Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/sbfPHE6qzauSv3msvxWM0sMCaX4.roa
File:                     sbfPHE6qzauSv3msvxWM0sMCaX4.roa (raw, json)
Hash identifier:          iRi4kRF17mAYyOeR70VjtLExKdcNeO+DHjXJTxXWS7E=
Subject key identifier:   B1:B7:CF:1C:4E:AA:CD:AB:92:BF:79:AC:BF:15:8C:D2:C3:02:69:7E
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       018F7312D7AA422EE5EB1EE4EAA622F11E96
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/sbfPHE6qzauSv3msvxWM0sMCaX4.roa
Signing time:             Mon 13 May 2024 17:49:25 +0000
ROA not before:           Mon 13 May 2024 17:49:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211432
IP address blocks:        2a13:bfc0::/29 maxlen: 29
                          2a13:c040::/29 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:73:12:d7:aa:42:2e:e5:eb:1e:e4:ea:a6:22:f1:1e:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: May 13 17:49:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1b7cf1c4eaacdab92bf79acbf158cd2c302697e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:01:ae:6d:e3:b3:e8:6a:1b:02:05:92:39:8a:
                    69:7f:5c:78:d0:0b:a5:12:d1:3e:28:d9:93:3f:92:
                    41:84:3b:b7:9e:45:25:0b:5e:fe:40:72:da:16:07:
                    1e:12:99:18:fa:4a:af:43:73:18:f2:3c:43:3f:f3:
                    06:bf:7a:63:f5:43:ed:61:1c:e7:e2:4a:a3:92:e2:
                    9a:99:5a:39:07:e0:33:0f:98:73:e1:52:35:9b:7f:
                    d0:53:5c:01:a9:02:ae:50:6a:bc:ea:41:53:0f:94:
                    5c:8e:f4:5f:a1:14:20:54:d0:71:4e:2c:e1:cd:25:
                    01:63:11:04:55:05:2d:d1:96:76:31:da:33:4d:c5:
                    94:77:3c:2e:12:34:04:25:77:8e:a8:c1:e3:69:61:
                    ec:64:14:95:c9:4b:36:1e:ba:1d:84:f3:9f:4d:cc:
                    b4:a8:d2:0e:64:48:45:c1:ce:00:7b:61:2c:73:93:
                    0e:e8:88:4a:56:85:07:e3:77:d0:3c:2b:8d:94:09:
                    b8:95:bf:63:bf:a1:e4:84:ea:5c:c6:aa:2d:c5:33:
                    05:38:f0:dd:85:1e:ee:33:c5:e4:38:d1:bb:10:14:
                    77:06:37:22:8e:9f:69:1f:af:d8:a3:c1:78:27:93:
                    c7:27:60:4e:3f:45:4e:c2:fa:3c:48:d3:34:1a:0a:
                    59:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B7:CF:1C:4E:AA:CD:AB:92:BF:79:AC:BF:15:8C:D2:C3:02:69:7E
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/sbfPHE6qzauSv3msvxWM0sMCaX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bfc0::/29
                  2a13:c040::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:50:db:17:ff:7d:68:3e:47:67:6f:64:98:25:58:07:2f:7b:
         e2:1f:bf:ed:54:a6:01:c5:ee:ec:cb:f6:fc:c5:b7:74:b8:6a:
         6d:f4:5e:ff:83:c0:ce:4f:04:2c:24:08:cd:0f:8a:00:5c:5d:
         25:eb:c1:de:15:34:17:13:31:96:84:e9:93:33:b5:d2:e0:a0:
         a1:1a:b8:ca:f3:00:3f:34:47:ab:8b:53:32:98:a1:d8:0c:93:
         23:06:9c:89:4f:39:a7:87:1b:83:8b:a6:59:e0:13:68:42:37:
         c8:ca:c0:1d:02:fd:c4:9f:7f:15:32:42:d8:e1:53:3c:b8:2e:
         fa:57:9f:4e:ee:2e:d8:c8:69:fd:f0:12:0b:70:7a:9e:0e:df:
         61:96:1d:cf:70:97:e5:79:e1:c4:38:1c:45:38:9f:39:0b:24:
         a0:d6:1b:69:c6:dd:35:82:ea:f5:09:fa:58:4b:f1:82:ea:95:
         91:c5:4d:ed:fb:34:2f:d1:9b:19:0e:3d:aa:00:3e:41:0b:0d:
         de:41:f6:69:10:40:75:d3:94:5d:c0:36:99:46:ba:d3:bd:7e:
         0c:54:a3:eb:f9:a9:6f:e1:8d:03:59:9e:4b:01:a2:f9:82:85:
         f6:ab:0d:94:ef:a7:41:ec:7b:e7:03:1b:d5:d7:6b:7d:5c:fa:
         a3:a2:b0:fa
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY9zEteqQi7l6x7k6qYi8R6WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQwNTEzMTc0OTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWI3Y2YxYzRlYWFjZGFiOTJiZjc5YWNiZjE1OGNkMmMzMDI2OTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAGubeOz6GobAgWSOYppf1x40Aul
EtE+KNmTP5JBhDu3nkUlC17+QHLaFgceEpkY+kqvQ3MY8jxDP/MGv3pj9UPtYRzn
4kqjkuKamVo5B+AzD5hz4VI1m3/QU1wBqQKuUGq86kFTD5RcjvRfoRQgVNBxTizh
zSUBYxEEVQUt0ZZ2MdozTcWUdzwuEjQEJXeOqMHjaWHsZBSVyUs2HrodhPOfTcy0
qNIOZEhFwc4Ae2Esc5MO6IhKVoUH43fQPCuNlAm4lb9jv6HkhOpcxqotxTMFOPDd
hR7uM8XkONG7EBR3Bjcijp9pH6/Yo8F4J5PHJ2BOP0VOwvo8SNM0GgpZVQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLG3zxxOqs2rkr95rL8VjNLDAml+MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvc2JmUEhFNnF6YXVTdjNtc3Z4V00wc01DYVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhO/wAMF
AyoTwEAwDQYJKoZIhvcNAQELBQADggEBAINQ2xf/fWg+R2dvZJglWAcve+Ifv+1U
pgHF7uzL9vzFt3S4am30Xv+DwM5PBCwkCM0PigBcXSXrwd4VNBcTMZaE6ZMztdLg
oKEauMrzAD80R6uLUzKYodgMkyMGnIlPOaeHG4OLplngE2hCN8jKwB0C/cSffxUy
QtjhUzy4LvpXn07uLtjIaf3wEgtwep4O32GWHc9wl+V54cQ4HEU4nzkLJKDWG2nG
3TWC6vUJ+lhL8YLqlZHFTe37NC/RmxkOPaoAPkELDd5B9mkQQHXTlF3ANplGutO9
fgxUo+v5qW/hjQNZnksBovmChfarDZTvp0Hse+cDG9XXa31c+qOisPo=
-----END CERTIFICATE-----