Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/cbMabUeFsUdPUPsC7g6Gj3YxnoI.roa
File:                     cbMabUeFsUdPUPsC7g6Gj3YxnoI.roa (raw, json)
Hash identifier:          0DYKgsevEsxWe0wPIoE7xu+De7UCLmUgeS2qzW7jslo=
Subject key identifier:   71:B3:1A:6D:47:85:B1:47:4F:50:FB:02:EE:0E:86:8F:76:31:9E:82
Certificate issuer:       /CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
Certificate serial:       019261B250A5881FD9526FFEAB28C384DD3A
Authority key identifier: 07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/cbMabUeFsUdPUPsC7g6Gj3YxnoI.roa
Signing time:             Sun 06 Oct 2024 11:58:48 +0000
ROA not before:           Sun 06 Oct 2024 11:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214160
IP address blocks:        2a14:6:10::/48 maxlen: 48
                          2a14:6:11::/48 maxlen: 48
                          2a14:6:12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:61:b2:50:a5:88:1f:d9:52:6f:fe:ab:28:c3:84:dd:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
        Validity
            Not Before: Oct  6 11:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71b31a6d4785b1474f50fb02ee0e868f76319e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:85:43:62:06:a3:c0:d5:3f:52:4e:8d:58:73:
                    57:e3:9b:7d:d2:be:6b:5d:85:20:a0:fa:2e:49:a2:
                    93:ae:d7:ae:0a:1e:35:e3:86:68:a1:6a:56:44:a2:
                    3c:15:d7:fc:4d:7d:f3:1e:97:93:ca:50:36:b3:4a:
                    28:e1:54:f4:6d:4c:16:42:02:31:0b:6f:95:cb:7b:
                    b3:69:e2:29:6d:be:08:82:19:04:c8:2d:ec:6e:cf:
                    00:18:4c:48:5f:b9:e3:cf:82:92:27:10:02:33:83:
                    c2:f8:e7:8d:26:e2:26:3a:f1:59:6c:05:9e:db:86:
                    7d:68:6b:ac:f4:10:18:b9:2e:5f:dd:78:f8:a8:69:
                    99:81:e3:ca:41:a6:bf:e3:3b:4f:59:7f:99:93:84:
                    99:9e:a7:6d:47:13:8d:d6:32:c9:c3:cb:3f:38:f1:
                    9d:69:06:eb:74:f4:ad:80:05:f7:e8:24:92:99:bf:
                    62:c5:3c:c8:3e:21:8c:98:f1:fe:37:10:31:7e:96:
                    02:e5:d8:89:73:d0:05:24:92:8e:7c:c9:77:83:21:
                    52:6b:8a:a7:2f:24:23:7e:09:28:2a:c9:9f:56:08:
                    a6:a8:0b:87:a1:a6:d8:5f:4d:db:cf:f7:37:02:40:
                    f2:80:8f:87:72:0a:39:07:9a:d0:19:98:20:76:44:
                    82:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B3:1A:6D:47:85:B1:47:4F:50:FB:02:EE:0E:86:8F:76:31:9E:82
            X509v3 Authority Key Identifier:
                keyid:07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/cbMabUeFsUdPUPsC7g6Gj3YxnoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6:10::-2a14:6:12:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         c5:48:a2:61:11:21:1d:aa:be:ff:be:28:90:9d:99:31:31:92:
         bc:fc:f3:c6:b9:d6:33:ce:5f:1b:e1:a8:cb:7d:d1:e3:f2:95:
         e9:42:d2:74:bc:9d:e5:c8:6d:6d:7a:03:a5:da:96:a2:ea:3c:
         a3:94:f6:fd:81:e5:e8:a1:b1:dd:2e:0b:02:c9:7d:7f:64:30:
         92:12:99:35:27:de:db:93:10:9a:5d:a7:65:76:d7:4a:5a:1c:
         d0:11:cf:fb:4b:11:93:21:0c:5b:93:af:ca:2d:e6:7c:9c:93:
         79:d7:c9:ee:30:0a:5c:ce:2f:d2:eb:74:d9:15:01:99:1f:8e:
         87:b7:1e:25:be:da:1d:a5:8a:cb:f1:2b:6e:aa:30:73:d7:e4:
         ac:22:a5:b5:24:6b:79:49:6a:aa:3f:f6:8d:18:71:a4:e3:57:
         11:08:d0:3d:00:34:82:dc:d0:a1:a3:6a:d6:55:50:e5:8e:8d:
         ac:0e:ad:91:9d:3a:61:b2:a2:fa:79:c2:f9:a5:c2:b2:3a:85:
         20:06:bc:69:eb:a9:0e:97:68:05:96:32:32:5e:83:c0:6e:0e:
         95:1e:b9:b7:f6:23:4e:a1:f6:0f:4c:70:39:56:a1:91:d7:ee:
         5c:98:dd:7d:7a:3f:53:cf:79:fb:34:bc:28:06:ea:8e:a0:dd:
         c2:ec:28:8f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZJhslCliB/ZUm/+qyjDhN06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjBiYTU5YjFjNzZjZjIwZGM0MzgyZTVhMjg1NGQ3MTQy
YzI2YmEwHhcNMjQxMDA2MTE1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWIzMWE2ZDQ3ODViMTQ3NGY1MGZiMDJlZTBlODY4Zjc2MzE5ZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYVDYgajwNU/Uk6NWHNX45t90r5r
XYUgoPouSaKTrteuCh4144ZooWpWRKI8Fdf8TX3zHpeTylA2s0oo4VT0bUwWQgIx
C2+Vy3uzaeIpbb4IghkEyC3sbs8AGExIX7njz4KSJxACM4PC+OeNJuImOvFZbAWe
24Z9aGus9BAYuS5f3Xj4qGmZgePKQaa/4ztPWX+Zk4SZnqdtRxON1jLJw8s/OPGd
aQbrdPStgAX36CSSmb9ixTzIPiGMmPH+NxAxfpYC5diJc9AFJJKOfMl3gyFSa4qn
LyQjfgkoKsmfVgimqAuHoabYX03bz/c3AkDygI+Hcgo5B5rQGZggdkSCmQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHGzGm1HhbFHT1D7Au4Oho92MZ6CMB8GA1UdIwQY
MBaAFAfwulmxx2zyDcQ4LlooVNcULCa6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTkt
MjIwMGIzY2M1N2U2LzEvY2JNYWJVZUZzVWRQVVBzQzdnNkdqM1l4bm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTktMjIwMGIzY2M1N2U2
LzEvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQqFAAG
ABADBwAqFAAGABIwDQYJKoZIhvcNAQELBQADggEBAMVIomERIR2qvv++KJCdmTEx
krz888a51jPOXxvhqMt90ePylelC0nS8neXIbW16A6XalqLqPKOU9v2B5eihsd0u
CwLJfX9kMJISmTUn3tuTEJpdp2V210paHNARz/tLEZMhDFuTr8ot5nyck3nXye4w
ClzOL9LrdNkVAZkfjoe3HiW+2h2lisvxK26qMHPX5KwipbUka3lJaqo/9o0YcaTj
VxEI0D0ANILc0KGjatZVUOWOjawOrZGdOmGyovp5wvmlwrI6hSAGvGnrqQ6XaAWW
MjJeg8BuDpUeubf2I06h9g9McDlWoZHX7lyY3X16P1PPefs0vCgG6o6g3cLsKI8=
-----END CERTIFICATE-----