Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/sFCDhJ4M_6ODBJmgIs3kz42jtuI.roa
File:                     sFCDhJ4M_6ODBJmgIs3kz42jtuI.roa (raw, json)
Hash identifier:          0A6uuIGu+YVQFGSi7WdcioqNabGg+Lb7uc7Kf+2F0zs=
Subject key identifier:   B0:50:83:84:9E:0C:FF:A3:83:04:99:A0:22:CD:E4:CF:8D:A3:B6:E2
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       0194228DE90E6EA5AF286CF2DFE04A642E2C
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/sFCDhJ4M_6ODBJmgIs3kz42jtuI.roa
Signing time:             Wed 01 Jan 2025 15:48:33 +0000
ROA not before:           Wed 01 Jan 2025 15:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     328711
IP address blocks:        2a12:8fc6:c27a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e9:0e:6e:a5:af:28:6c:f2:df:e0:4a:64:2e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 15:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b05083849e0cffa3830499a022cde4cf8da3b6e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b1:c9:b9:04:d1:a4:40:a4:7d:24:18:8d:f7:
                    7f:82:1e:85:f4:12:1c:e5:f1:e5:18:69:91:d9:5e:
                    e8:ca:b7:72:ef:50:33:51:6b:c0:88:49:70:96:3c:
                    60:90:a5:48:ba:d9:fd:96:ec:85:9e:9c:11:b1:ad:
                    36:48:0c:96:36:ee:3a:4f:0b:c6:c4:18:5f:aa:3c:
                    93:d6:0f:d7:5f:1e:3b:2b:76:97:25:ef:f4:ed:23:
                    37:04:4e:27:e1:75:4b:ac:52:a5:8d:8e:9d:02:56:
                    6b:43:f1:22:93:9d:54:31:cb:9a:9f:ce:45:71:9b:
                    b1:ff:a4:f4:dc:a8:f9:57:44:1d:cf:97:24:b5:fc:
                    51:ff:4e:2d:f9:80:79:8e:60:90:ca:97:d3:9e:2b:
                    1b:3b:5b:bc:a1:03:af:ca:36:ff:f3:e9:3d:e6:d5:
                    29:46:99:61:0b:0d:72:91:ea:f6:4a:ed:f2:54:28:
                    6d:36:13:d2:fb:0c:6d:3b:70:9b:04:0d:4e:54:41:
                    79:95:75:cf:97:d4:5c:16:ad:53:3f:cb:0c:ab:34:
                    0c:d7:63:25:ce:49:67:1c:f5:9f:c0:a6:cb:09:0e:
                    f2:96:15:24:cc:ad:66:d1:26:e7:f0:94:bb:63:0e:
                    db:33:43:55:70:dd:4c:d3:ce:b0:0a:e8:37:f9:30:
                    aa:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:50:83:84:9E:0C:FF:A3:83:04:99:A0:22:CD:E4:CF:8D:A3:B6:E2
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/sFCDhJ4M_6ODBJmgIs3kz42jtuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:c27a::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:45:35:61:de:70:36:2f:a0:39:ee:bf:50:b9:a6:bf:bf:b1:
         b8:ac:5e:d1:5d:de:ec:77:d7:b2:fd:f8:b7:4d:6e:3c:1a:03:
         a9:75:13:ab:cd:6b:67:92:4a:e7:d3:f9:82:7b:88:fe:4f:b0:
         b3:08:f8:82:eb:db:36:6d:9f:57:e1:99:e4:aa:b8:b6:17:88:
         ab:4b:4b:cb:45:4d:e0:4a:f9:81:d5:20:95:6b:ad:7e:d0:53:
         2e:3b:72:dc:b0:11:b7:1e:a1:a2:77:9f:7e:56:96:91:93:91:
         f8:ad:50:fc:ab:c1:d5:91:03:66:d7:90:d7:4e:28:f6:d3:e4:
         c1:de:5c:34:8c:04:e8:64:19:5a:2c:e4:c7:b1:2d:5e:89:58:
         f2:7e:89:9d:d7:b1:15:a7:04:d3:e8:9f:56:8a:b7:7f:68:84:
         b8:f5:06:81:89:4e:4b:6d:17:fd:e1:47:89:65:85:5b:73:f2:
         ce:50:43:85:96:9b:1f:b1:30:a7:3b:ed:ab:21:59:b3:86:21:
         60:dd:e0:e0:03:25:17:8e:bf:a8:5d:f7:fd:94:3c:35:4a:78:
         48:ed:c4:a8:f5:4a:20:04:36:f8:5a:d9:54:d2:9c:e0:0f:64:
         a7:df:da:81:e5:04:47:93:d8:a0:4e:bb:59:0f:78:02:a6:eb:
         cd:88:42:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijekObqWvKGzy3+BKZC4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjUwMTAxMTU0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDUwODM4NDllMGNmZmEzODMwNDk5YTAyMmNkZTRjZjhkYTNiNmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLHJuQTRpECkfSQYjfd/gh6F9BIc
5fHlGGmR2V7oyrdy71AzUWvAiElwljxgkKVIutn9luyFnpwRsa02SAyWNu46TwvG
xBhfqjyT1g/XXx47K3aXJe/07SM3BE4n4XVLrFKljY6dAlZrQ/Eik51UMcuan85F
cZux/6T03Kj5V0Qdz5cktfxR/04t+YB5jmCQypfTnisbO1u8oQOvyjb/8+k95tUp
RplhCw1yker2Su3yVChtNhPS+wxtO3CbBA1OVEF5lXXPl9RcFq1TP8sMqzQM12Ml
zklnHPWfwKbLCQ7ylhUkzK1m0Sbn8JS7Yw7bM0NVcN1M086wCug3+TCqmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLBQg4SeDP+jgwSZoCLN5M+No7biMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvc0ZDRGhKNE1fNk9EQkptZ0lzM2t6NDJqdHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxsJ6
MA0GCSqGSIb3DQEBCwUAA4IBAQCYRTVh3nA2L6A57r9Quaa/v7G4rF7RXd7sd9ey
/fi3TW48GgOpdROrzWtnkkrn0/mCe4j+T7CzCPiC69s2bZ9X4Znkqri2F4irS0vL
RU3gSvmB1SCVa61+0FMuO3LcsBG3HqGid59+VpaRk5H4rVD8q8HVkQNm15DXTij2
0+TB3lw0jAToZBlaLOTHsS1eiVjyfomd17EVpwTT6J9Wird/aIS49QaBiU5LbRf9
4UeJZYVbc/LOUEOFlpsfsTCnO+2rIVmzhiFg3eDgAyUXjr+oXff9lDw1SnhI7cSo
9UogBDb4WtlU0pzgD2Sn39qB5QRHk9igTrtZD3gCpuvNiEJ8
-----END CERTIFICATE-----