Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/xLUb8C8bVOkpr7q64SBm-78jn6A.roa
File:                     xLUb8C8bVOkpr7q64SBm-78jn6A.roa (raw, json)
Hash identifier:          2KEYFJdXXETiYVBhmOpcuh0u5oPPV72Mle9moFbgm4Y=
Subject key identifier:   C4:B5:1B:F0:2F:1B:54:E9:29:AF:BA:BA:E1:20:66:FB:BF:23:9F:A0
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       0194228DE9B352E7AE776A8FDA9176341DF7
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/xLUb8C8bVOkpr7q64SBm-78jn6A.roa
Signing time:             Wed 01 Jan 2025 15:48:33 +0000
ROA not before:           Wed 01 Jan 2025 15:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     329249
IP address blocks:        2a12:8fc6:2491::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e9:b3:52:e7:ae:77:6a:8f:da:91:76:34:1d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 15:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4b51bf02f1b54e929afbabae12066fbbf239fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:dd:c1:fb:7f:6a:f9:c4:84:97:45:bb:9f:8d:
                    bd:bb:2a:88:f8:7d:91:de:c8:6c:42:d2:c0:8e:19:
                    ef:92:a1:38:c2:dd:89:35:dd:10:3b:ad:9c:56:e4:
                    59:c9:69:f8:8c:df:9f:82:e7:7b:7f:1d:df:08:10:
                    45:a8:f2:d7:00:5c:db:70:ba:0b:2a:eb:2c:f9:8d:
                    34:e2:35:bc:e0:f1:4c:4b:02:71:f3:d5:8c:7f:28:
                    9b:07:1a:b0:47:e9:7a:d9:c3:8b:f9:eb:2a:53:26:
                    a8:7d:00:6e:41:f2:47:c9:59:ec:a5:df:a8:51:f8:
                    a6:f8:53:5d:e5:18:cb:c0:45:6f:22:7b:3b:45:db:
                    24:7f:a8:40:ea:5d:7d:34:c1:b5:73:75:8b:73:9e:
                    3b:0a:c7:bd:5f:10:c8:e8:b9:9e:1f:54:b5:85:5e:
                    a6:b5:4c:9f:20:7d:42:da:b0:19:b5:fd:ed:fb:90:
                    57:7e:9a:33:8e:59:94:57:d3:68:df:70:27:32:31:
                    b4:c8:3c:cd:49:6f:56:59:0a:bc:91:ed:40:a2:57:
                    e7:84:bd:c7:6a:1c:3a:9b:05:56:41:c0:10:84:9a:
                    7d:fd:d6:cb:b1:af:e9:27:33:d9:9b:bd:60:c2:80:
                    e1:11:af:a5:57:ee:84:47:46:34:06:22:24:90:56:
                    73:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:B5:1B:F0:2F:1B:54:E9:29:AF:BA:BA:E1:20:66:FB:BF:23:9F:A0
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/xLUb8C8bVOkpr7q64SBm-78jn6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:2491::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:d9:4a:5f:fb:35:4d:fe:1d:8c:f9:cb:97:b9:42:6c:71:b3:
         8e:98:41:a1:fc:2c:23:60:df:21:77:3a:b0:c5:83:27:6a:18:
         a5:fd:70:97:7b:0e:84:04:65:7b:af:20:95:0e:96:36:9a:af:
         a0:44:c6:5f:2e:c7:30:58:6c:a1:1d:8c:87:72:3f:82:a8:aa:
         96:82:42:c8:fc:fc:ad:33:63:de:93:31:5c:75:4a:ff:f2:12:
         f8:1d:6c:77:5d:f0:64:8a:3e:3b:4b:0a:ec:ad:a2:39:5a:75:
         ea:96:50:10:ca:d5:6d:1c:bf:ed:e6:87:3e:21:0f:78:d2:a4:
         ee:65:73:11:fe:25:5a:5c:1d:f7:b1:ed:77:ea:92:be:2e:f4:
         1e:f0:6e:9f:3b:12:a4:2f:ee:dc:88:8d:ca:18:ef:fe:c0:b8:
         59:42:4d:7d:d7:cc:e9:17:db:30:1c:72:d3:fe:68:1e:9b:10:
         8c:95:91:9d:5a:6b:43:f4:f2:9b:c6:27:b7:40:bb:16:5e:ea:
         96:ac:51:76:42:66:dd:c3:17:36:f5:34:77:aa:c7:89:8a:93:
         4b:b8:10:0a:7b:60:7a:8d:c2:72:af:f2:82:45:ab:e1:78:ff:
         0d:74:dd:90:f3:4f:9a:a3:b5:1f:35:9b:cb:a1:d2:2f:0d:9d:
         50:4c:93:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijemzUueud2qP2pF2NB33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjUwMTAxMTU0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGI1MWJmMDJmMWI1NGU5MjlhZmJhYmFlMTIwNjZmYmJmMjM5ZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt3B+39q+cSEl0W7n429uyqI+H2R
3shsQtLAjhnvkqE4wt2JNd0QO62cVuRZyWn4jN+fgud7fx3fCBBFqPLXAFzbcLoL
Kuss+Y004jW84PFMSwJx89WMfyibBxqwR+l62cOL+esqUyaofQBuQfJHyVnspd+o
Ufim+FNd5RjLwEVvIns7Rdskf6hA6l19NMG1c3WLc547Cse9XxDI6LmeH1S1hV6m
tUyfIH1C2rAZtf3t+5BXfpozjlmUV9No33AnMjG0yDzNSW9WWQq8ke1AolfnhL3H
ahw6mwVWQcAQhJp9/dbLsa/pJzPZm71gwoDhEa+lV+6ER0Y0BiIkkFZzDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMS1G/AvG1TpKa+6uuEgZvu/I5+gMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEveExVYjhDOGJWT2twcjdxNjRTQm0tNzhqbjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxiSR
MA0GCSqGSIb3DQEBCwUAA4IBAQB72Upf+zVN/h2M+cuXuUJscbOOmEGh/CwjYN8h
dzqwxYMnahil/XCXew6EBGV7ryCVDpY2mq+gRMZfLscwWGyhHYyHcj+CqKqWgkLI
/PytM2PekzFcdUr/8hL4HWx3XfBkij47SwrsraI5WnXqllAQytVtHL/t5oc+IQ94
0qTuZXMR/iVaXB33se136pK+LvQe8G6fOxKkL+7ciI3KGO/+wLhZQk1918zpF9sw
HHLT/mgemxCMlZGdWmtD9PKbxie3QLsWXuqWrFF2Qmbdwxc29TR3qseJipNLuBAK
e2B6jcJyr/KCRavheP8NdN2Q80+ao7UfNZvLodIvDZ1QTJPi
-----END CERTIFICATE-----