Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/cBllttsSQnYz6p5qLULJF0wl5Wc.roa
File:                     cBllttsSQnYz6p5qLULJF0wl5Wc.roa (raw, json)
Hash identifier:          SzSS1n+KXjBJMsEOBptwnz+BzQlIlqBaAs+FDrh0wIs=
Subject key identifier:   70:19:65:B6:DB:12:42:76:33:EA:9E:6A:2D:42:C9:17:4C:25:E5:67
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3DE61EB308FBC61B1FEFC78BFCE7
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/cBllttsSQnYz6p5qLULJF0wl5Wc.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207780
IP address blocks:        2a12:3fc6::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3d:e6:1e:b3:08:fb:c6:1b:1f:ef:c7:8b:fc:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=701965b6db12427633ea9e6a2d42c9174c25e567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:3b:59:e3:4e:eb:27:56:02:8d:56:68:83:
                    49:e1:64:60:9c:9d:56:13:88:76:19:9c:37:22:db:
                    e8:98:f9:c3:35:75:b8:88:06:92:f4:95:5c:8b:31:
                    fd:c8:a0:db:40:56:04:99:8e:4e:d7:71:0b:0d:08:
                    e9:d3:1b:4a:97:9e:87:e9:6b:5f:79:0f:aa:b1:dd:
                    93:eb:ac:c5:1c:68:03:a9:f7:c7:0b:6d:49:54:4d:
                    04:64:ed:ed:bf:da:2a:4b:aa:57:41:f8:7b:e9:6e:
                    05:76:c7:33:62:9b:cf:55:4e:75:3e:0d:b4:1b:37:
                    dc:19:29:3d:da:02:50:3f:c2:2c:e5:a7:78:be:0e:
                    a8:1c:0f:8c:61:53:c3:f1:e3:df:45:ca:95:f9:ae:
                    fb:d7:50:b8:a5:9a:36:fc:6c:40:63:5e:0d:20:ff:
                    41:73:7a:02:05:25:aa:e0:b7:a5:59:ee:85:26:5f:
                    89:16:ad:27:46:50:f3:39:f6:a2:b6:57:02:d9:72:
                    20:71:e2:3c:4b:d7:79:92:e9:9b:bf:6c:0b:b3:ed:
                    69:76:65:18:b1:a3:f9:ea:72:d4:e2:96:f0:f9:05:
                    af:f4:d5:85:5d:06:cb:7e:72:77:30:69:f0:0a:8b:
                    f0:00:64:1d:d7:5d:ce:b2:f4:ed:2e:c5:bb:16:6c:
                    79:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:19:65:B6:DB:12:42:76:33:EA:9E:6A:2D:42:C9:17:4C:25:E5:67
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/cBllttsSQnYz6p5qLULJF0wl5Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc6::/44

    Signature Algorithm: sha256WithRSAEncryption
         60:c1:66:fa:30:c5:29:cb:89:20:0e:79:16:35:19:eb:36:eb:
         0f:50:97:cd:47:61:2f:2b:7c:ea:f0:7a:6b:a3:50:55:1e:e7:
         93:0e:22:12:40:58:75:05:df:d9:55:18:70:24:1b:7d:77:8b:
         81:81:a2:53:76:1d:99:1a:47:b0:6d:cc:de:42:30:47:0c:e6:
         82:c8:44:32:a6:ea:29:d9:c8:9b:fd:26:ad:d1:ad:49:f1:89:
         d4:5e:55:e7:b6:43:3e:77:f8:99:36:d0:0b:72:01:79:f6:9a:
         33:29:55:68:6c:81:e5:03:a2:98:3b:7a:e5:be:10:f8:b6:73:
         f2:ff:d9:21:d7:fd:e0:28:57:1e:93:d7:c9:cd:6d:e0:60:b1:
         96:f5:51:85:17:55:8d:e4:a2:99:07:68:35:81:a2:65:a5:40:
         1e:84:4f:e9:a7:48:34:38:e5:5a:c8:1b:b4:59:9b:ec:2e:09:
         9e:7d:a0:e4:90:14:9b:76:40:d2:f3:f6:9c:b0:df:bb:f5:49:
         38:be:7e:ea:f5:ce:18:25:c5:1f:69:17:6d:4d:54:48:6d:ca:
         34:fd:39:41:8f:f9:51:1c:1a:19:a7:06:cd:83:22:e8:fe:65:
         91:65:ee:6a:08:11:71:0b:49:aa:03:f5:24:2e:6c:8d:d4:cb:
         66:e8:40:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSz3mHrMI+8YbH+/Hi/znMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDE5NjViNmRiMTI0Mjc2MzNlYTllNmEyZDQyYzkxNzRjMjVlNTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnY7WeNO6ydWAo1WaINJ4WRgnJ1W
E4h2GZw3ItvomPnDNXW4iAaS9JVcizH9yKDbQFYEmY5O13ELDQjp0xtKl56H6Wtf
eQ+qsd2T66zFHGgDqffHC21JVE0EZO3tv9oqS6pXQfh76W4FdsczYpvPVU51Pg20
GzfcGSk92gJQP8Is5ad4vg6oHA+MYVPD8ePfRcqV+a7711C4pZo2/GxAY14NIP9B
c3oCBSWq4LelWe6FJl+JFq0nRlDzOfaitlcC2XIgceI8S9d5kumbv2wLs+1pdmUY
saP56nLU4pbw+QWv9NWFXQbLfnJ3MGnwCovwAGQd113OsvTtLsW7Fmx5xQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHAZZbbbEkJ2M+qeai1CyRdMJeVnMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvY0JsbHR0c1NRbll6NnA1cUxVTEpGMHdsNVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/xgAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBgwWb6MMUpy4kgDnkWNRnrNusPUJfNR2EvK3zq
8Hpro1BVHueTDiISQFh1Bd/ZVRhwJBt9d4uBgaJTdh2ZGkewbczeQjBHDOaCyEQy
puop2cib/Sat0a1J8YnUXlXntkM+d/iZNtALcgF59pozKVVobIHlA6KYO3rlvhD4
tnPy/9kh1/3gKFcek9fJzW3gYLGW9VGFF1WN5KKZB2g1gaJlpUAehE/pp0g0OOVa
yBu0WZvsLgmefaDkkBSbdkDS8/acsN+79Uk4vn7q9c4YJcUfaRdtTVRIbco0/TlB
j/lRHBoZpwbNgyLo/mWRZe5qCBFxC0mqA/UkLmyN1Mtm6EDb
-----END CERTIFICATE-----