Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/1ehPzZKxF1UYBJMFREeIsWSe-0E.roa
File:                     1ehPzZKxF1UYBJMFREeIsWSe-0E.roa (raw, json)
Hash identifier:          +fEfnPMqQYMaOaxEiaDX2H+smUyU5o+FiuHqTI6a8Fg=
Subject key identifier:   D5:E8:4F:CD:92:B1:17:55:18:04:93:05:44:47:88:B1:64:9E:FB:41
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       0194228DE7DC70E4DE6BF9F249E83E2EC337
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/1ehPzZKxF1UYBJMFREeIsWSe-0E.roa
Signing time:             Wed 01 Jan 2025 15:48:32 +0000
ROA not before:           Wed 01 Jan 2025 15:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207084
IP address blocks:        2a12:8fc6:200::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e7:dc:70:e4:de:6b:f9:f2:49:e8:3e:2e:c3:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 15:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5e84fcd92b1175518049305444788b1649efb41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:34:aa:a9:42:31:4a:07:7e:4f:8b:d9:1e:f3:
                    09:b6:ee:77:d1:3d:1f:e3:31:df:a7:1e:39:c9:d2:
                    58:9f:b8:1b:0d:9e:48:d8:76:d7:eb:4f:63:f1:9f:
                    ed:67:92:0c:ba:0d:ec:9e:24:a5:77:10:d8:ee:4c:
                    8a:c4:44:28:29:4a:b7:e8:1f:ea:56:45:d9:66:9a:
                    55:dc:5c:07:6f:1e:56:f8:57:6c:8f:d8:6f:69:30:
                    4c:7f:2e:f6:46:a0:03:23:b6:eb:54:87:b8:4a:b3:
                    77:e9:ab:00:81:a7:52:ed:62:30:55:8c:64:b4:8d:
                    ff:00:00:cd:c2:a4:01:a7:de:b7:06:c3:b6:f5:cb:
                    41:a6:ac:35:99:e9:0a:d8:fd:09:9c:86:41:44:f3:
                    3f:a2:c8:9d:af:34:96:e8:06:36:51:71:dd:42:56:
                    8e:f8:e2:d9:5c:24:9d:9e:c3:a2:ad:8a:0d:80:53:
                    fc:15:e3:0f:2c:f5:6b:ec:5b:d4:1a:c9:c0:88:eb:
                    fc:02:8b:e0:28:e8:b0:d4:a5:d6:6a:24:8b:f0:fb:
                    1b:89:10:82:e8:10:35:63:d4:ce:bc:d9:4b:34:ec:
                    c7:95:d5:9f:5b:38:dd:db:b4:db:4c:8d:9f:21:3c:
                    24:eb:5a:15:e7:c0:5f:f3:c7:88:9b:ec:cf:f1:95:
                    72:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E8:4F:CD:92:B1:17:55:18:04:93:05:44:47:88:B1:64:9E:FB:41
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/1ehPzZKxF1UYBJMFREeIsWSe-0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:bf:de:42:ea:f2:cd:cf:f3:0c:d9:51:02:a0:4e:cf:23:7c:
         49:93:60:a0:04:00:62:a7:fc:bf:15:a5:b1:3e:f4:74:dc:e3:
         94:98:2f:75:2d:85:7b:96:79:7b:b0:ca:2c:56:82:34:81:e4:
         5f:60:06:62:0c:70:65:6b:52:ed:ef:5d:a9:df:f7:64:f3:49:
         53:ba:fc:dc:4a:50:c5:90:1d:15:cf:3e:59:f6:ba:cf:2c:ff:
         7e:01:b5:f2:e1:f9:ff:21:f3:da:1d:3a:a2:ac:78:2b:72:66:
         09:c9:81:e4:27:63:48:1f:23:6b:97:87:75:36:a0:eb:1e:78:
         4f:4f:a2:0d:30:86:c6:4e:09:94:c9:96:be:79:e6:35:7d:dc:
         a5:e6:18:7a:e0:d6:7a:be:6e:d1:fe:e3:f4:17:c2:ad:bf:0e:
         86:a0:77:df:d0:30:8c:c9:35:a5:05:86:54:8b:40:31:f1:a2:
         0b:89:75:7b:5f:3f:86:df:7b:4e:97:cf:85:7a:3e:08:8b:b4:
         e2:9f:10:da:a0:be:54:eb:45:bc:bf:e9:c3:ce:77:b5:90:c9:
         80:73:bc:e6:6a:c0:37:39:46:44:8e:a4:c2:0c:62:8a:91:f0:
         a8:eb:22:d0:21:cf:87:af:20:70:b1:85:c1:e8:de:0c:17:0b:
         c1:c6:05:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijefccOTea/nySeg+LsM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjUwMTAxMTU0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWU4NGZjZDkyYjExNzU1MTgwNDkzMDU0NDQ3ODhiMTY0OWVmYjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjSqqUIxSgd+T4vZHvMJtu530T0f
4zHfpx45ydJYn7gbDZ5I2HbX609j8Z/tZ5IMug3sniSldxDY7kyKxEQoKUq36B/q
VkXZZppV3FwHbx5W+Fdsj9hvaTBMfy72RqADI7brVIe4SrN36asAgadS7WIwVYxk
tI3/AADNwqQBp963BsO29ctBpqw1mekK2P0JnIZBRPM/osidrzSW6AY2UXHdQlaO
+OLZXCSdnsOirYoNgFP8FeMPLPVr7FvUGsnAiOv8AovgKOiw1KXWaiSL8PsbiRCC
6BA1Y9TOvNlLNOzHldWfWzjd27TbTI2fITwk61oV58Bf88eIm+zP8ZVyiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNXoT82SsRdVGASTBURHiLFknvtBMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvMWVoUHpaS3hGMVVZQkpNRlJFZUlzV1NlLTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxgIA
MA0GCSqGSIb3DQEBCwUAA4IBAQCBv95C6vLNz/MM2VECoE7PI3xJk2CgBABip/y/
FaWxPvR03OOUmC91LYV7lnl7sMosVoI0geRfYAZiDHBla1Lt712p3/dk80lTuvzc
SlDFkB0Vzz5Z9rrPLP9+AbXy4fn/IfPaHTqirHgrcmYJyYHkJ2NIHyNrl4d1NqDr
HnhPT6INMIbGTgmUyZa+eeY1fdyl5hh64NZ6vm7R/uP0F8Ktvw6GoHff0DCMyTWl
BYZUi0Ax8aILiXV7Xz+G33tOl8+Fej4Ii7TinxDaoL5U60W8v+nDzne1kMmAc7zm
asA3OUZEjqTCDGKKkfCo6yLQIc+HryBwsYXB6N4MFwvBxgVW
-----END CERTIFICATE-----