Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/cbZrCEYx7CYbfIf94Q-GugfF6SA.roa
File:                     cbZrCEYx7CYbfIf94Q-GugfF6SA.roa (raw, json)
Hash identifier:          fX37NG8Qn445jBiYJajc1EONy39mLyY+rfdx3Hui5c4=
Subject key identifier:   71:B6:6B:08:46:31:EC:26:1B:7C:87:FD:E1:0F:86:BA:07:C5:E9:20
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       01946E73BE46CFFF1246C2546757357E581C
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/cbZrCEYx7CYbfIf94Q-GugfF6SA.roa
Signing time:             Thu 16 Jan 2025 09:31:06 +0000
ROA not before:           Thu 16 Jan 2025 09:31:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51647
IP address blocks:        2a07:3500:1020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6e:73:be:46:cf:ff:12:46:c2:54:67:57:35:7e:58:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan 16 09:31:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71b66b084631ec261b7c87fde10f86ba07c5e920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:b2:24:9f:d5:58:54:82:3b:d0:40:d2:7e:9c:
                    eb:e5:71:13:62:23:ec:c5:15:12:49:99:c5:30:74:
                    eb:20:b3:98:95:7f:a7:56:fc:cd:89:5b:8d:75:46:
                    ef:c1:96:24:57:c8:56:b2:b9:46:28:6e:6d:9a:e7:
                    bc:52:60:d5:0d:ff:ec:62:f2:fe:d2:c6:28:7f:6d:
                    80:0b:7a:e2:fc:cd:cf:66:cc:70:18:a5:a7:48:bf:
                    de:0a:57:f5:a9:a0:6d:2b:82:d4:ae:a2:b7:1b:b5:
                    5d:c4:41:ee:b6:74:b4:df:44:dd:02:5d:13:a8:2a:
                    6f:27:78:ef:c3:eb:a0:a5:e8:93:80:b2:63:9d:24:
                    3f:3c:2e:0c:13:6e:08:1a:cf:4a:29:bd:5d:59:3d:
                    3e:60:cb:21:85:b1:3b:aa:0e:51:e2:ca:31:c3:f7:
                    4b:75:2d:79:88:25:d4:44:cf:f3:0e:ee:02:60:c3:
                    26:52:1d:18:8d:73:7e:a7:be:56:92:8c:4b:e0:70:
                    c9:5f:11:2e:62:81:73:68:b4:e7:4a:e3:6c:3e:8b:
                    26:71:c2:da:a2:75:82:ff:f3:ea:20:3c:96:c3:1f:
                    63:b1:26:75:d2:e1:af:1b:de:c7:e6:81:30:00:eb:
                    bf:6f:e7:cb:e2:64:fa:a9:44:3c:4e:97:f1:56:45:
                    fe:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B6:6B:08:46:31:EC:26:1B:7C:87:FD:E1:0F:86:BA:07:C5:E9:20
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/cbZrCEYx7CYbfIf94Q-GugfF6SA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:1020::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:c9:bb:fe:20:fb:09:d4:98:2c:9e:a6:1a:37:3e:29:46:72:
         c5:b3:6b:54:d6:62:8f:7e:b5:b8:11:e1:aa:cc:a5:ca:75:59:
         7d:75:bc:cc:0d:6b:ba:f3:04:a3:e1:34:42:29:cb:20:1c:50:
         4f:43:5d:57:e3:1d:42:fd:c2:2f:e2:b2:7d:84:e6:96:97:a3:
         bc:bc:01:63:eb:4b:b8:b6:43:db:d5:ad:88:da:c1:9e:ea:77:
         48:f9:31:92:4d:57:6d:c9:dd:ad:2f:9b:e4:3e:37:74:eb:e8:
         bc:3c:0c:da:57:78:63:78:ef:5b:16:6b:d1:10:38:80:da:e2:
         d4:c5:f4:cd:7b:64:9a:33:0e:d8:f1:a6:78:6e:3e:53:36:ca:
         f7:d3:75:d0:a6:f0:a4:55:a1:6f:cf:e5:b5:58:a6:74:d1:8d:
         f9:1b:a7:9e:31:b4:8b:8f:53:cf:0c:24:3e:a7:71:45:84:47:
         b7:26:60:44:a7:cd:af:86:0a:46:0c:de:f7:28:9b:6c:16:d1:
         d8:e5:7c:7f:96:6f:cc:07:62:0e:29:35:72:f7:d7:99:28:ca:
         9c:2a:c4:0c:88:ee:d2:52:7c:1a:85:14:c9:b9:0b:88:ed:3e:
         8b:97:3c:ee:f1:91:32:3e:e5:88:f6:f0:77:5e:f4:69:a9:c0:
         e1:d9:0a:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRuc75Gz/8SRsJUZ1c1flgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwMTE2MDkzMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI2NmIwODQ2MzFlYzI2MWI3Yzg3ZmRlMTBmODZiYTA3YzVlOTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6bIkn9VYVII70EDSfpzr5XETYiPs
xRUSSZnFMHTrILOYlX+nVvzNiVuNdUbvwZYkV8hWsrlGKG5tmue8UmDVDf/sYvL+
0sYof22AC3ri/M3PZsxwGKWnSL/eClf1qaBtK4LUrqK3G7VdxEHutnS030TdAl0T
qCpvJ3jvw+ugpeiTgLJjnSQ/PC4ME24IGs9KKb1dWT0+YMshhbE7qg5R4soxw/dL
dS15iCXURM/zDu4CYMMmUh0YjXN+p75WkoxL4HDJXxEuYoFzaLTnSuNsPosmccLa
onWC//PqIDyWwx9jsSZ10uGvG97H5oEwAOu/b+fL4mT6qUQ8TpfxVkX+bQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHG2awhGMewmG3yH/eEPhroHxekgMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvY2JackNFWXg3Q1liZklmOTRRLUd1Z2ZGNlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ABAg
MA0GCSqGSIb3DQEBCwUAA4IBAQCoybv+IPsJ1JgsnqYaNz4pRnLFs2tU1mKPfrW4
EeGqzKXKdVl9dbzMDWu68wSj4TRCKcsgHFBPQ11X4x1C/cIv4rJ9hOaWl6O8vAFj
60u4tkPb1a2I2sGe6ndI+TGSTVdtyd2tL5vkPjd06+i8PAzaV3hjeO9bFmvREDiA
2uLUxfTNe2SaMw7Y8aZ4bj5TNsr303XQpvCkVaFvz+W1WKZ00Y35G6eeMbSLj1PP
DCQ+p3FFhEe3JmBEp82vhgpGDN73KJtsFtHY5Xx/lm/MB2IOKTVy99eZKMqcKsQM
iO7SUnwahRTJuQuI7T6Llzzu8ZEyPuWI9vB3XvRpqcDh2Qqx
-----END CERTIFICATE-----