Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/vdUGTvaJnk6jVS1dp_5pFhxoius.roa
File:                     vdUGTvaJnk6jVS1dp_5pFhxoius.roa (raw, json)
Hash identifier:          aQN/FjAV+TOzRf9vyI7efG6pWnTiQ/9wvqErdaLMGqk=
Subject key identifier:   BD:D5:06:4E:F6:89:9E:4E:A3:55:2D:5D:A7:FE:69:16:1C:68:8A:EB
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CC7271C79CAF99284D55339631F67BD07
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/vdUGTvaJnk6jVS1dp_5pFhxoius.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46308
IP address blocks:        2a12:8fc6:700::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1c:79:ca:f9:92:84:d5:53:39:63:1f:67:bd:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdd5064ef6899e4ea3552d5da7fe69161c688aeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e6:f5:b3:d6:f0:cc:d2:8a:97:f5:bd:18:c8:
                    c2:fd:00:cb:39:e6:29:7a:2e:b9:41:bd:28:4f:f8:
                    2b:ef:90:f4:2e:ab:ec:cf:a1:1a:63:c4:e4:b7:6f:
                    15:72:7c:7d:ab:c2:65:10:15:af:c1:30:ef:fb:02:
                    12:0e:70:f3:85:01:c7:88:10:9f:d7:61:30:c8:06:
                    b3:6c:56:6d:45:8c:39:46:c0:41:35:00:85:35:76:
                    a1:1c:27:57:d0:3b:75:06:55:8f:5b:45:6b:59:bb:
                    e3:b6:d3:09:60:99:20:b5:c7:ed:34:dd:0c:8b:4f:
                    09:cd:cd:87:da:2c:61:01:36:f8:46:dc:86:b8:9d:
                    9d:7d:d9:0b:ad:1d:12:0b:75:e1:01:3d:d1:74:85:
                    e1:d7:29:b1:d4:66:f7:85:15:0d:f6:0b:f3:34:dd:
                    0d:5d:f1:e9:b0:38:ec:2c:cc:4c:d3:ec:13:1c:4d:
                    b0:d0:ea:6e:3e:bb:1f:e6:7a:33:af:ba:bd:aa:b7:
                    7e:c1:11:a7:96:32:8b:f0:a0:38:3f:53:1c:ea:7d:
                    67:99:20:5e:d0:9e:e3:3f:a0:9b:6c:01:7a:78:64:
                    a5:b4:c3:a1:b2:29:a5:9a:94:a0:52:11:2c:42:9b:
                    1b:12:be:57:39:7e:72:8e:50:19:62:ca:b0:50:3b:
                    12:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D5:06:4E:F6:89:9E:4E:A3:55:2D:5D:A7:FE:69:16:1C:68:8A:EB
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/vdUGTvaJnk6jVS1dp_5pFhxoius.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:700::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:f1:71:2e:32:34:45:65:4d:6c:dc:ff:fb:4c:4c:97:e0:45:
         8a:e0:a8:f5:f8:03:0e:ba:83:23:21:94:4e:7a:fb:a7:00:19:
         2b:8c:8e:c9:c1:95:fe:e4:22:ce:20:4a:4c:19:8e:36:0b:6d:
         81:7d:f5:11:b0:17:c5:7d:d4:0f:73:eb:05:ca:6d:4b:54:a2:
         99:56:4a:55:55:e2:6a:67:15:65:f0:6f:6a:83:5a:74:45:e0:
         c9:8c:a9:ea:88:74:50:46:e9:56:4e:73:46:0f:db:18:f8:1a:
         e0:79:4f:d6:3e:b1:a2:8e:6b:d3:46:fb:a2:ed:b2:4b:44:99:
         8b:cf:bc:02:ce:b9:df:68:92:a4:9b:fc:a2:33:bb:9b:d9:a3:
         f6:79:4e:f0:3f:76:23:14:3e:5a:17:e1:92:72:b1:3a:17:a9:
         9f:aa:95:9d:d9:cc:e8:c4:f2:dd:87:0e:2c:c1:6a:86:49:49:
         dc:e6:01:6c:5b:96:d3:7d:15:45:8d:a3:77:47:f3:3d:5b:3d:
         8e:6b:12:dc:18:8f:ce:81:c6:ba:85:c0:90:3e:7b:21:a7:bc:
         c5:56:7a:9d:f2:9c:d0:03:ed:83:b1:e5:d8:fe:81:b6:a7:27:
         d6:47:cf:e2:ed:2d:05:65:9a:55:38:61:c6:9b:99:83:23:fe:
         95:29:da:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJxx5yvmShNVTOWMfZ70HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGQ1MDY0ZWY2ODk5ZTRlYTM1NTJkNWRhN2ZlNjkxNjFjNjg4YWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOb1s9bwzNKKl/W9GMjC/QDLOeYp
ei65Qb0oT/gr75D0Lqvsz6EaY8Tkt28Vcnx9q8JlEBWvwTDv+wISDnDzhQHHiBCf
12EwyAazbFZtRYw5RsBBNQCFNXahHCdX0Dt1BlWPW0VrWbvjttMJYJkgtcftNN0M
i08Jzc2H2ixhATb4RtyGuJ2dfdkLrR0SC3XhAT3RdIXh1ymx1Gb3hRUN9gvzNN0N
XfHpsDjsLMxM0+wTHE2w0OpuPrsf5nozr7q9qrd+wRGnljKL8KA4P1Mc6n1nmSBe
0J7jP6CbbAF6eGSltMOhsimlmpSgUhEsQpsbEr5XOX5yjlAZYsqwUDsSlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL3VBk72iZ5Oo1UtXaf+aRYcaIrrMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvdmRVR1R2YUpuazZqVlMxZHBfNXBGaHhvaXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxgcA
MA0GCSqGSIb3DQEBCwUAA4IBAQBw8XEuMjRFZU1s3P/7TEyX4EWK4Kj1+AMOuoMj
IZROevunABkrjI7JwZX+5CLOIEpMGY42C22BffURsBfFfdQPc+sFym1LVKKZVkpV
VeJqZxVl8G9qg1p0ReDJjKnqiHRQRulWTnNGD9sY+BrgeU/WPrGijmvTRvui7bJL
RJmLz7wCzrnfaJKkm/yiM7ub2aP2eU7wP3YjFD5aF+GScrE6F6mfqpWd2czoxPLd
hw4swWqGSUnc5gFsW5bTfRVFjaN3R/M9Wz2OaxLcGI/Ogca6hcCQPnshp7zFVnqd
8pzQA+2DseXY/oG2pyfWR8/i7S0FZZpVOGHGm5mDI/6VKdr6
-----END CERTIFICATE-----