Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/sbkxRvSrfQGNdpGANqUogURHroU.roa
File:                     sbkxRvSrfQGNdpGANqUogURHroU.roa (raw, json)
Hash identifier:          GVO8i7AC/aFii+I0dhy+QGbxHH4AqRNBV/o41DJJYK4=
Subject key identifier:   B1:B9:31:46:F4:AB:7D:01:8D:76:91:80:36:A5:28:81:44:47:AE:85
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0194221F47AA8FDE5EC36AD7EDD34BB774AB
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/sbkxRvSrfQGNdpGANqUogURHroU.roa
Signing time:             Wed 01 Jan 2025 13:47:42 +0000
ROA not before:           Wed 01 Jan 2025 13:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        2a0d:d940:13::/48 maxlen: 48
                          2a0d:d940:14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:47:aa:8f:de:5e:c3:6a:d7:ed:d3:4b:b7:74:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jan  1 13:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1b93146f4ab7d018d76918036a528814447ae85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:42:00:1e:55:e5:a7:d5:26:40:90:5a:9a:c9:
                    60:90:ce:6b:8d:f0:64:49:71:c0:4d:1f:4b:0d:1f:
                    30:46:b4:fc:d0:85:33:b9:3c:dc:e5:32:c6:ff:6e:
                    94:e1:05:9b:59:1b:ab:3d:af:66:23:65:81:05:a6:
                    e4:e4:e2:2b:25:da:e7:42:65:69:25:2f:82:7a:bf:
                    ec:2d:e5:c0:bb:fc:12:dc:cf:54:6c:26:c0:64:88:
                    d3:18:16:4a:e5:bc:b0:e7:c8:17:2d:14:4b:47:e9:
                    2c:4e:26:93:36:9b:d5:5e:62:08:29:d8:b5:61:88:
                    0f:f0:bb:af:1b:09:e7:83:e1:75:b1:b7:af:10:b6:
                    6b:65:c0:76:28:a3:5c:cb:9f:5d:c5:dc:b7:d4:51:
                    b5:c2:9c:86:c7:95:77:80:c2:c7:bf:dc:f4:4b:2b:
                    e2:f4:cc:97:08:fe:1e:e7:d2:f2:fd:59:80:3e:8f:
                    30:61:b6:6f:e7:96:10:88:c2:1f:f2:9d:81:11:14:
                    b2:47:8c:a5:26:0e:ff:59:33:32:d1:e2:d2:49:ec:
                    6e:fb:ca:26:3b:3e:37:dc:cd:15:ad:90:c4:ab:c1:
                    89:32:e1:d5:67:1f:50:57:da:02:63:46:b5:d5:fa:
                    bd:01:96:a3:b2:13:6f:89:29:2b:b7:80:5f:e4:51:
                    31:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B9:31:46:F4:AB:7D:01:8D:76:91:80:36:A5:28:81:44:47:AE:85
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/sbkxRvSrfQGNdpGANqUogURHroU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:13::-2a0d:d940:14:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         28:3d:14:b9:b7:34:86:8d:3e:6d:9e:bb:66:59:7a:78:7c:a0:
         66:0b:98:6e:b4:42:39:83:68:4f:b2:cf:47:3e:92:a9:bb:5c:
         ff:d5:5a:ec:c0:d9:a9:6c:fd:5d:1b:05:98:f4:18:35:b6:7c:
         d6:db:43:e7:42:37:a9:32:52:45:ba:aa:d6:c0:31:c7:05:64:
         e3:01:61:5a:5b:61:54:d0:2a:b2:94:f1:5e:4b:70:5b:07:e2:
         b3:c2:ec:be:73:a8:30:76:01:04:2b:2e:81:d8:b1:25:c4:ec:
         07:06:ce:af:39:c8:3f:6a:c9:0d:45:95:d3:a7:00:0f:8c:e5:
         6a:68:e5:7f:3c:61:ca:f0:c1:e8:ff:91:bf:f3:97:80:99:a2:
         c2:51:e1:76:6a:37:60:f1:b2:dd:ab:13:a3:d9:4d:a2:77:31:
         56:95:15:85:59:13:dc:62:48:61:0f:9d:5a:76:15:43:e6:21:
         44:bf:c9:b2:51:12:6e:2f:77:48:89:74:d5:98:91:f4:bc:84:
         03:71:76:ad:f8:9f:be:9d:7d:52:4e:4f:49:37:36:6c:b0:2c:
         3e:1d:48:c6:9f:4e:45:19:8b:87:e1:b2:6d:ff:33:16:05:22:
         fb:69:6e:f7:c7:5b:5b:3f:95:7b:89:a3:c9:4f:19:78:4d:19:
         f4:a1:f4:f7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQiH0eqj95ew2rX7dNLt3SrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwMTAxMTM0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWI5MzE0NmY0YWI3ZDAxOGQ3NjkxODAzNmE1Mjg4MTQ0NDdhZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUIAHlXlp9UmQJBamslgkM5rjfBk
SXHATR9LDR8wRrT80IUzuTzc5TLG/26U4QWbWRurPa9mI2WBBabk5OIrJdrnQmVp
JS+Cer/sLeXAu/wS3M9UbCbAZIjTGBZK5byw58gXLRRLR+ksTiaTNpvVXmIIKdi1
YYgP8LuvGwnng+F1sbevELZrZcB2KKNcy59dxdy31FG1wpyGx5V3gMLHv9z0Syvi
9MyXCP4e59Ly/VmAPo8wYbZv55YQiMIf8p2BERSyR4ylJg7/WTMy0eLSSexu+8om
Oz433M0VrZDEq8GJMuHVZx9QV9oCY0a11fq9AZajshNviSkrt4Bf5FEx6wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLG5MUb0q30BjXaRgDalKIFER66FMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvc2JreFJ2U3JmUUdOZHBHQU5xVW9nVVJIcm9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqDdlA
ABMDBwAqDdlAABQwDQYJKoZIhvcNAQELBQADggEBACg9FLm3NIaNPm2eu2ZZenh8
oGYLmG60QjmDaE+yz0c+kqm7XP/VWuzA2als/V0bBZj0GDW2fNbbQ+dCN6kyUkW6
qtbAMccFZOMBYVpbYVTQKrKU8V5LcFsH4rPC7L5zqDB2AQQrLoHYsSXE7AcGzq85
yD9qyQ1FldOnAA+M5Wpo5X88Ycrwwej/kb/zl4CZosJR4XZqN2Dxst2rE6PZTaJ3
MVaVFYVZE9xiSGEPnVp2FUPmIUS/ybJREm4vd0iJdNWYkfS8hANxdq34n76dfVJO
T0k3NmywLD4dSMafTkUZi4fhsm3/MxYFIvtpbvfHW1s/lXuJo8lPGXhNGfSh9Pc=
-----END CERTIFICATE-----