Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/5WUDK7bTpUz_tjpeIAGa5CBjRa0.roa
File:                     5WUDK7bTpUz_tjpeIAGa5CBjRa0.roa (raw, json)
Hash identifier:          47R576uZrxoaOnno9+vdB1897HLU63zrYwh6gLnBORM=
Subject key identifier:   E5:65:03:2B:B6:D3:A5:4C:FF:B6:3A:5E:20:01:9A:E4:20:63:45:AD
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CC7271CF401A793164F90A320C92D0860
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/5WUDK7bTpUz_tjpeIAGa5CBjRa0.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48734
IP address blocks:        2a12:8fc6:400::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1c:f4:01:a7:93:16:4f:90:a3:20:c9:2d:08:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e565032bb6d3a54cffb63a5e20019ae4206345ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:72:8d:0b:ec:43:ec:3a:59:26:d4:3c:f0:c4:
                    32:be:8a:19:bd:b7:b9:0f:fb:d6:42:aa:e8:2b:c1:
                    7b:e8:01:56:ce:86:e8:21:9f:4b:8f:59:0c:2a:c5:
                    93:b4:b7:1f:c2:a9:bb:22:da:fd:db:62:e4:24:90:
                    89:fb:8b:bd:26:d6:61:b5:23:6b:03:0b:c2:59:75:
                    22:be:40:2a:9c:5e:e5:17:49:9f:75:dd:cc:96:93:
                    64:58:0a:0d:35:d4:d3:5a:05:eb:9f:51:74:01:7c:
                    55:77:04:37:44:14:6b:aa:15:15:10:4e:b3:a9:66:
                    97:57:cc:89:a1:f5:0e:ae:ec:ce:84:0c:eb:76:6d:
                    8a:a7:f8:62:96:ae:ce:c1:23:9f:06:35:3a:5d:bf:
                    6d:f1:14:6c:c6:17:3e:f3:e1:cc:3d:c9:dc:4d:70:
                    d5:02:e1:8d:a7:a2:52:ff:44:cb:27:3b:5e:6b:95:
                    bd:bb:d1:08:69:a0:d7:4b:ee:cc:97:6b:0c:31:36:
                    a6:c4:38:11:ce:5b:4f:41:15:de:b4:69:fd:e8:9b:
                    15:fc:01:8d:3c:e6:31:c9:c3:7e:a4:7c:e9:61:dd:
                    92:a6:6c:77:2b:93:b0:29:49:5e:60:42:dd:8e:fe:
                    57:64:8b:d2:3f:d3:c9:45:85:69:bc:88:e5:c9:67:
                    9d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:65:03:2B:B6:D3:A5:4C:FF:B6:3A:5E:20:01:9A:E4:20:63:45:AD
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/5WUDK7bTpUz_tjpeIAGa5CBjRa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:400::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:bb:ca:69:34:ba:64:78:cb:0c:05:fa:26:1a:80:c1:79:63:
         ba:6c:b6:53:25:a0:83:6b:3b:ac:6d:17:1a:e3:d6:f8:9b:03:
         3d:12:f1:ba:c7:07:01:a3:15:f1:ac:af:47:ee:de:3c:29:c7:
         6a:5f:d0:fc:54:e5:33:7f:59:8e:08:ec:bf:41:7a:43:e5:e9:
         64:0b:6a:5a:e7:29:76:79:84:27:a9:d3:04:fc:f6:49:c0:fe:
         30:d0:36:b2:9f:e4:23:36:07:5c:9a:69:a1:cd:f8:68:ed:2d:
         b0:16:58:79:7b:e1:df:37:bb:74:78:c2:c9:ef:14:86:8f:86:
         fa:39:bf:9d:c3:10:23:81:cb:0f:c9:35:07:e3:b0:08:e3:b1:
         71:ee:6a:65:52:60:d8:ef:30:16:6e:6f:e0:fa:28:8b:fe:3a:
         17:e2:55:e6:5e:61:86:63:d7:4c:39:17:c8:f3:3b:18:3f:45:
         d1:d6:b8:5c:bb:ab:3a:7d:96:86:dd:af:bb:44:ce:17:68:e4:
         4e:3d:4e:51:9c:b5:6d:2b:9f:c5:bd:e4:ee:f0:66:29:b3:41:
         bd:b2:1f:e8:3a:ff:7e:fe:2c:96:b6:8e:cd:11:09:f1:74:4c:
         c9:6a:ec:37:17:e4:4f:7c:04:ff:55:d3:7e:1d:4b:37:de:07:
         2b:ec:b2:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJxz0AaeTFk+QoyDJLQhgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTY1MDMyYmI2ZDNhNTRjZmZiNjNhNWUyMDAxOWFlNDIwNjM0NWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HKNC+xD7DpZJtQ88MQyvooZvbe5
D/vWQqroK8F76AFWzoboIZ9Lj1kMKsWTtLcfwqm7Itr922LkJJCJ+4u9JtZhtSNr
AwvCWXUivkAqnF7lF0mfdd3MlpNkWAoNNdTTWgXrn1F0AXxVdwQ3RBRrqhUVEE6z
qWaXV8yJofUOruzOhAzrdm2Kp/hilq7OwSOfBjU6Xb9t8RRsxhc+8+HMPcncTXDV
AuGNp6JS/0TLJztea5W9u9EIaaDXS+7Ml2sMMTamxDgRzltPQRXetGn96JsV/AGN
POYxycN+pHzpYd2Spmx3K5OwKUleYELdjv5XZIvSP9PJRYVpvIjlyWeduQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOVlAyu206VM/7Y6XiABmuQgY0WtMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvNVdVREs3YlRwVXpfdGpwZUlBR2E1Q0JqUmEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxgQA
MA0GCSqGSIb3DQEBCwUAA4IBAQA4u8ppNLpkeMsMBfomGoDBeWO6bLZTJaCDazus
bRca49b4mwM9EvG6xwcBoxXxrK9H7t48KcdqX9D8VOUzf1mOCOy/QXpD5elkC2pa
5yl2eYQnqdME/PZJwP4w0Dayn+QjNgdcmmmhzfho7S2wFlh5e+HfN7t0eMLJ7xSG
j4b6Ob+dwxAjgcsPyTUH47AI47Fx7mplUmDY7zAWbm/g+iiL/joX4lXmXmGGY9dM
ORfI8zsYP0XR1rhcu6s6fZaG3a+7RM4XaOROPU5RnLVtK5/FveTu8GYps0G9sh/o
Ov9+/iyWto7NEQnxdEzJauw3F+RPfAT/VdN+HUs33gcr7LJG
-----END CERTIFICATE-----