Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/B6M1Vsu_UgmqSPvi-drD94BkcDQ.roa
File:                     B6M1Vsu_UgmqSPvi-drD94BkcDQ.roa (raw, json)
Hash identifier:          QBgPWZchSnwpv+pWNpHJHLYbvTf5ZQ0ZloskKfwiRg0=
Subject key identifier:   07:A3:35:56:CB:BF:52:09:AA:48:FB:E2:F9:DA:C3:F7:80:64:70:34
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CC7271FE4B1FF99D625EE2368EFA18155
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/B6M1Vsu_UgmqSPvi-drD94BkcDQ.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207084
IP address blocks:        2a12:8fc6:200::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1f:e4:b1:ff:99:d6:25:ee:23:68:ef:a1:81:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07a33556cbbf5209aa48fbe2f9dac3f780647034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b7:1c:dd:82:c8:43:c5:6a:58:cc:c6:88:5c:
                    5f:f1:7a:57:7e:a8:80:b7:69:35:05:fd:d6:7b:a5:
                    85:98:65:f8:83:cb:06:21:c4:ec:94:c6:7c:5a:e5:
                    61:44:1b:7f:f7:a8:d5:77:4b:45:b0:79:01:f8:96:
                    3b:e0:78:29:e0:c4:f3:4a:f7:f7:3a:68:2a:66:be:
                    45:45:8e:27:6d:86:0e:af:4b:aa:b0:7b:59:ed:ac:
                    e6:dc:bf:05:2b:ef:21:03:54:44:0a:c9:28:dc:0f:
                    6a:05:95:87:be:c9:f4:92:42:4a:b1:f1:7b:c2:7e:
                    cd:4e:6d:3b:c7:65:1a:cd:9e:8b:bf:4d:9d:12:c0:
                    9f:e9:7a:94:fe:1c:1a:0f:78:16:ee:1b:83:dc:c3:
                    a8:35:62:cc:9d:ce:84:1e:2e:70:7e:5c:07:31:4e:
                    f1:e0:32:1d:94:28:c2:66:17:9f:ea:95:3b:7b:29:
                    cb:60:a2:94:5c:cb:7c:d5:24:c6:03:04:d6:77:e4:
                    8a:2f:95:6f:1c:0b:36:5f:ee:c0:20:35:b1:67:be:
                    06:3c:ee:c5:4f:d2:0f:48:f2:af:b0:0f:be:d8:f9:
                    3f:05:18:2a:56:3e:40:d7:96:8f:23:32:fd:9f:ba:
                    13:61:63:f7:a4:30:a1:6c:b0:67:fd:b9:86:6d:d8:
                    a9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A3:35:56:CB:BF:52:09:AA:48:FB:E2:F9:DA:C3:F7:80:64:70:34
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/B6M1Vsu_UgmqSPvi-drD94BkcDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:5f:b7:b0:f4:43:79:42:42:9c:f7:c6:a5:9c:db:74:b3:8b:
         ca:df:57:45:17:d1:c5:27:13:ec:21:fa:7f:d5:39:d3:81:32:
         f8:73:c1:e8:76:a0:2a:04:ec:5c:6d:53:88:1c:c6:b2:6a:a6:
         77:f5:10:ab:55:b5:7b:67:5e:42:8d:3f:78:73:6f:4b:36:f3:
         6d:fe:77:87:c7:51:75:6f:e6:b8:3c:4b:bf:41:08:d1:9c:ac:
         ab:b8:54:5c:5d:0f:bc:4d:d7:0b:69:53:7b:9a:68:18:5e:69:
         c4:2c:62:4a:2d:d3:8e:4b:ef:b7:74:a8:9c:41:55:59:2b:3a:
         55:7d:91:e3:0c:d4:38:f1:6d:a6:a2:54:83:f0:10:42:8c:92:
         38:e1:88:e7:8c:19:75:99:bd:01:10:c8:03:21:3a:92:fc:a7:
         62:c4:a1:0d:ac:54:16:b7:ad:15:27:8e:ba:f1:be:a1:31:1e:
         7c:3c:2c:19:68:fc:63:ac:8d:7d:31:21:ed:bb:48:6d:98:b6:
         d2:d9:82:98:65:4c:92:9a:20:1f:f7:43:28:f4:00:86:66:67:
         23:4b:ad:6d:f2:4d:a4:12:fe:73:f1:4e:48:82:2a:ea:24:a7:
         1e:cf:32:33:6d:bb:7a:12:37:90:f8:c3:6c:ec:de:d0:3c:c1:
         b6:da:fc:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJx/ksf+Z1iXuI2jvoYFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2EzMzU1NmNiYmY1MjA5YWE0OGZiZTJmOWRhYzNmNzgwNjQ3MDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLcc3YLIQ8VqWMzGiFxf8XpXfqiA
t2k1Bf3We6WFmGX4g8sGIcTslMZ8WuVhRBt/96jVd0tFsHkB+JY74Hgp4MTzSvf3
OmgqZr5FRY4nbYYOr0uqsHtZ7azm3L8FK+8hA1RECsko3A9qBZWHvsn0kkJKsfF7
wn7NTm07x2UazZ6Lv02dEsCf6XqU/hwaD3gW7huD3MOoNWLMnc6EHi5wflwHMU7x
4DIdlCjCZhef6pU7eynLYKKUXMt81STGAwTWd+SKL5VvHAs2X+7AIDWxZ74GPO7F
T9IPSPKvsA++2Pk/BRgqVj5A15aPIzL9n7oTYWP3pDChbLBn/bmGbdipWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAejNVbLv1IJqkj74vnaw/eAZHA0MB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvQjZNMVZzdV9VZ21xU1B2aS1kckQ5NEJrY0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxgIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBiX7ew9EN5QkKc98alnNt0s4vK31dFF9HFJxPs
Ifp/1TnTgTL4c8HodqAqBOxcbVOIHMayaqZ39RCrVbV7Z15CjT94c29LNvNt/neH
x1F1b+a4PEu/QQjRnKyruFRcXQ+8TdcLaVN7mmgYXmnELGJKLdOOS++3dKicQVVZ
KzpVfZHjDNQ48W2molSD8BBCjJI44YjnjBl1mb0BEMgDITqS/KdixKENrFQWt60V
J4668b6hMR58PCwZaPxjrI19MSHtu0htmLbS2YKYZUySmiAf90Mo9ACGZmcjS61t
8k2kEv5z8U5IgirqJKcezzIzbbt6EjeQ+MNs7N7QPMG22vxS
-----END CERTIFICATE-----