Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/tQDmd_HVthGlh-15RwSiluD0ZXw.roa
File:                     tQDmd_HVthGlh-15RwSiluD0ZXw.roa (raw, json)
Hash identifier:          n2v5hMPR/jbnVttaRvQHSX1MtJExMkz7vX/MDwLW7dE=
Subject key identifier:   B5:00:E6:77:F1:D5:B6:11:A5:87:ED:79:47:04:A2:96:E0:F4:65:7C
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CC7271D23A9962818743DBA0E350C513D
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/tQDmd_HVthGlh-15RwSiluD0ZXw.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48743
IP address blocks:        2a12:8fc6:500::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1d:23:a9:96:28:18:74:3d:ba:0e:35:0c:51:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b500e677f1d5b611a587ed794704a296e0f4657c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:66:ac:09:d3:c8:2b:de:41:e5:da:f1:f9:07:
                    f3:cd:57:4d:e7:8f:33:de:bb:bc:2d:53:ef:fe:5f:
                    5f:99:8e:98:83:25:d0:3d:b1:d1:f2:a2:48:03:b9:
                    2a:45:de:e5:24:91:89:67:9a:d7:e3:f5:c8:7b:f7:
                    8d:d0:ff:96:11:66:b1:8d:49:f6:9c:f0:5d:3e:b9:
                    f2:a2:22:ea:13:f8:d5:bd:20:8d:9b:07:6f:9a:4f:
                    9d:c3:ec:61:57:7c:2d:7c:ee:e8:dc:aa:1d:56:53:
                    f4:11:81:01:58:d0:7b:12:df:41:94:c1:a2:8a:33:
                    f2:dd:f8:c6:24:14:92:42:5d:d9:1a:9e:6f:42:f3:
                    b6:f6:fd:4c:42:74:34:23:3d:00:e0:39:56:ad:88:
                    bd:86:16:18:55:bc:8b:ba:48:31:70:52:fd:4d:63:
                    d1:0a:5d:ee:b6:ca:e9:08:d0:fe:19:20:18:5c:7c:
                    66:1e:8c:37:f1:5a:71:df:e2:4b:3b:ad:1f:90:24:
                    d3:cb:e8:1c:fd:f7:15:13:d1:e8:7a:03:d1:f3:e3:
                    99:a1:c2:38:19:63:4b:be:45:8c:c7:fe:b2:40:47:
                    52:1f:13:34:a9:e9:af:1d:d0:61:e0:21:02:35:22:
                    92:f6:dc:82:7d:08:2c:9b:82:6a:70:41:08:83:65:
                    c6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:00:E6:77:F1:D5:B6:11:A5:87:ED:79:47:04:A2:96:E0:F4:65:7C
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/tQDmd_HVthGlh-15RwSiluD0ZXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:500::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:c4:4d:ca:aa:6c:e8:7b:71:ed:4c:14:bc:53:0f:6e:1c:68:
         af:75:b5:1b:39:63:03:b6:a3:9f:97:4f:8d:eb:5d:a6:ae:2c:
         36:17:b5:7c:a0:ee:87:5c:94:76:50:b1:80:9d:46:e0:cb:13:
         6d:e2:39:bb:11:a0:9f:b5:c0:56:dc:dc:7d:c7:09:e1:45:82:
         20:ee:a7:47:db:2f:d4:3a:9a:2a:ba:70:5a:6c:78:39:0b:f4:
         7a:57:91:4e:ff:46:e5:f5:18:ab:77:cb:c8:a5:51:62:24:1f:
         bd:f7:bb:43:2c:d3:cb:02:5c:87:15:74:a3:3d:80:72:3d:98:
         73:77:3d:a6:96:e0:32:80:78:e3:b7:a3:8b:49:f0:a9:7a:3b:
         52:5f:aa:77:45:a0:23:a2:c2:61:b5:10:40:77:96:77:15:12:
         3a:35:c1:7d:a6:c0:e4:91:58:99:c9:84:7b:fa:63:4c:ca:e9:
         26:3d:5e:7d:58:e9:4c:4d:86:f6:3e:05:76:73:b9:75:1d:6a:
         04:37:91:75:57:b1:b6:d4:c3:53:dc:d6:34:14:b6:21:41:0e:
         fa:aa:0b:33:c1:71:c7:a1:38:0c:82:b6:f8:8d:1d:4d:5a:3e:
         18:fa:6a:62:d5:af:17:81:c4:22:aa:10:fa:1a:ff:c5:87:b5:
         2c:71:51:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJx0jqZYoGHQ9ug41DFE9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTAwZTY3N2YxZDViNjExYTU4N2VkNzk0NzA0YTI5NmUwZjQ2NTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmasCdPIK95B5drx+QfzzVdN548z
3ru8LVPv/l9fmY6YgyXQPbHR8qJIA7kqRd7lJJGJZ5rX4/XIe/eN0P+WEWaxjUn2
nPBdPrnyoiLqE/jVvSCNmwdvmk+dw+xhV3wtfO7o3KodVlP0EYEBWNB7Et9BlMGi
ijPy3fjGJBSSQl3ZGp5vQvO29v1MQnQ0Iz0A4DlWrYi9hhYYVbyLukgxcFL9TWPR
Cl3utsrpCND+GSAYXHxmHow38Vpx3+JLO60fkCTTy+gc/fcVE9HoegPR8+OZocI4
GWNLvkWMx/6yQEdSHxM0qemvHdBh4CECNSKS9tyCfQgsm4JqcEEIg2XGQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLUA5nfx1bYRpYfteUcEopbg9GV8MB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvdFFEbWRfSFZ0aEdsaC0xNVJ3U2lsdUQwWlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxgUA
MA0GCSqGSIb3DQEBCwUAA4IBAQBAxE3Kqmzoe3HtTBS8Uw9uHGivdbUbOWMDtqOf
l0+N612mriw2F7V8oO6HXJR2ULGAnUbgyxNt4jm7EaCftcBW3Nx9xwnhRYIg7qdH
2y/UOpoqunBabHg5C/R6V5FO/0bl9Rird8vIpVFiJB+997tDLNPLAlyHFXSjPYBy
PZhzdz2mluAygHjjt6OLSfCpejtSX6p3RaAjosJhtRBAd5Z3FRI6NcF9psDkkViZ
yYR7+mNMyukmPV59WOlMTYb2PgV2c7l1HWoEN5F1V7G21MNT3NY0FLYhQQ76qgsz
wXHHoTgMgrb4jR1NWj4Y+mpi1a8XgcQiqhD6Gv/Fh7UscVE9
-----END CERTIFICATE-----