Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/RnD1Asljl7mn6v42kRVUFWlYwTg.roa
File:                     RnD1Asljl7mn6v42kRVUFWlYwTg.roa (raw, json)
Hash identifier:          NXYgKP4UGicUO8cYaOfH06MbyYnaLEsQzh86kiSgxsI=
Subject key identifier:   46:70:F5:02:C9:63:97:B9:A7:EA:FE:36:91:15:54:15:69:58:C1:38
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       019108D641322DE768AE0F8CA0FC52FE4991
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/RnD1Asljl7mn6v42kRVUFWlYwTg.roa
Signing time:             Wed 31 Jul 2024 12:49:04 +0000
ROA not before:           Wed 31 Jul 2024 12:49:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     329249
IP address blocks:        2a12:8fc6:2491::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:08:d6:41:32:2d:e7:68:ae:0f:8c:a0:fc:52:fe:49:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jul 31 12:49:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4670f502c96397b9a7eafe36911554156958c138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:54:bb:65:06:f8:43:18:d5:8b:6a:a6:8e:f3:
                    67:c6:00:d9:a6:38:bd:96:7b:e0:3f:20:42:35:f2:
                    47:36:f5:64:48:76:bb:d4:32:9a:a2:30:0d:4b:a7:
                    40:7c:36:ce:f3:4c:1c:d3:9d:b9:5b:0a:e4:cc:65:
                    b2:fd:ca:26:de:aa:5d:ad:83:37:ec:d5:88:a8:e4:
                    9b:87:7e:c6:f0:79:41:d0:be:0d:1f:39:5e:13:76:
                    4c:88:0a:f3:5d:b6:85:8f:2c:38:cf:83:28:d1:93:
                    fd:a5:b3:a6:55:a2:59:3d:c6:cb:59:a0:8d:f2:30:
                    37:e0:df:3c:6b:2e:e9:8b:63:a6:3b:9b:53:89:d4:
                    36:33:72:50:cd:4a:a9:eb:cd:c3:9f:35:4d:62:b4:
                    b5:07:6f:5e:77:f0:5f:00:b7:b0:07:c7:63:e6:ca:
                    73:4b:e5:e0:40:70:26:86:df:c8:e4:b5:e5:bd:97:
                    00:85:d4:be:8e:2b:43:99:a1:4a:8f:83:0e:66:78:
                    e6:b0:74:5d:48:7e:04:2e:f8:f5:3f:2c:af:60:37:
                    08:4c:78:15:0c:51:e8:71:7b:81:61:88:aa:9e:e2:
                    98:cf:af:e3:9d:1a:32:e8:77:70:d8:cc:e1:db:73:
                    bb:f4:7a:7a:94:f5:d4:54:ca:7c:90:2b:5f:2a:47:
                    fe:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:70:F5:02:C9:63:97:B9:A7:EA:FE:36:91:15:54:15:69:58:C1:38
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/RnD1Asljl7mn6v42kRVUFWlYwTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:2491::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:7d:66:ab:6e:cb:64:0d:96:65:66:c1:17:72:ed:b0:a7:b3:
         d1:c5:2e:53:77:d1:e1:4d:ea:47:a8:e8:4d:54:d1:a6:22:b2:
         43:fc:9c:de:ae:88:16:2c:04:0a:e2:92:79:6d:f1:72:05:87:
         d3:7a:7e:09:df:cf:df:da:bf:a8:a3:54:34:bf:88:67:43:15:
         36:d8:35:d3:cc:58:f5:c0:8f:09:fb:d7:95:b8:db:8e:65:d5:
         0e:43:9a:2f:fd:07:89:bc:af:01:52:a7:14:0b:ff:15:1c:87:
         b8:b7:6d:dc:4e:3c:b2:4f:f1:6c:c5:95:d6:3c:ac:20:f2:51:
         d7:0f:66:fd:41:35:85:0a:13:67:92:da:ed:4e:e5:d4:e7:6c:
         b3:db:9d:61:5c:49:19:66:d3:af:ef:a8:6a:e8:cb:71:2a:8b:
         dc:ae:d7:b7:c9:f0:24:2f:ab:d1:9a:e2:ce:f7:de:95:f4:bd:
         ba:0e:15:97:be:bb:3f:81:e7:97:23:90:d7:a4:bd:d1:7b:23:
         5e:94:d7:fe:78:2c:e0:25:e2:c5:ed:52:24:88:52:d0:55:fa:
         53:00:c7:91:d9:59:19:1c:62:9a:76:a1:b2:f1:46:3b:1d:3d:
         22:9c:b0:6c:07:31:6c:67:dc:1f:07:ad:1e:5d:00:95:f2:d0:
         0b:4c:e1:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZEI1kEyLedorg+MoPxS/kmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwNzMxMTI0OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjcwZjUwMmM5NjM5N2I5YTdlYWZlMzY5MTE1NTQxNTY5NThjMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11S7ZQb4QxjVi2qmjvNnxgDZpji9
lnvgPyBCNfJHNvVkSHa71DKaojANS6dAfDbO80wc0525WwrkzGWy/com3qpdrYM3
7NWIqOSbh37G8HlB0L4NHzleE3ZMiArzXbaFjyw4z4Mo0ZP9pbOmVaJZPcbLWaCN
8jA34N88ay7pi2OmO5tTidQ2M3JQzUqp683DnzVNYrS1B29ed/BfALewB8dj5spz
S+XgQHAmht/I5LXlvZcAhdS+jitDmaFKj4MOZnjmsHRdSH4ELvj1PyyvYDcITHgV
DFHocXuBYYiqnuKYz6/jnRoy6Hdw2Mzh23O79Hp6lPXUVMp8kCtfKkf+FQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEZw9QLJY5e5p+r+NpEVVBVpWME4MB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvUm5EMUFzbGpsN21uNnY0MmtSVlVGV2xZd1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxiSR
MA0GCSqGSIb3DQEBCwUAA4IBAQACfWarbstkDZZlZsEXcu2wp7PRxS5Td9HhTepH
qOhNVNGmIrJD/JzerogWLAQK4pJ5bfFyBYfTen4J38/f2r+oo1Q0v4hnQxU22DXT
zFj1wI8J+9eVuNuOZdUOQ5ov/QeJvK8BUqcUC/8VHIe4t23cTjyyT/FsxZXWPKwg
8lHXD2b9QTWFChNnktrtTuXU52yz251hXEkZZtOv76hq6MtxKovcrte3yfAkL6vR
muLO996V9L26DhWXvrs/geeXI5DXpL3ReyNelNf+eCzgJeLF7VIkiFLQVfpTAMeR
2VkZHGKadqGy8UY7HT0inLBsBzFsZ9wfB60eXQCV8tALTOHl
-----END CERTIFICATE-----