Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/Sbn-CbCK6X0yjIROpaIutGrItcM.roa
File:                     Sbn-CbCK6X0yjIROpaIutGrItcM.roa (raw, json)
Hash identifier:          k3CXoavAyC/GAbNNZKcxd2XJvppu+lMFLdomv12rMAc=
Subject key identifier:   49:B9:FE:09:B0:8A:E9:7D:32:8C:84:4E:A5:A2:2E:B4:6A:C8:B5:C3
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       0193634A65A92E267CCF9432761C01892998
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/Sbn-CbCK6X0yjIROpaIutGrItcM.roa
Signing time:             Mon 25 Nov 2024 12:27:20 +0000
ROA not before:           Mon 25 Nov 2024 12:27:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0f:4301::/32 maxlen: 32
                          2a0f:4304::/32 maxlen: 32
                          2a0f:4306::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:63:4a:65:a9:2e:26:7c:cf:94:32:76:1c:01:89:29:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Nov 25 12:27:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49b9fe09b08ae97d328c844ea5a22eb46ac8b5c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:01:0a:ad:7e:04:bb:0e:0a:4c:de:ac:e9:b5:
                    3f:99:f1:13:1f:21:4b:d5:58:56:f9:76:1a:66:99:
                    a4:d3:4c:23:47:fd:89:64:5d:2b:d2:e5:44:79:d7:
                    b0:29:d8:f2:23:a0:77:a8:7d:7a:ad:fb:5c:24:71:
                    44:bf:37:82:0d:2c:0c:14:12:f0:51:85:9b:fb:a5:
                    5f:94:1b:a4:21:05:ce:3d:57:e0:2d:ec:41:3a:aa:
                    f1:77:6a:03:c0:ab:58:5f:8f:3b:3b:ee:66:95:0e:
                    67:b3:00:2f:08:a1:33:f9:f7:e4:fb:fc:d0:3d:00:
                    1d:83:2b:f4:93:52:03:67:72:3c:4d:86:ae:ef:a4:
                    ae:6d:47:9d:d6:ae:97:05:a0:a1:21:b3:19:51:33:
                    d1:ba:f1:19:95:57:cc:37:30:27:03:13:a4:3a:21:
                    70:09:32:16:11:04:55:67:46:d9:41:46:eb:f7:19:
                    e5:ad:18:54:5e:a5:39:5d:39:69:57:b4:3b:67:f6:
                    c9:98:01:56:01:3b:a9:b7:e1:a3:50:b0:a3:79:ab:
                    86:b6:6f:44:93:9b:f8:5b:69:da:1c:38:97:5d:fc:
                    de:c1:07:97:29:df:a8:b5:44:2b:9c:b2:12:35:fc:
                    18:db:82:41:98:91:d8:30:a0:af:02:a5:30:ee:41:
                    9e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B9:FE:09:B0:8A:E9:7D:32:8C:84:4E:A5:A2:2E:B4:6A:C8:B5:C3
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/Sbn-CbCK6X0yjIROpaIutGrItcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4301::/32
                  2a0f:4304::/32
                  2a0f:4306::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:75:5a:0b:e4:8a:91:35:bd:4f:34:98:40:cf:56:c1:37:67:
         b6:73:5a:75:e5:9f:b3:33:c0:3c:98:e3:b8:bc:30:66:e5:7f:
         05:a7:c8:bc:04:50:12:55:99:fb:e2:bd:fa:a8:21:4b:40:60:
         54:72:48:e0:ca:8a:2f:07:04:b3:e8:0e:47:68:fb:ca:69:28:
         77:c2:86:de:4c:6b:0c:78:1f:f9:d4:79:bd:f8:98:e0:67:54:
         cd:cb:71:e8:22:6f:20:4e:01:95:a4:77:4b:87:cd:5a:0b:c1:
         04:be:c5:8e:a1:c5:ce:bd:fe:4d:e3:4b:2b:94:db:50:79:55:
         02:c5:95:e9:cd:d8:b8:00:f3:d3:48:4b:e7:4f:ce:ae:2f:7a:
         c2:72:fc:e4:ff:4d:20:55:cf:3e:53:8b:f2:8b:12:cd:72:c2:
         88:49:2d:ae:ce:1e:fb:09:8b:7b:d3:81:23:ea:76:9f:b9:4e:
         c4:0c:e3:54:a3:3d:a5:6e:ae:96:60:4a:ce:6a:d1:6b:7b:23:
         e2:86:98:f4:86:28:be:01:ce:3c:51:58:fd:77:17:c6:d7:41:
         12:9e:41:a0:33:a2:42:1d:74:a2:25:19:7a:84:56:8f:22:84:
         0f:b5:07:05:59:48:71:71:97:80:a7:31:0d:3b:b0:8e:bc:8c:
         62:8e:4d:87
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZNjSmWpLiZ8z5QydhwBiSmYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQxMTI1MTIyNzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWI5ZmUwOWIwOGFlOTdkMzI4Yzg0NGVhNWEyMmViNDZhYzhiNWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgEKrX4Euw4KTN6s6bU/mfETHyFL
1VhW+XYaZpmk00wjR/2JZF0r0uVEedewKdjyI6B3qH16rftcJHFEvzeCDSwMFBLw
UYWb+6VflBukIQXOPVfgLexBOqrxd2oDwKtYX487O+5mlQ5nswAvCKEz+ffk+/zQ
PQAdgyv0k1IDZ3I8TYau76SubUed1q6XBaChIbMZUTPRuvEZlVfMNzAnAxOkOiFw
CTIWEQRVZ0bZQUbr9xnlrRhUXqU5XTlpV7Q7Z/bJmAFWATupt+GjULCjeauGtm9E
k5v4W2naHDiXXfzewQeXKd+otUQrnLISNfwY24JBmJHYMKCvAqUw7kGekQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEm5/gmwiul9MoyETqWiLrRqyLXDMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvU2JuLUNiQ0s2WDB5aklST3BhSXV0R3JJdGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg9DAQMF
ACoPQwQDBQAqD0MGMA0GCSqGSIb3DQEBCwUAA4IBAQCKdVoL5IqRNb1PNJhAz1bB
N2e2c1p15Z+zM8A8mOO4vDBm5X8Fp8i8BFASVZn74r36qCFLQGBUckjgyoovBwSz
6A5HaPvKaSh3wobeTGsMeB/51Hm9+JjgZ1TNy3HoIm8gTgGVpHdLh81aC8EEvsWO
ocXOvf5N40srlNtQeVUCxZXpzdi4APPTSEvnT86uL3rCcvzk/00gVc8+U4vyixLN
csKISS2uzh77CYt704Ej6nafuU7EDONUoz2lbq6WYErOatFreyPihpj0hii+Ac48
UVj9dxfG10ESnkGgM6JCHXSiJRl6hFaPIoQPtQcFWUhxcZeApzENO7COvIxijk2H
-----END CERTIFICATE-----