Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bBSkhbrNuYPm17AnlbeJnuS6Psc.roa
File:                     bBSkhbrNuYPm17AnlbeJnuS6Psc.roa (raw, json)
Hash identifier:          7vKsMtXoP2EFxQiN+h9bgW+suOLSGBM5SC3Yq06H6Qs=
Subject key identifier:   6C:14:A4:85:BA:CD:B9:83:E6:D7:B0:27:95:B7:89:9E:E4:BA:3E:C7
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42573774ACD1617334DFF8DD3947C54
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bBSkhbrNuYPm17AnlbeJnuS6Psc.roa
Signing time:             Mon 01 Jan 2024 08:30:37 +0000
ROA not before:           Mon 01 Jan 2024 08:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        2a0b:7080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:73:77:4a:cd:16:17:33:4d:ff:8d:d3:94:7c:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c14a485bacdb983e6d7b02795b7899ee4ba3ec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:38:be:16:0b:96:78:32:c4:ec:a6:8e:d1:ca:
                    7b:f7:47:cc:86:8a:ea:c3:6f:4c:23:6c:90:18:a4:
                    b8:e5:8f:68:f2:f8:73:4a:68:25:ee:3c:20:38:bb:
                    29:98:6a:9c:36:60:0d:2a:19:63:c8:00:d1:58:0a:
                    b4:f0:0e:ef:6e:ec:42:0c:cd:81:56:6e:f8:bf:14:
                    5c:c6:40:31:e6:de:fd:a6:01:27:5a:64:c1:40:65:
                    eb:6a:e3:de:3c:8e:9a:53:c2:9f:8e:b0:19:61:7e:
                    ff:d8:b7:92:1d:a4:fb:b6:e5:93:c7:d2:b8:6a:ea:
                    0f:74:fb:5c:14:7f:7b:65:5b:ed:51:2f:1e:85:a8:
                    2c:99:6c:a8:8e:7b:7b:31:cb:f4:f3:6b:f3:f5:12:
                    b5:c5:bd:97:18:f0:01:ba:9b:8d:ef:58:e9:b1:da:
                    59:35:ee:b0:6b:8c:66:5d:5d:0f:75:68:74:ed:5a:
                    dc:e8:5e:e8:7d:65:7a:8e:c3:bf:87:2d:7d:47:f3:
                    30:00:a5:7e:6a:d9:28:84:d4:58:60:15:ba:fe:21:
                    07:02:13:a2:fe:86:65:8d:0c:b9:c2:e0:2a:ab:39:
                    46:5e:47:6d:c0:63:93:b8:86:40:08:dc:4f:4a:e9:
                    d4:05:59:e7:8b:81:d3:e6:c0:8f:c7:f2:93:cc:62:
                    df:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:14:A4:85:BA:CD:B9:83:E6:D7:B0:27:95:B7:89:9E:E4:BA:3E:C7
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bBSkhbrNuYPm17AnlbeJnuS6Psc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         bf:91:1b:42:c9:62:df:4e:34:4e:f3:c5:f1:94:f0:68:72:4e:
         f9:5c:ef:55:d1:b7:38:ec:dd:33:8e:40:84:29:f3:a5:ac:df:
         16:ac:a7:2d:c6:0c:09:17:81:fe:ee:8f:fd:e2:00:22:4b:c3:
         0f:23:cf:a4:b5:29:e4:a1:be:47:7c:8e:0c:51:e9:80:da:c6:
         47:b0:b0:31:e3:2a:8d:24:92:c1:12:45:68:2b:6d:f4:7b:08:
         11:da:1f:e9:5d:15:f1:b4:2b:eb:17:60:70:f0:d4:0e:9d:b5:
         24:16:ec:ed:fd:80:6c:c5:1a:e5:96:da:74:e0:4c:1c:a8:a1:
         54:77:d6:1b:13:23:7c:b6:4b:83:eb:b5:4f:c5:7f:3f:94:eb:
         48:40:07:f2:db:2b:0d:2f:66:5c:ad:e6:61:46:5d:c3:6f:9c:
         44:d2:2f:e6:c7:22:4b:79:10:02:c7:c6:92:d5:97:28:63:2c:
         c1:c1:94:3a:f9:68:8e:dd:cb:27:24:0d:52:2b:21:d6:75:e5:
         c8:da:df:64:71:54:6a:9a:6c:ac:e6:9b:07:97:72:4a:41:95:
         ad:f5:cb:1d:72:b5:d5:dd:0a:ac:a9:05:08:c3:ec:06:c1:a9:
         42:15:b2:cc:bb:95:69:12:6a:92:46:d6:51:d2:d0:6f:59:a8:
         23:51:86:d5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJXN3Ss0WFzNN/43TlHxUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzE0YTQ4NWJhY2RiOTgzZTZkN2IwMjc5NWI3ODk5ZWU0YmEzZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiji+FguWeDLE7KaO0cp790fMhorq
w29MI2yQGKS45Y9o8vhzSmgl7jwgOLspmGqcNmANKhljyADRWAq08A7vbuxCDM2B
Vm74vxRcxkAx5t79pgEnWmTBQGXrauPePI6aU8KfjrAZYX7/2LeSHaT7tuWTx9K4
auoPdPtcFH97ZVvtUS8ehagsmWyojnt7Mcv082vz9RK1xb2XGPABupuN71jpsdpZ
Ne6wa4xmXV0PdWh07Vrc6F7ofWV6jsO/hy19R/MwAKV+atkohNRYYBW6/iEHAhOi
/oZljQy5wuAqqzlGXkdtwGOTuIZACNxPSunUBVnni4HT5sCPx/KTzGLfzwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGwUpIW6zbmD5tewJ5W3iZ7kuj7HMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvYkJTa2hick51WVBtMTdBbmxiZUpudVM2UHNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgtwgDAN
BgkqhkiG9w0BAQsFAAOCAQEAv5EbQsli3040TvPF8ZTwaHJO+VzvVdG3OOzdM45A
hCnzpazfFqynLcYMCReB/u6P/eIAIkvDDyPPpLUp5KG+R3yODFHpgNrGR7CwMeMq
jSSSwRJFaCtt9HsIEdof6V0V8bQr6xdgcPDUDp21JBbs7f2AbMUa5ZbadOBMHKih
VHfWGxMjfLZLg+u1T8V/P5TrSEAH8tsrDS9mXK3mYUZdw2+cRNIv5sciS3kQAsfG
ktWXKGMswcGUOvlojt3LJyQNUish1nXlyNrfZHFUappsrOabB5dySkGVrfXLHXK1
1d0KrKkFCMPsBsGpQhWyzLuVaRJqkkbWUdLQb1moI1GG1Q==
-----END CERTIFICATE-----