Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/cbSP--6B9W70R0i4fNGBrZcmE8s.roa
File:                     cbSP--6B9W70R0i4fNGBrZcmE8s.roa (raw, json)
Hash identifier:          MLvXrxaFu/39uh8vYLPHK7HowNETKzs7QZi9mXNRDy0=
Subject key identifier:   71:B4:8F:FB:EE:81:F5:6E:F4:47:48:B8:7C:D1:81:AD:97:26:13:CB
Certificate issuer:       /CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
Certificate serial:       018CC34948424C7A12301CB1DC76C82AB358
Authority key identifier: 0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/cbSP--6B9W70R0i4fNGBrZcmE8s.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52042
IP address blocks:        2a0e:48c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:48:42:4c:7a:12:30:1c:b1:dc:76:c8:2a:b3:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71b48ffbee81f56ef44748b87cd181ad972613cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:36:98:42:c4:17:13:74:ab:7f:c7:a0:8a:fc:
                    b8:52:7f:26:01:7a:d2:1e:73:86:65:29:40:45:4a:
                    ef:e0:0e:af:26:2d:24:c6:90:fc:89:c8:fc:cf:6d:
                    57:19:04:4b:a9:e9:49:45:0e:40:06:de:a3:84:2b:
                    4b:b2:fe:38:9f:e5:c8:bf:93:06:5a:92:c8:97:42:
                    9f:91:d7:8c:cb:6e:82:7a:7f:de:6a:ee:1b:97:48:
                    ee:bf:5b:a9:f9:81:18:2f:00:4a:54:5d:f8:a4:ec:
                    e4:7a:10:91:6e:ee:e0:00:08:34:ac:d8:13:f5:09:
                    16:9f:86:46:d8:b1:9d:2a:ca:11:89:91:c8:03:07:
                    6b:98:e2:7c:0c:bd:5d:82:68:4c:c5:f4:63:97:92:
                    b0:e8:fe:f7:8c:40:df:46:22:9c:70:dd:13:2e:ca:
                    b5:ed:bd:ec:0d:2e:b6:2e:05:6e:b8:c8:aa:4c:48:
                    9e:8d:cc:48:29:21:26:a1:f9:62:20:39:a0:ba:0e:
                    74:99:ba:11:83:fa:85:47:5d:47:3d:57:ec:d9:49:
                    28:38:f5:c7:0e:c6:e2:af:15:4a:35:71:b7:f1:b0:
                    78:cb:fc:72:b8:53:84:02:8f:93:56:3d:b9:7f:9f:
                    a9:0b:cb:d5:b0:ea:80:52:9d:a8:0f:4b:2e:c0:00:
                    1e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B4:8F:FB:EE:81:F5:6E:F4:47:48:B8:7C:D1:81:AD:97:26:13:CB
            X509v3 Authority Key Identifier:
                keyid:0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/cbSP--6B9W70R0i4fNGBrZcmE8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:f8:09:6e:5a:11:db:18:c9:5a:a2:97:fb:b3:bf:6a:e8:0d:
         ca:1b:5d:ed:a1:b6:51:bc:09:ac:55:8a:35:65:3b:61:b2:bb:
         5e:85:cf:06:e8:cd:a8:04:53:a9:cb:55:a7:03:75:45:b1:9b:
         bf:33:a4:aa:1c:63:33:db:bc:05:2b:07:f9:82:34:07:c1:d0:
         7d:63:44:9e:16:e3:84:f0:21:f8:5c:81:38:ed:b4:37:2a:85:
         2a:ec:a7:e7:a0:40:34:49:5a:0b:cb:2e:c9:48:d1:6d:81:75:
         6d:b0:d9:9a:72:30:8e:f1:0f:d5:49:65:1b:10:a9:f8:56:9f:
         fe:f1:e5:40:f7:c8:b2:6f:f8:0f:79:76:a0:70:d5:5a:65:74:
         91:04:15:cd:5b:02:d8:7a:08:1f:30:c4:1f:e0:7d:f6:2e:48:
         52:57:8a:8b:a6:25:26:bc:b8:ed:e5:96:db:15:66:7d:c3:71:
         55:b1:ea:0e:73:cd:8d:59:cd:8a:d6:15:53:3f:7a:1f:98:87:
         bd:d0:91:10:1b:ab:f5:6a:77:fc:36:86:08:07:18:16:95:f3:
         6a:23:18:c1:d4:8d:f5:6b:b6:d2:71:f6:11:8d:46:cd:9b:4d:
         09:14:ae:90:1a:15:85:f5:9f:69:89:43:a9:23:22:63:e3:a2:
         af:d8:b0:8f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSUhCTHoSMByx3HbIKrNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYjNlNzNhYThiN2YwYWYzYmQ4NDAwNTcyZGFlNzJiMGQ0
NmY1NWMwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI0OGZmYmVlODFmNTZlZjQ0NzQ4Yjg3Y2QxODFhZDk3MjYxM2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDaYQsQXE3Srf8egivy4Un8mAXrS
HnOGZSlARUrv4A6vJi0kxpD8icj8z21XGQRLqelJRQ5ABt6jhCtLsv44n+XIv5MG
WpLIl0KfkdeMy26Cen/eau4bl0juv1up+YEYLwBKVF34pOzkehCRbu7gAAg0rNgT
9QkWn4ZG2LGdKsoRiZHIAwdrmOJ8DL1dgmhMxfRjl5Kw6P73jEDfRiKccN0TLsq1
7b3sDS62LgVuuMiqTEiejcxIKSEmofliIDmgug50mboRg/qFR11HPVfs2UkoOPXH
DsbirxVKNXG38bB4y/xyuFOEAo+TVj25f5+pC8vVsOqAUp2oD0suwAAePwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHG0j/vugfVu9EdIuHzRga2XJhPLMB8GA1UdIwQY
MBaAFAuz5zqot/CvO9hABXLa5ysNRvVcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzIt
YWQyOGZhOTY2YjUxLzEvY2JTUC0tNkI5VzcwUjBpNGZOR0JyWmNtRThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzItYWQyOGZhOTY2YjUx
LzEvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5IwDAN
BgkqhkiG9w0BAQsFAAOCAQEArvgJbloR2xjJWqKX+7O/augNyhtd7aG2UbwJrFWK
NWU7YbK7XoXPBujNqARTqctVpwN1RbGbvzOkqhxjM9u8BSsH+YI0B8HQfWNEnhbj
hPAh+FyBOO20NyqFKuyn56BANElaC8suyUjRbYF1bbDZmnIwjvEP1UllGxCp+Faf
/vHlQPfIsm/4D3l2oHDVWmV0kQQVzVsC2HoIHzDEH+B99i5IUleKi6YlJry47eWW
2xVmfcNxVbHqDnPNjVnNitYVUz96H5iHvdCREBur9Wp3/DaGCAcYFpXzaiMYwdSN
9Wu20nH2EY1GzZtNCRSukBoVhfWfaYlDqSMiY+Oir9iwjw==
-----END CERTIFICATE-----