Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/S5azbY9FJe1jXVxfaVqb4PpayZI.roa
File:                     S5azbY9FJe1jXVxfaVqb4PpayZI.roa (raw, json)
Hash identifier:          n5t6PwOg50nHTbgEd7qMNT86raoDPa83i2MHKoxSrJc=
Subject key identifier:   4B:96:B3:6D:8F:45:25:ED:63:5D:5C:5F:69:5A:9B:E0:FA:5A:C9:92
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CC7271DEAFB415916FC5FD42E03232926
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/S5azbY9FJe1jXVxfaVqb4PpayZI.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49316
IP address blocks:        2a12:8fc6:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1d:ea:fb:41:59:16:fc:5f:d4:2e:03:23:29:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b96b36d8f4525ed635d5c5f695a9be0fa5ac992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8b:4d:a5:07:13:04:c4:c6:8e:46:09:f2:bd:
                    29:3e:2a:fb:03:6a:bb:c8:43:2c:43:5e:b1:6b:b5:
                    b1:b7:fd:41:17:33:57:7a:29:6f:f1:3a:a5:fc:ce:
                    0e:62:38:f9:8c:c1:7e:b0:61:dc:c8:48:e8:6c:56:
                    47:7f:de:9e:12:a2:d5:15:f5:2c:92:fe:23:65:10:
                    40:1e:1c:21:7c:aa:ea:b7:b0:77:01:e3:9d:a5:04:
                    b2:d5:01:be:16:66:0a:cc:ff:0f:84:6a:1d:9a:84:
                    0b:b6:74:f1:fd:8b:cf:14:00:9f:97:e4:bd:b0:02:
                    23:fa:9d:84:fd:e9:6e:9f:9e:6f:4d:ec:43:78:eb:
                    45:cf:83:6d:4c:0a:c8:0e:93:54:5f:d5:9b:b0:54:
                    cc:ce:f7:af:a3:1d:1b:e5:f3:de:9f:52:b6:ba:dc:
                    bb:b1:d6:b6:16:73:a9:3e:15:61:9e:1d:7b:25:ea:
                    69:cb:e8:07:ac:3d:54:1b:44:d7:ff:a6:8a:f0:d2:
                    fd:a4:08:56:44:68:d8:c1:01:d4:2c:64:58:68:81:
                    e1:df:9d:c7:57:7a:4b:b2:9d:41:52:74:35:37:60:
                    20:5e:14:86:10:56:88:63:44:47:6a:7a:43:38:6c:
                    46:80:29:ea:29:d5:a8:ab:e9:38:95:34:3a:24:05:
                    b7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:96:B3:6D:8F:45:25:ED:63:5D:5C:5F:69:5A:9B:E0:FA:5A:C9:92
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/S5azbY9FJe1jXVxfaVqb4PpayZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:15:24:84:82:d6:9c:54:d8:80:0a:dc:7c:ff:8d:3b:ec:62:
         2e:99:92:3d:6f:fc:7d:ff:d5:2a:00:2e:0b:f5:5c:bd:e2:38:
         0b:93:f2:20:be:00:83:9a:48:05:69:b7:b7:de:69:ea:22:b4:
         64:64:79:e3:a5:6e:00:2d:cf:0f:8e:ba:1e:3c:06:36:87:03:
         2f:81:af:da:6c:f5:6f:4a:91:fe:ef:02:2e:2e:94:a7:15:9a:
         f3:3b:29:51:cb:93:9e:dc:83:47:66:0c:bf:82:58:c3:87:a7:
         e5:00:aa:5d:ac:15:eb:e2:43:a7:85:4a:ed:a7:87:93:4a:87:
         c1:08:78:0f:7d:f3:29:b8:7d:dd:e9:43:79:27:76:21:a9:12:
         18:8d:c8:5a:b4:58:94:a1:5a:f4:15:b5:8d:fb:87:60:1c:c9:
         21:4c:b3:8a:6f:fd:f3:7c:77:a3:ba:9a:af:d2:5b:ab:e2:ab:
         cf:cb:c2:9c:14:51:f9:a5:d6:26:94:35:30:e8:91:eb:b9:dc:
         e8:fc:14:6d:cd:89:0d:3d:d7:61:20:54:2f:8b:66:5f:00:d1:
         f1:4f:ff:4d:f0:96:dd:44:47:b1:d2:9d:36:97:ec:f3:2f:82:
         ac:78:51:1e:93:46:fc:ee:eb:a5:29:b5:3c:6b:5e:71:25:65:
         fb:05:e4:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJx3q+0FZFvxf1C4DIykmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjk2YjM2ZDhmNDUyNWVkNjM1ZDVjNWY2OTVhOWJlMGZhNWFjOTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgotNpQcTBMTGjkYJ8r0pPir7A2q7
yEMsQ16xa7Wxt/1BFzNXeilv8Tql/M4OYjj5jMF+sGHcyEjobFZHf96eEqLVFfUs
kv4jZRBAHhwhfKrqt7B3AeOdpQSy1QG+FmYKzP8PhGodmoQLtnTx/YvPFACfl+S9
sAIj+p2E/elun55vTexDeOtFz4NtTArIDpNUX9WbsFTMzvevox0b5fPen1K2uty7
sda2FnOpPhVhnh17Jeppy+gHrD1UG0TX/6aK8NL9pAhWRGjYwQHULGRYaIHh353H
V3pLsp1BUnQ1N2AgXhSGEFaIY0RHanpDOGxGgCnqKdWoq+k4lTQ6JAW3pQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEuWs22PRSXtY11cX2lam+D6WsmSMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvUzVhemJZOUZKZTFqWFZ4ZmFWcWI0UHBheVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxgEA
MA0GCSqGSIb3DQEBCwUAA4IBAQALFSSEgtacVNiACtx8/4077GIumZI9b/x9/9Uq
AC4L9Vy94jgLk/IgvgCDmkgFabe33mnqIrRkZHnjpW4ALc8PjroePAY2hwMvga/a
bPVvSpH+7wIuLpSnFZrzOylRy5Oe3INHZgy/gljDh6flAKpdrBXr4kOnhUrtp4eT
SofBCHgPffMpuH3d6UN5J3YhqRIYjchatFiUoVr0FbWN+4dgHMkhTLOKb/3zfHej
upqv0lur4qvPy8KcFFH5pdYmlDUw6JHrudzo/BRtzYkNPddhIFQvi2ZfANHxT/9N
8JbdREex0p02l+zzL4KseFEek0b87uulKbU8a15xJWX7BeTB
-----END CERTIFICATE-----