Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/pUN9oAwy_WWSpziePCmks_6SHRE.roa
File:                     pUN9oAwy_WWSpziePCmks_6SHRE.roa (raw, json)
Hash identifier:          Hhy4qO1BprlOMcnZIy/n8L8w7FuVUfpM29EdCbbZ5tI=
Subject key identifier:   A5:43:7D:A0:0C:32:FD:65:92:A7:38:9E:3C:29:A4:B3:FE:92:1D:11
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CC7271BF8C83529D60A48178B1379CEF0
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/pUN9oAwy_WWSpziePCmks_6SHRE.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11938
IP address blocks:        2a12:8fc1:3000::/36 maxlen: 36
                          2a12:8fc1:2000::/36 maxlen: 36
                          2a12:8fc1:1000::/36 maxlen: 36
                          2a12:8fc1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1b:f8:c8:35:29:d6:0a:48:17:8b:13:79:ce:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5437da00c32fd6592a7389e3c29a4b3fe921d11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c7:42:2e:cc:06:90:9b:c0:7c:49:e9:ed:80:
                    62:78:3e:09:d0:04:0c:6e:80:bd:c1:fc:72:4d:2a:
                    4b:51:6a:03:d8:2d:57:1f:58:b9:59:c8:03:d8:68:
                    dd:d8:9f:1d:7b:31:5c:c3:5f:ab:1a:94:31:50:70:
                    3e:25:ac:f8:18:64:7d:bd:cf:f3:ce:c1:f3:1e:27:
                    69:91:21:fc:d1:12:3e:2d:25:ad:5b:71:30:1a:d3:
                    75:9f:82:10:ea:3c:3d:1f:d6:a8:4a:77:9a:0a:82:
                    b5:ac:5b:d4:3a:c4:7d:5d:a6:2f:19:4e:98:b5:93:
                    cc:ba:1c:12:0d:fe:cc:c6:89:3a:d9:c6:a7:f3:69:
                    36:ef:fc:ba:4b:a6:e7:38:a9:a1:2b:a3:82:e1:13:
                    78:e8:a8:65:f1:26:f6:be:3f:ca:bb:a9:3e:12:06:
                    25:8d:a8:22:3c:86:7e:a5:53:fa:a8:88:cc:4b:5a:
                    2b:82:f0:18:93:3d:dc:39:b8:64:c3:d2:9c:81:35:
                    51:99:0b:71:c0:93:16:75:56:99:6f:51:04:7c:9e:
                    13:4f:c6:a0:ae:38:b9:1d:20:a0:30:d8:80:ad:53:
                    c0:6f:44:87:2e:8c:c3:06:e2:a2:6b:89:95:2d:58:
                    15:1f:6e:51:43:2b:d9:c5:ad:97:ac:16:aa:d4:d7:
                    c8:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:43:7D:A0:0C:32:FD:65:92:A7:38:9E:3C:29:A4:B3:FE:92:1D:11
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/pUN9oAwy_WWSpziePCmks_6SHRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:d5:e4:a8:fc:bc:9d:95:5c:51:ae:91:3e:e4:90:d8:95:48:
         9a:14:39:a4:8a:ea:fa:e5:49:5b:84:0f:e4:55:80:0c:f6:73:
         86:65:1e:10:25:b4:99:9c:13:b6:78:40:09:61:a1:3c:5b:80:
         79:85:f6:42:2b:f3:61:10:e1:6b:b4:f4:18:31:23:5f:00:6e:
         fe:8b:06:71:24:72:9b:55:5e:73:0e:bc:bb:b5:43:5a:1b:6c:
         36:b4:ae:3d:68:f9:5c:8d:fa:a3:33:37:cd:8c:07:8f:14:6c:
         01:ef:56:13:fc:35:6c:22:c5:fe:b6:30:45:0d:48:1f:5e:cc:
         d0:7a:60:6b:05:f2:d0:06:66:95:d4:88:40:b3:0e:c5:33:cb:
         e5:4e:cd:06:5d:c3:c9:39:6b:7d:7c:51:15:36:55:52:e7:94:
         9b:a9:7a:77:a1:a2:05:ee:37:15:a6:a5:db:51:22:7c:c6:70:
         fa:52:5a:f9:c9:b4:22:be:32:45:f5:52:1e:e1:29:d8:df:8f:
         68:0c:c7:b1:ed:3f:b7:a7:f8:b5:6c:35:17:57:23:46:d5:75:
         4f:bd:ad:4b:48:a0:74:b1:b1:e6:23:b6:40:e4:0a:bc:3a:78:
         aa:54:7f:6c:cb:fe:4e:44:e6:1f:72:43:43:a6:08:b0:8f:dd:
         e9:25:3c:cd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJxv4yDUp1gpIF4sTec7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQzN2RhMDBjMzJmZDY1OTJhNzM4OWUzYzI5YTRiM2ZlOTIxZDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMdCLswGkJvAfEnp7YBieD4J0AQM
boC9wfxyTSpLUWoD2C1XH1i5WcgD2Gjd2J8dezFcw1+rGpQxUHA+Jaz4GGR9vc/z
zsHzHidpkSH80RI+LSWtW3EwGtN1n4IQ6jw9H9aoSneaCoK1rFvUOsR9XaYvGU6Y
tZPMuhwSDf7Mxok62can82k27/y6S6bnOKmhK6OC4RN46Khl8Sb2vj/Ku6k+EgYl
jagiPIZ+pVP6qIjMS1orgvAYkz3cObhkw9KcgTVRmQtxwJMWdVaZb1EEfJ4TT8ag
rji5HSCgMNiArVPAb0SHLozDBuKia4mVLVgVH25RQyvZxa2XrBaq1NfIjQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKVDfaAMMv1lkqc4njwppLP+kh0RMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvcFVOOW9Bd3lfV1dTcHppZVBDbWtzXzZTSFJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhKPwTAN
BgkqhkiG9w0BAQsFAAOCAQEAftXkqPy8nZVcUa6RPuSQ2JVImhQ5pIrq+uVJW4QP
5FWADPZzhmUeECW0mZwTtnhACWGhPFuAeYX2QivzYRDha7T0GDEjXwBu/osGcSRy
m1Vecw68u7VDWhtsNrSuPWj5XI36ozM3zYwHjxRsAe9WE/w1bCLF/rYwRQ1IH17M
0HpgawXy0AZmldSIQLMOxTPL5U7NBl3DyTlrfXxRFTZVUueUm6l6d6GiBe43Faal
21EifMZw+lJa+cm0Ir4yRfVSHuEp2N+PaAzHse0/t6f4tWw1F1cjRtV1T72tS0ig
dLGx5iO2QOQKvDp4qlR/bMv+TkTmH3JDQ6YIsI/d6SU8zQ==
-----END CERTIFICATE-----