D
            X509v3 Authority Key Identifier:
                keyid:17:D7:A5:2A:B6:EC:78:BC:4A:75:9B:7C:46:63:2A:A3:E2:60:B2:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9elKrbseLxKdZt8RmMqo-Jgsug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/a5832b-789a-40bf-a712-628d950137f2/1/sbMYQYJxwfNPp6440gILA9mzbx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/a5832b-789a-40bf-a712-628d950137f2/1/F9elKrbseLxKdZt8RmMqo-Jgsug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:06:ab:53:58:be:c5:80:1b:30:db:76:de:34:4b:84:83:f8:
         38:02:34:14:65:6a:5c:96:e1:bd:4b:bd:9d:19:54:db:8f:a9:
         e2:59:85:10:66:82:de:ef:02:69:dd:c5:bb:9b:ae:d4:a6:74:
         5b:df:38:0a:a5:38:0c:b0:e6:b9:d7:24:00:f3:36:1f:d6:4b:
         41:13:c3:ca:36:57:7d:8d:b5:f5:51:c1:c0:21:eb:1a:02:67:
         df:1e:32:7c:7b:31:3b:b8:6e:ce:4c:65:7d:5f:87:ad:a8:50:
         29:99:4c:5e:a7:01:23:3d:1a:ff:fd:1a:56:1d:e4:44:bb:98:
         d5:8f:d5:4b:7c:04:42:a1:4b:26:d4:5b:63:f5:3e:ab:00:d1:
         86:fb:d4:88:bb:fa:b3:42:8a:03:5e:bb:94:7e:e4:2c:ba:70:
         0a:a6:9f:a2:22:2b:bd:7f:53:fd:4f:b1:44:f2:68:d2:18:7f:
         8f:e9:bc:06:db:46:e2:bf:9b:e4:f6:50:ce:da:3d:38:d0:9a:
         d3:55:f1:e6:27:85:b3:d3:5e:da:db:20:43:cf:ed:c4:be:40:
         f4:1b:4a:13:e0:50:cc:28:fc:73:ef:a9:de:2f:f7:bd:9e:8c:
         7a:ae:ac:c6:a9:1f:c8:54:f6:b1:e8:13:b0:d2:89:f6:54:a1:
         bc:ef:cb:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi970wiQMLD9saTJGiZmp7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDdhNTJhYjZlYzc4YmM0YTc1OWI3YzQ2NjMyYWEzZTI2
MGIyZTgwHhcNMjUwODE4MTYwNzEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWIzMTg0MTgyNzFjMWYzNGZhN2FlMzhkMjAyMGIwM2Q5YjM2ZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytNkWWDe0gBILEfSoNzk1+8CYI/x
BZNYu9VFy4KBoMFNRDnjpsVzAXYCItirlgKOvwd3OTsHC4o4TNxP4BbgzIK2DsYr
p1wRe+B3YmKqIa2jBwrcOWAkzC1uTObesXmz0tsxGeLBWEXQNlWRohGO7PcsMNoY
QHTYNuB6cZtfImXXOdRXVgiAcoSRAYDwihtzfzGtknvttCXv8C2hm8LNeN+8lgy1
NqGEyrAIr2mLSc2EtN8WGrUzFsTvLS/R4if0WoLTWBUj+iTCvcPxhAIdC6uhvl1m
df4Uz02SSa3wzlNRFkGBvU8gdI51a/cIkaC4f/QTQU841VmluLxaDG0tBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGzGEGCccHzT6euONICCwPZs28dMB8GA1UdIwQY
MBaAFBfXpSq27Hi8SnWbfEZjKqPiYLLoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjllbEtyYnNlTHhLZFp0OFJtTXFvLUpnc3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9hNTgzMmItNzg5YS00MGJmLWE3MTIt
NjI4ZDk1MDEzN2YyLzEvc2JNWVFZSnh3Zk5QcDY0NDBnSUxBOW16YngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9hNTgzMmItNzg5YS00MGJmLWE3MTItNjI4ZDk1MDEzN2Yy
LzEvRjllbEtyYnNlTHhLZFp0OFJtTXFvLUpnc3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ9aMA0G
CSqGSIb3DQEBCwUAA4IBAQBeBqtTWL7FgBsw23beNEuEg/g4AjQUZWpcluG9S72d
GVTbj6niWYUQZoLe7wJp3cW7m67UpnRb3zgKpTgMsOa51yQA8zYf1ktBE8PKNld9
jbX1UcHAIesaAmffHjJ8ezE7uG7OTGV9X4etqFApmUxepwEjPRr//RpWHeREu5jV
j9VLfARCoUsm1Ftj9T6rANGG+9SIu/qzQooDXruUfuQsunAKpp+iIiu9f1P9T7FE
8mjSGH+P6bwG20biv5vk9lDO2j040JrTVfHmJ4Wz017a2yBDz+3EvkD0G0oT4FDM
KPxz76neL/e9nox6rqzGqR/IVPax6BOw0on2VKG878s9
-----END CERTIFICATE-----