Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/QHz5RnBTFdJRquF0NP-26ruWKn0.roa
File:                     QHz5RnBTFdJRquF0NP-26ruWKn0.roa (raw, json)
Hash identifier:          taijIFai2/Pc8zOTk9q+vkGlwfhGsj5fwFqx1WAw6p0=
Subject key identifier:   40:7C:F9:46:70:53:15:D2:51:AA:E1:74:34:FF:B6:EA:BB:96:2A:7D
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CC7271E9EF27B32A59812F303430A69CB
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/QHz5RnBTFdJRquF0NP-26ruWKn0.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57467
IP address blocks:        2a12:8fc6:800::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1e:9e:f2:7b:32:a5:98:12:f3:03:43:0a:69:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=407cf946705315d251aae17434ffb6eabb962a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2d:85:a5:e7:18:73:1f:21:ab:5d:49:b1:b6:
                    84:e9:2b:84:a9:0b:f1:71:72:08:b1:fc:f2:a9:e1:
                    be:4c:d8:30:cc:a1:df:d1:ce:de:e0:69:b0:96:95:
                    20:e0:93:b7:f7:aa:7a:e5:0d:ae:12:68:35:c9:15:
                    73:7f:1e:b8:aa:d2:20:3f:b6:06:ea:f2:32:9b:45:
                    15:ae:f9:d5:ce:9d:45:c2:c8:fd:aa:66:6b:b0:20:
                    e3:8c:21:e4:c4:f2:27:73:0f:37:e6:50:aa:a7:4c:
                    fb:27:8e:6c:ef:ed:85:64:cf:37:eb:5f:db:5b:ce:
                    8d:19:f9:c6:bb:56:bb:89:c5:88:98:2a:56:c6:20:
                    2b:7e:a6:97:5b:f6:7d:13:3e:24:a2:25:a9:e5:15:
                    68:01:d4:31:e3:01:ec:00:03:38:b3:57:3a:dd:ed:
                    85:74:b6:44:9b:ef:af:7c:b2:90:92:d9:e8:a3:0d:
                    23:a2:d1:65:78:a5:8b:9e:40:af:94:e3:e4:5b:00:
                    61:3c:8f:c4:c1:53:61:ce:e3:01:9d:03:99:39:e0:
                    86:d8:5c:b2:aa:4a:a9:b2:12:13:b2:cf:14:38:e1:
                    81:ea:45:ec:b4:f4:ef:2f:d7:95:28:bd:16:0c:33:
                    d8:21:bf:f0:1d:43:1c:ec:eb:9c:e6:72:07:d2:3c:
                    36:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:7C:F9:46:70:53:15:D2:51:AA:E1:74:34:FF:B6:EA:BB:96:2A:7D
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/QHz5RnBTFdJRquF0NP-26ruWKn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:800::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:c3:32:aa:1f:45:c7:72:67:5e:60:5c:58:e9:1f:92:ed:cc:
         42:65:90:6c:08:77:be:b9:42:da:90:3e:3f:5f:a8:9e:71:c8:
         2f:93:63:01:0e:65:4c:91:5a:9e:c0:53:4e:2e:a9:8a:ea:1e:
         a0:fa:95:89:a0:f2:46:de:86:91:6a:2a:f4:f3:59:54:df:95:
         5b:19:f4:f5:c1:78:59:6a:33:bd:09:c5:bd:76:42:ef:6d:c7:
         bb:a1:37:34:95:e8:dd:f2:52:36:95:de:10:5e:61:16:c0:88:
         97:d6:b1:a6:38:b9:c5:04:1c:71:9d:16:7d:b2:b5:88:f0:f4:
         6b:60:15:5e:2f:ab:2f:42:9d:a1:26:57:c2:84:78:3a:d8:03:
         52:2d:47:52:a0:bd:2a:f4:88:83:fe:1b:1b:53:d8:22:ee:2f:
         93:2b:f5:cc:1e:58:84:34:b5:9c:dc:c9:3a:f7:61:70:63:79:
         e5:49:16:1d:39:bb:65:06:9a:d1:99:a6:89:c0:66:f2:0f:b4:
         67:8a:85:f5:78:a7:04:69:0f:95:6f:a4:a0:0f:62:3a:c3:85:
         db:fb:68:d5:7c:cc:f5:59:24:cd:80:66:97:f0:79:0f:28:70:
         96:91:49:4d:ce:b9:1a:63:01:52:a1:b4:ce:ee:62:49:16:7c:
         92:c2:49:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJx6e8nsypZgS8wNDCmnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDdjZjk0NjcwNTMxNWQyNTFhYWUxNzQzNGZmYjZlYWJiOTYyYTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuS2FpecYcx8hq11JsbaE6SuEqQvx
cXIIsfzyqeG+TNgwzKHf0c7e4GmwlpUg4JO396p65Q2uEmg1yRVzfx64qtIgP7YG
6vIym0UVrvnVzp1Fwsj9qmZrsCDjjCHkxPIncw835lCqp0z7J45s7+2FZM8361/b
W86NGfnGu1a7icWImCpWxiArfqaXW/Z9Ez4koiWp5RVoAdQx4wHsAAM4s1c63e2F
dLZEm++vfLKQktnoow0jotFleKWLnkCvlOPkWwBhPI/EwVNhzuMBnQOZOeCG2Fyy
qkqpshITss8UOOGB6kXstPTvL9eVKL0WDDPYIb/wHUMc7Ouc5nIH0jw2LwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEB8+UZwUxXSUarhdDT/tuq7lip9MB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvUUh6NVJuQlRGZEpScXVGME5QLTI2cnVXS24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxggA
MA0GCSqGSIb3DQEBCwUAA4IBAQB/wzKqH0XHcmdeYFxY6R+S7cxCZZBsCHe+uULa
kD4/X6ieccgvk2MBDmVMkVqewFNOLqmK6h6g+pWJoPJG3oaRair081lU35VbGfT1
wXhZajO9CcW9dkLvbce7oTc0lejd8lI2ld4QXmEWwIiX1rGmOLnFBBxxnRZ9srWI
8PRrYBVeL6svQp2hJlfChHg62ANSLUdSoL0q9IiD/hsbU9gi7i+TK/XMHliENLWc
3Mk692FwY3nlSRYdObtlBprRmaaJwGbyD7RnioX1eKcEaQ+Vb6SgD2I6w4Xb+2jV
fMz1WSTNgGaX8HkPKHCWkUlNzrkaYwFSobTO7mJJFnySwknj
-----END CERTIFICATE-----