Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/SNTwxjZqoj--loyRtn4U5ryS2tg.roa
File:                     SNTwxjZqoj--loyRtn4U5ryS2tg.roa (raw, json)
Hash identifier:          7LntTAbrkB4D7sGOEefKUsodkOG7eI/vXEBkRmusiyk=
Subject key identifier:   48:D4:F0:C6:36:6A:A2:3F:BE:96:8C:91:B6:7E:14:E6:BC:92:DA:D8
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       0194228DE276ED328684813579CA3FD026EF
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/SNTwxjZqoj--loyRtn4U5ryS2tg.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26701
IP address blocks:        2a12:8fc6:7::/48 maxlen: 48
                          2a12:8fc6:ac53::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e2:76:ed:32:86:84:81:35:79:ca:3f:d0:26:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48d4f0c6366aa23fbe968c91b67e14e6bc92dad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:65:22:33:fb:6b:06:35:1c:7b:78:55:f9:25:
                    f7:7d:2d:d5:23:67:dc:46:76:4e:18:1a:c7:66:ef:
                    1e:ef:77:5d:43:3a:11:69:3c:02:9a:ba:63:04:82:
                    20:a6:49:37:4d:55:3e:c6:b5:cd:ba:67:5e:3a:ef:
                    93:37:97:96:cb:0c:f3:b3:b1:12:7f:b5:c9:42:d3:
                    30:25:94:af:8b:39:92:ba:e9:66:da:86:66:03:a8:
                    65:27:e0:e9:af:0f:45:63:36:26:f5:d3:21:ea:b8:
                    9e:f2:a0:7d:3f:6c:9d:89:ab:30:fd:d2:e6:d8:5a:
                    52:5c:3a:ee:05:0b:11:7d:30:1f:0b:a9:46:77:21:
                    fe:f7:10:46:1d:f8:a7:2b:32:aa:40:1e:c1:35:87:
                    78:be:27:85:4a:56:db:35:eb:81:13:2e:7a:9f:c1:
                    2d:ae:fe:e4:a3:5e:15:f7:42:ca:e3:4e:40:79:fd:
                    8e:93:4f:3d:8a:ed:82:4a:87:c3:69:5d:56:b8:06:
                    eb:61:e1:53:5d:3f:a5:0d:c5:73:44:c7:ec:d1:ff:
                    94:a6:5f:db:16:c7:a5:6b:f0:cb:f0:06:e1:77:59:
                    69:1c:84:7e:28:e2:26:e1:42:2a:00:d0:55:b2:04:
                    1e:67:df:61:33:f7:f6:f8:59:07:10:26:a9:62:99:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D4:F0:C6:36:6A:A2:3F:BE:96:8C:91:B6:7E:14:E6:BC:92:DA:D8
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/SNTwxjZqoj--loyRtn4U5ryS2tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:7::/48
                  2a12:8fc6:ac53::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:98:fa:bb:38:79:d0:3c:66:a1:6d:60:60:76:d0:d2:c6:67:
         a3:fc:5f:4c:91:28:2b:f2:71:47:30:79:0b:fd:f8:f5:c9:30:
         81:49:76:97:91:d7:ee:fe:40:9c:c3:95:c6:0d:cd:e9:6f:f7:
         b5:70:53:ef:7d:9e:fa:bc:ef:66:2d:52:99:94:0f:98:58:f1:
         8e:2d:23:64:d1:2a:2b:92:83:2c:88:42:e7:d0:54:0f:76:1a:
         ca:d4:19:9b:4f:76:2d:0f:a2:16:97:0b:ba:cb:ef:5f:d6:f3:
         79:66:3d:37:30:8e:18:73:1e:bf:d5:5a:cb:49:21:34:23:a4:
         42:84:09:89:db:64:dd:6e:2b:44:ec:e7:d0:7a:00:c7:92:7e:
         73:c7:8e:03:63:5f:23:66:b4:7a:ea:dd:44:16:3a:f8:02:b1:
         38:dc:24:33:f0:93:66:6d:01:d0:e7:43:e9:2e:1f:6c:43:26:
         bd:93:4f:4c:76:20:bf:de:ba:c7:c5:bc:b6:87:c9:71:60:2a:
         e7:4c:b0:c9:52:58:53:b7:bd:5a:41:54:42:18:77:7f:e4:a9:
         55:e1:57:92:ac:53:9d:37:01:cf:a5:df:ad:7e:33:6f:a6:46:
         92:b5:5c:f1:87:ef:79:e7:09:e3:a4:62:80:0f:2e:84:a8:06:
         fa:9a:9e:9d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQijeJ27TKGhIE1eco/0CbvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGQ0ZjBjNjM2NmFhMjNmYmU5NjhjOTFiNjdlMTRlNmJjOTJkYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmUiM/trBjUce3hV+SX3fS3VI2fc
RnZOGBrHZu8e73ddQzoRaTwCmrpjBIIgpkk3TVU+xrXNumdeOu+TN5eWywzzs7ES
f7XJQtMwJZSvizmSuulm2oZmA6hlJ+Dprw9FYzYm9dMh6rie8qB9P2ydiasw/dLm
2FpSXDruBQsRfTAfC6lGdyH+9xBGHfinKzKqQB7BNYd4vieFSlbbNeuBEy56n8Et
rv7ko14V90LK405Aef2Ok089iu2CSofDaV1WuAbrYeFTXT+lDcVzRMfs0f+Upl/b
Fsela/DL8Abhd1lpHIR+KOIm4UIqANBVsgQeZ99hM/f2+FkHECapYplzxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEjU8MY2aqI/vpaMkbZ+FOa8ktrYMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvU05Ud3hqWnFvai0tbG95UnRuNFU1cnlTMnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhKPxgAH
AwcAKhKPxqxTMA0GCSqGSIb3DQEBCwUAA4IBAQCDmPq7OHnQPGahbWBgdtDSxmej
/F9MkSgr8nFHMHkL/fj1yTCBSXaXkdfu/kCcw5XGDc3pb/e1cFPvfZ76vO9mLVKZ
lA+YWPGOLSNk0SorkoMsiELn0FQPdhrK1BmbT3YtD6IWlwu6y+9f1vN5Zj03MI4Y
cx6/1VrLSSE0I6RChAmJ22TdbitE7OfQegDHkn5zx44DY18jZrR66t1EFjr4ArE4
3CQz8JNmbQHQ50PpLh9sQya9k09MdiC/3rrHxby2h8lxYCrnTLDJUlhTt71aQVRC
GHd/5KlV4VeSrFOdNwHPpd+tfjNvpkaStVzxh+955wnjpGKADy6EqAb6mp6d
-----END CERTIFICATE-----