Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/wh8J7RB-BmB8aELJ3lFn9XJ00zw.roa
File:                     wh8J7RB-BmB8aELJ3lFn9XJ00zw.roa (raw, json)
Hash identifier:          OqqZhygKCmF503lAhK61n1l4VE+q41GXX/rk9zfL/YM=
Subject key identifier:   C2:1F:09:ED:10:7E:06:60:7C:68:42:C9:DE:51:67:F5:72:74:D3:3C
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018E61C1F659815A857C2D214A449B1E38C3
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/wh8J7RB-BmB8aELJ3lFn9XJ00zw.roa
Signing time:             Thu 21 Mar 2024 16:04:45 +0000
ROA not before:           Thu 21 Mar 2024 16:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     37739
IP address blocks:        2a12:8fc6:aca::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:c1:f6:59:81:5a:85:7c:2d:21:4a:44:9b:1e:38:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Mar 21 16:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c21f09ed107e06607c6842c9de5167f57274d33c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:86:df:73:fa:a3:90:49:a9:1d:7c:6f:44:6a:
                    ac:f8:ea:02:8c:d9:ba:5c:1f:8f:80:a6:81:9b:cf:
                    2e:26:b6:16:bf:e9:8e:d4:5d:31:28:ab:13:b3:69:
                    b0:ae:41:e3:d5:6b:d0:63:18:4e:79:40:99:f8:9c:
                    58:32:3c:46:24:d9:99:8c:83:f8:44:1c:e0:16:45:
                    cf:72:0b:93:5f:c6:bb:5b:c6:61:f2:6d:aa:a5:80:
                    9d:79:f1:10:4b:ca:fb:05:b6:33:6c:01:70:27:7c:
                    cf:22:40:f9:06:73:69:8b:04:a2:89:a9:cb:04:70:
                    d2:0f:f3:54:82:49:0e:de:0f:d1:86:d9:63:0c:37:
                    8a:f0:68:4b:71:04:3d:c9:d9:66:ed:74:16:ac:96:
                    e3:1a:3d:f9:3d:dd:d3:55:5c:90:7c:44:cc:c2:35:
                    15:bb:1a:08:a5:b0:bc:29:12:44:bf:2e:0d:9b:24:
                    e7:c4:97:a2:96:7b:cb:c9:de:de:c5:9a:d1:30:ed:
                    78:fc:71:25:3b:26:df:f9:85:8d:19:3e:34:6a:b0:
                    4a:a1:fd:b3:6b:ac:6e:28:e7:89:fe:1b:ac:be:63:
                    fe:3f:ec:2a:d8:e7:85:c1:8e:b5:cc:cd:eb:1c:9c:
                    8e:9b:d2:8b:a8:c3:8b:70:55:65:32:84:f5:01:18:
                    77:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:1F:09:ED:10:7E:06:60:7C:68:42:C9:DE:51:67:F5:72:74:D3:3C
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/wh8J7RB-BmB8aELJ3lFn9XJ00zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:aca::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:08:e2:4b:28:b4:8c:10:3a:ee:4f:6e:7d:fc:12:84:dd:f3:
         2f:86:65:7c:e2:c9:17:b5:0e:78:7a:f2:a7:c6:ad:15:de:32:
         79:ca:33:69:e3:0c:d5:18:b6:cb:c1:dd:8a:fb:ca:a0:e9:08:
         d3:8a:b6:68:23:4a:ba:86:f1:e8:36:8f:68:a0:5b:42:f9:e4:
         30:b6:38:0d:da:e3:ab:00:08:d2:1e:b7:5a:e1:be:8f:72:7d:
         2a:a4:bc:b7:20:7b:23:98:de:4c:6e:57:63:3b:d4:36:95:02:
         fc:14:cb:54:23:63:17:68:72:bd:2b:2a:ee:40:b4:96:0a:53:
         ff:2a:b8:46:ee:fe:fc:f9:02:8e:6b:e4:f7:fb:80:12:46:32:
         ae:0c:5c:e5:b5:79:d7:99:bb:fb:7a:6a:61:87:f8:9f:96:be:
         f5:60:f5:85:85:a0:f5:c7:26:a0:db:7c:b1:1f:36:93:8e:ba:
         b3:f2:f2:d6:19:08:32:b2:c2:20:39:63:5f:30:51:43:a4:e2:
         75:5b:a0:bd:53:be:d1:7f:68:82:18:07:c9:4f:0d:c8:5d:22:
         df:39:a8:ee:76:1f:c6:d9:9b:e7:1e:46:9b:08:c9:ca:20:c1:
         a9:06:e3:ea:fc:c8:77:d6:7a:fd:96:92:d9:53:51:3f:df:b4:
         62:46:56:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5hwfZZgVqFfC0hSkSbHjjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMzIxMTYwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjFmMDllZDEwN2UwNjYwN2M2ODQyYzlkZTUxNjdmNTcyNzRkMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIbfc/qjkEmpHXxvRGqs+OoCjNm6
XB+PgKaBm88uJrYWv+mO1F0xKKsTs2mwrkHj1WvQYxhOeUCZ+JxYMjxGJNmZjIP4
RBzgFkXPcguTX8a7W8Zh8m2qpYCdefEQS8r7BbYzbAFwJ3zPIkD5BnNpiwSiianL
BHDSD/NUgkkO3g/RhtljDDeK8GhLcQQ9ydlm7XQWrJbjGj35Pd3TVVyQfETMwjUV
uxoIpbC8KRJEvy4NmyTnxJeilnvLyd7exZrRMO14/HElOybf+YWNGT40arBKof2z
a6xuKOeJ/husvmP+P+wq2OeFwY61zM3rHJyOm9KLqMOLcFVlMoT1ARh3DQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMIfCe0QfgZgfGhCyd5RZ/VydNM8MB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvd2g4SjdSQi1CbUI4YUVMSjNsRm45WEowMHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxgrK
MA0GCSqGSIb3DQEBCwUAA4IBAQBoCOJLKLSMEDruT259/BKE3fMvhmV84skXtQ54
evKnxq0V3jJ5yjNp4wzVGLbLwd2K+8qg6QjTirZoI0q6hvHoNo9ooFtC+eQwtjgN
2uOrAAjSHrda4b6Pcn0qpLy3IHsjmN5MbldjO9Q2lQL8FMtUI2MXaHK9KyruQLSW
ClP/KrhG7v78+QKOa+T3+4ASRjKuDFzltXnXmbv7emphh/iflr71YPWFhaD1xyag
23yxHzaTjrqz8vLWGQgyssIgOWNfMFFDpOJ1W6C9U77Rf2iCGAfJTw3IXSLfOaju
dh/G2ZvnHkabCMnKIMGpBuPq/Mh31nr9lpLZU1E/37RiRlb/
-----END CERTIFICATE-----