Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/yyv1D2qI27bauPstP8jHFSXNpeo.roa
File:                     yyv1D2qI27bauPstP8jHFSXNpeo.roa (raw, json)
Hash identifier:          Sxrzc1lcTsK9rH5txG2i/iG81mOTq4nJkLi0RU9h8Ls=
Subject key identifier:   CB:2B:F5:0F:6A:88:DB:B6:DA:B8:FB:2D:3F:C8:C7:15:25:CD:A5:EA
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CC727201FA88EFE7DEFCEA1175089950E
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/yyv1D2qI27bauPstP8jHFSXNpeo.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     328711
IP address blocks:        2a12:8fc6:c27a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:20:1f:a8:8e:fe:7d:ef:ce:a1:17:50:89:95:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb2bf50f6a88dbb6dab8fb2d3fc8c71525cda5ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d8:45:87:68:ac:dd:01:9b:64:79:4e:e6:80:
                    cd:6e:e9:3d:77:b9:f1:0e:35:09:6d:26:5b:7f:91:
                    28:16:22:87:52:9a:80:ba:2d:2e:ae:7b:df:e3:a8:
                    e7:6f:b5:7a:d5:27:df:1e:6c:03:e5:05:d4:8c:28:
                    46:a7:dd:a5:e2:de:88:b4:14:8c:15:8e:17:01:7f:
                    be:9b:45:07:cc:42:b0:00:3b:42:31:cc:06:35:19:
                    68:71:f5:31:13:03:76:8c:5e:da:09:96:d7:2b:f0:
                    92:24:f3:42:bc:8b:ad:39:79:ba:2c:13:64:2f:13:
                    8d:fd:1b:d0:2b:1e:1b:f2:be:d1:85:27:cd:2d:cd:
                    d6:ac:1a:5d:03:3e:17:87:df:fb:3b:8b:e1:c0:05:
                    c9:73:69:fe:b4:3d:91:f8:0e:57:96:44:7e:cd:46:
                    1d:c0:65:3f:23:43:73:c2:77:a5:49:b7:8f:6b:fa:
                    fd:34:ea:4b:22:9b:b0:ba:ab:aa:8c:16:fb:4d:34:
                    09:78:35:fe:88:57:d1:3b:a2:c8:e5:9a:62:03:6f:
                    62:a4:cc:29:67:fd:0b:e9:78:5a:38:fb:ff:31:91:
                    08:9f:17:19:b0:06:ee:b9:fe:d5:7d:3d:e0:13:9d:
                    1c:33:e3:98:79:65:35:43:03:8a:1b:96:ff:6a:69:
                    21:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:2B:F5:0F:6A:88:DB:B6:DA:B8:FB:2D:3F:C8:C7:15:25:CD:A5:EA
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/yyv1D2qI27bauPstP8jHFSXNpeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:c27a::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:36:11:86:ce:a1:93:07:c7:cd:4e:26:be:55:17:eb:9a:f3:
         d9:76:68:ac:92:df:3d:d3:97:1c:89:77:10:33:d2:cc:b7:a5:
         32:11:13:49:8e:11:b9:13:cb:36:1a:b8:aa:f8:01:24:3e:9b:
         1c:23:15:2f:f5:3d:8a:73:59:bd:01:4c:fc:b7:84:2c:c9:9f:
         4c:ec:f8:17:95:bb:d3:d3:5a:3c:ba:a0:aa:26:6b:83:52:b8:
         a1:c4:4e:b1:3c:4a:ca:80:32:e0:8c:1f:e6:43:e2:76:52:93:
         f2:1f:f4:e7:94:cd:a7:fe:bc:c9:9e:2e:20:62:44:c5:4a:10:
         99:e9:c2:9a:88:3c:21:b2:7d:58:1b:0d:f6:82:a0:e7:53:3f:
         1b:10:ca:8b:eb:20:79:c4:59:7f:54:b8:35:ea:c5:16:de:4d:
         af:10:68:33:12:d4:3b:e1:1c:60:8f:cb:d5:b6:4c:26:42:4a:
         6c:0d:09:d1:27:55:93:92:d7:ac:44:db:8b:70:6a:36:f9:e8:
         67:43:89:df:3b:8b:c4:8b:58:7e:0e:1c:5f:87:22:70:b2:f8:
         5f:53:12:9b:9d:9e:22:58:7d:ef:29:a7:2f:8d:51:49:34:17:
         71:cb:7a:f1:28:f4:a9:11:4c:07:8a:96:0f:79:23:19:08:06:
         60:14:33:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJyAfqI7+fe/OoRdQiZUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjJiZjUwZjZhODhkYmI2ZGFiOGZiMmQzZmM4YzcxNTI1Y2RhNWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9hFh2is3QGbZHlO5oDNbuk9d7nx
DjUJbSZbf5EoFiKHUpqAui0urnvf46jnb7V61SffHmwD5QXUjChGp92l4t6ItBSM
FY4XAX++m0UHzEKwADtCMcwGNRlocfUxEwN2jF7aCZbXK/CSJPNCvIutOXm6LBNk
LxON/RvQKx4b8r7RhSfNLc3WrBpdAz4Xh9/7O4vhwAXJc2n+tD2R+A5XlkR+zUYd
wGU/I0NzwnelSbePa/r9NOpLIpuwuquqjBb7TTQJeDX+iFfRO6LI5ZpiA29ipMwp
Z/0L6XhaOPv/MZEInxcZsAbuuf7VfT3gE50cM+OYeWU1QwOKG5b/amkhAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMsr9Q9qiNu22rj7LT/IxxUlzaXqMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEveXl2MUQycUkyN2JhdVBzdFA4akhGU1hOcGVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxsJ6
MA0GCSqGSIb3DQEBCwUAA4IBAQAzNhGGzqGTB8fNTia+VRfrmvPZdmiskt8905cc
iXcQM9LMt6UyERNJjhG5E8s2Griq+AEkPpscIxUv9T2Kc1m9AUz8t4QsyZ9M7PgX
lbvT01o8uqCqJmuDUrihxE6xPErKgDLgjB/mQ+J2UpPyH/TnlM2n/rzJni4gYkTF
ShCZ6cKaiDwhsn1YGw32gqDnUz8bEMqL6yB5xFl/VLg16sUW3k2vEGgzEtQ74Rxg
j8vVtkwmQkpsDQnRJ1WTktesRNuLcGo2+ehnQ4nfO4vEi1h+DhxfhyJwsvhfUxKb
nZ4iWH3vKacvjVFJNBdxy3rxKPSpEUwHipYPeSMZCAZgFDNp
-----END CERTIFICATE-----