Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/9_gONkhZAXVY-qIkd5NP2Ii86ZE.roa
File:                     9_gONkhZAXVY-qIkd5NP2Ii86ZE.roa (raw, json)
Hash identifier:          MTXq03LqBYlKwXS/Rq/SfVia1+MPHzn/A/nL3Z0II94=
Subject key identifier:   F7:F8:0E:36:48:59:01:75:58:FA:A2:24:77:93:4F:D8:88:BC:E9:91
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018D7641222F5EE0FF78D287200DA91E51FB
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/9_gONkhZAXVY-qIkd5NP2Ii86ZE.roa
Signing time:             Sun 04 Feb 2024 22:33:16 +0000
ROA not before:           Sun 04 Feb 2024 22:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26701
IP address blocks:        2a12:8fc6:7::/48 maxlen: 48
                          2a12:8fc6:ac53::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:76:41:22:2f:5e:e0:ff:78:d2:87:20:0d:a9:1e:51:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Feb  4 22:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7f80e364859017558faa22477934fd888bce991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:23:6f:66:27:27:3e:f4:5f:a7:db:e1:fd:18:
                    15:42:07:b5:4c:e5:14:20:bf:57:19:95:2c:aa:92:
                    65:61:06:4c:03:65:2f:9a:cc:03:56:10:0d:ec:e5:
                    df:6c:d0:e1:ba:ec:47:79:e0:99:3c:7b:18:64:62:
                    38:13:a3:95:b6:bc:26:ce:65:0a:cf:8b:38:77:90:
                    c1:b2:ae:79:d3:5f:88:d1:d2:b0:2f:76:9e:aa:f3:
                    ef:40:27:5e:62:d9:8f:3e:22:bf:28:5e:be:6f:ba:
                    2a:8a:99:01:4c:42:88:37:64:45:42:34:f7:5c:15:
                    48:03:89:3b:45:e3:24:f2:d0:69:5e:a9:a8:f2:93:
                    9e:98:5f:e6:23:c3:60:f1:28:32:73:86:57:bc:07:
                    37:90:f9:3f:1d:73:e5:4d:72:85:f6:06:cc:63:57:
                    ea:18:27:d3:ac:b9:e4:d0:92:15:68:ac:35:35:7e:
                    80:c7:4a:4d:63:c6:87:5a:5a:68:ff:96:14:ee:4b:
                    f0:95:dd:e7:5f:d4:55:3e:b8:e5:34:c6:f0:91:1a:
                    c3:0f:6c:57:cb:f2:4e:ef:4d:db:fc:0f:24:1f:a6:
                    53:bf:4e:73:f1:59:ec:64:e6:53:99:2a:a6:7e:26:
                    64:42:bc:7b:75:81:02:4e:71:24:17:dd:67:02:c1:
                    e6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F8:0E:36:48:59:01:75:58:FA:A2:24:77:93:4F:D8:88:BC:E9:91
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/9_gONkhZAXVY-qIkd5NP2Ii86ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:7::/48
                  2a12:8fc6:ac53::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:5d:21:0d:2b:15:5e:85:f2:bc:9e:0f:03:f4:5b:d2:c7:6f:
         1d:c6:46:41:b1:99:63:e8:bb:73:64:10:b2:08:8c:eb:18:0a:
         ae:b1:a9:69:ed:79:f9:75:65:20:56:6c:30:6d:11:7c:1e:3b:
         a6:8a:18:06:1e:a7:7d:e6:0d:4e:52:3e:ab:51:b9:00:3a:ed:
         63:d8:58:3e:f6:77:d5:0b:41:f1:09:e1:7d:1b:06:d4:21:50:
         70:55:b0:a5:08:5a:45:f0:f5:03:64:c3:d6:a1:18:f2:1b:62:
         24:4c:52:61:1a:da:82:d0:ef:82:60:86:d6:1a:04:2f:23:77:
         4c:d0:66:67:f4:98:e4:8f:5e:05:01:ef:93:94:ce:48:81:80:
         aa:6d:74:f0:b4:d5:e1:69:a0:a5:71:4c:49:8d:d0:a4:cc:62:
         93:7c:b8:f0:e9:e4:dd:78:16:8b:cb:20:01:81:2c:98:f3:48:
         70:9a:5b:e3:90:70:55:94:23:3e:bf:c7:34:25:ea:c5:22:1b:
         c2:fd:0f:a5:ab:99:67:1b:f9:20:16:fa:6f:f9:ce:90:cb:0d:
         10:f2:66:4c:5e:38:1f:8f:b6:9b:c3:91:1b:59:bf:00:ac:29:
         52:4b:3c:f5:60:f1:b1:ed:e1:76:61:0a:ae:64:96:82:cd:30:
         38:5e:79:71
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY12QSIvXuD/eNKHIA2pHlH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMjA0MjIzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Y4MGUzNjQ4NTkwMTc1NThmYWEyMjQ3NzkzNGZkODg4YmNlOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiNvZicnPvRfp9vh/RgVQge1TOUU
IL9XGZUsqpJlYQZMA2UvmswDVhAN7OXfbNDhuuxHeeCZPHsYZGI4E6OVtrwmzmUK
z4s4d5DBsq5501+I0dKwL3aeqvPvQCdeYtmPPiK/KF6+b7oqipkBTEKIN2RFQjT3
XBVIA4k7ReMk8tBpXqmo8pOemF/mI8Ng8Sgyc4ZXvAc3kPk/HXPlTXKF9gbMY1fq
GCfTrLnk0JIVaKw1NX6Ax0pNY8aHWlpo/5YU7kvwld3nX9RVPrjlNMbwkRrDD2xX
y/JO703b/A8kH6ZTv05z8VnsZOZTmSqmfiZkQrx7dYECTnEkF91nAsHmAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPf4DjZIWQF1WPqiJHeTT9iIvOmRMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvOV9nT05raFpBWFZZLXFJa2Q1TlAySWk4NlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhKPxgAH
AwcAKhKPxqxTMA0GCSqGSIb3DQEBCwUAA4IBAQAeXSENKxVehfK8ng8D9FvSx28d
xkZBsZlj6LtzZBCyCIzrGAqusalp7Xn5dWUgVmwwbRF8HjumihgGHqd95g1OUj6r
UbkAOu1j2Fg+9nfVC0HxCeF9GwbUIVBwVbClCFpF8PUDZMPWoRjyG2IkTFJhGtqC
0O+CYIbWGgQvI3dM0GZn9Jjkj14FAe+TlM5IgYCqbXTwtNXhaaClcUxJjdCkzGKT
fLjw6eTdeBaLyyABgSyY80hwmlvjkHBVlCM+v8c0JerFIhvC/Q+lq5lnG/kgFvpv
+c6Qyw0Q8mZMXjgfj7abw5EbWb8ArClSSzz1YPGx7eF2YQquZJaCzTA4Xnlx
-----END CERTIFICATE-----