Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/2GYZY3YmP4Z9CrbeYrsEBS4WPvQ.roa
File:                     2GYZY3YmP4Z9CrbeYrsEBS4WPvQ.roa (raw, json)
Hash identifier:          5GQk+W5w5aJknyyML0N7FECeUlVHN3WA+aoitU2P1JY=
Subject key identifier:   D8:66:19:63:76:26:3F:86:7D:0A:B6:DE:62:BB:04:05:2E:16:3E:F4
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       0194228DE58714A0D8236BEF208EDF3A645A
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/2GYZY3YmP4Z9CrbeYrsEBS4WPvQ.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49316
IP address blocks:        2a12:8fc6:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e5:87:14:a0:d8:23:6b:ef:20:8e:df:3a:64:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d866196376263f867d0ab6de62bb04052e163ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ef:61:ba:2f:6f:e0:ae:48:49:82:43:b2:77:
                    33:61:ec:6f:80:f3:2e:c5:2a:95:5b:07:8e:3c:b8:
                    7c:a6:e4:22:fa:3a:99:0c:3d:c6:77:ef:a3:c1:09:
                    19:db:c6:94:37:bb:cd:18:6c:68:5b:75:05:82:58:
                    a6:c3:37:b4:5e:b5:fd:e6:e1:c7:f8:35:bd:8e:aa:
                    db:0f:b2:fc:2f:43:ca:4a:04:fd:1a:f3:2d:05:ea:
                    0f:15:d7:92:5c:81:8a:84:05:72:b4:3d:09:f8:82:
                    0d:d8:3b:b0:a2:d5:6b:4e:3e:02:7a:e3:0d:af:29:
                    26:47:dc:a3:c5:a1:91:36:85:30:21:50:9b:7d:5c:
                    86:ec:77:15:90:bc:47:ef:a0:a5:ac:e5:91:79:69:
                    33:23:73:1e:1e:56:fd:ab:91:99:11:7f:4c:6d:08:
                    61:c5:cc:68:74:20:34:b9:6e:dc:9d:66:47:84:2c:
                    a3:87:da:3e:7d:ed:2b:dc:03:c6:a4:93:c5:fe:9b:
                    8c:de:60:9e:0b:69:78:21:3d:a9:cd:87:cc:54:49:
                    89:dd:1c:b7:eb:59:e9:b1:c3:b1:87:a1:36:de:5e:
                    89:a5:f6:72:ef:d8:0e:b5:71:60:b0:70:4c:31:d5:
                    8f:8f:d5:27:ff:7d:44:be:7e:7d:d2:7f:a5:70:24:
                    02:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:66:19:63:76:26:3F:86:7D:0A:B6:DE:62:BB:04:05:2E:16:3E:F4
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/2GYZY3YmP4Z9CrbeYrsEBS4WPvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:cb:9c:a5:63:3f:67:2d:6f:27:63:cc:53:87:e1:41:92:a0:
         d2:f4:1f:bf:64:b5:9d:00:09:12:98:b4:e1:8f:bc:cf:23:5b:
         ea:a9:aa:16:01:c4:ce:41:e9:4a:6b:ba:0d:a1:40:e0:4a:83:
         51:b3:4b:af:90:44:55:db:8e:e7:1e:d1:3b:fe:e4:6e:8a:33:
         9c:90:7f:cb:67:0f:7a:8a:c4:a3:16:d8:41:6b:22:23:03:f2:
         d1:c0:c5:c2:89:99:4d:a0:e0:b6:0b:ea:8f:c7:23:79:42:cb:
         62:bc:0d:e2:41:5d:b0:47:4e:60:41:84:7a:d4:37:65:09:c7:
         29:3f:cd:f0:d7:42:01:ae:98:5d:f7:ca:01:f5:d6:55:08:a8:
         ab:97:13:01:24:28:6c:28:c9:1a:e0:20:aa:1a:07:5f:c1:7f:
         c5:3a:77:5d:02:87:e0:5c:76:a6:69:7a:aa:bf:5b:2e:22:af:
         df:05:3d:86:f2:fa:71:c2:47:e6:19:b2:72:4f:6e:3a:87:4b:
         ac:99:11:69:f8:13:b9:2e:da:ce:b6:37:b9:91:6d:a6:7b:0a:
         b1:35:c3:00:c0:82:07:0a:45:7a:f5:49:5d:4c:ba:c5:6b:a6:
         b7:9a:8f:a8:fc:5d:6a:52:05:73:30:18:9a:c1:b5:a5:34:c6:
         01:56:97:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijeWHFKDYI2vvII7fOmRaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY2MTk2Mzc2MjYzZjg2N2QwYWI2ZGU2MmJiMDQwNTJlMTYzZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmO9hui9v4K5ISYJDsnczYexvgPMu
xSqVWweOPLh8puQi+jqZDD3Gd++jwQkZ28aUN7vNGGxoW3UFglimwze0XrX95uHH
+DW9jqrbD7L8L0PKSgT9GvMtBeoPFdeSXIGKhAVytD0J+IIN2DuwotVrTj4CeuMN
rykmR9yjxaGRNoUwIVCbfVyG7HcVkLxH76ClrOWReWkzI3MeHlb9q5GZEX9MbQhh
xcxodCA0uW7cnWZHhCyjh9o+fe0r3APGpJPF/puM3mCeC2l4IT2pzYfMVEmJ3Ry3
61npscOxh6E23l6JpfZy79gOtXFgsHBMMdWPj9Un/31Evn590n+lcCQCYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNhmGWN2Jj+GfQq23mK7BAUuFj70MB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvMkdZWlkzWW1QNFo5Q3JiZVlyc0VCUzRXUHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxgEA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/y5ylYz9nLW8nY8xTh+FBkqDS9B+/ZLWdAAkS
mLThj7zPI1vqqaoWAcTOQelKa7oNoUDgSoNRs0uvkERV247nHtE7/uRuijOckH/L
Zw96isSjFthBayIjA/LRwMXCiZlNoOC2C+qPxyN5QstivA3iQV2wR05gQYR61Ddl
CccpP83w10IBrphd98oB9dZVCKirlxMBJChsKMka4CCqGgdfwX/FOnddAofgXHam
aXqqv1suIq/fBT2G8vpxwkfmGbJyT246h0usmRFp+BO5LtrOtje5kW2mewqxNcMA
wIIHCkV69UldTLrFa6a3mo+o/F1qUgVzMBiawbWlNMYBVpe8
-----END CERTIFICATE-----