Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vIANjG0774VB2_TgAfbG2Qm9Sdg.roa
File:                     vIANjG0774VB2_TgAfbG2Qm9Sdg.roa (raw, json)
Hash identifier:          X2IaT4in6i66sGqc8h/pCZQkGtfiV4EHEGojRTFggM4=
Subject key identifier:   BC:80:0D:8C:6D:3B:EF:85:41:DB:F4:E0:01:F6:C6:D9:09:BD:49:D8
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B360A9E7D4509E50E505BCC4FC082
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vIANjG0774VB2_TgAfbG2Qm9Sdg.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60666
IP address blocks:        2a12:3fc2:aa40::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 18:54:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:36:0a:9e:7d:45:09:e5:0e:50:5b:cc:4f:c0:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc800d8c6d3bef8541dbf4e001f6c6d909bd49d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a5:d9:42:3f:39:f5:f2:19:5f:05:d3:32:54:
                    f9:8e:ee:6f:51:03:36:9b:a2:2c:cd:f6:70:f6:88:
                    45:7f:0b:9b:ab:7a:30:e3:95:e4:dc:3c:92:d4:6a:
                    55:0c:34:b3:6e:77:85:44:fc:9b:f2:b8:18:08:3d:
                    be:f7:b7:2b:ca:ea:79:01:a6:fd:38:14:83:44:2e:
                    b3:be:ff:14:e5:4f:07:4d:45:5f:fd:1f:5d:e4:9e:
                    e1:34:8c:61:43:e8:75:c4:9d:39:78:9a:83:5f:f5:
                    6f:14:58:a9:32:66:cd:4b:60:e1:92:3b:f9:0e:bd:
                    7e:7c:c9:5a:24:86:57:28:37:cc:1d:b5:19:be:f2:
                    3b:c1:3a:c0:a4:66:47:99:2b:90:a3:38:84:69:b3:
                    b6:65:d4:e5:30:92:ba:b6:2f:67:29:ce:9f:be:ac:
                    60:5e:e0:c5:ad:f6:ed:3c:96:26:6c:aa:ce:b6:b3:
                    d9:2d:81:a7:49:10:b5:9a:53:25:89:51:d2:5e:8d:
                    eb:db:19:48:d6:fd:c3:db:f5:c4:ae:4d:df:03:b3:
                    ad:ff:ef:f3:52:8e:88:8d:b4:2c:39:e7:ae:a3:01:
                    b2:26:e1:5d:a8:63:a2:b5:2e:1e:e0:60:08:2f:24:
                    7a:e7:d9:0e:3a:b4:16:7c:8c:a8:7e:1b:46:32:f4:
                    b6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:80:0D:8C:6D:3B:EF:85:41:DB:F4:E0:01:F6:C6:D9:09:BD:49:D8
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vIANjG0774VB2_TgAfbG2Qm9Sdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:aa40::/44

    Signature Algorithm: sha256WithRSAEncryption
         b6:e7:42:4b:a0:94:ea:40:81:f8:f5:ec:58:d4:91:d5:68:c1:
         05:89:e0:c4:45:c7:03:ea:87:e9:dc:6a:f9:05:3c:22:9d:46:
         18:f7:af:ed:80:66:44:24:b0:90:93:85:07:54:3f:dc:97:22:
         5d:5e:85:a9:b6:fc:77:3e:8b:d1:de:aa:3f:58:df:6c:46:81:
         b1:38:d0:22:3e:38:6e:25:76:2b:c2:c7:d8:39:64:0f:18:35:
         ef:76:39:28:ac:f7:b3:7f:99:9a:9a:f7:68:01:3e:02:7e:be:
         fa:e9:f7:89:4c:d4:b8:dc:25:a9:89:38:f4:ea:8d:09:bb:d4:
         0f:5b:9f:e2:fd:47:78:84:86:ca:3b:8e:a0:f2:99:72:14:a4:
         42:bd:bc:df:56:dc:33:d9:e8:48:c6:c3:15:83:7f:cb:1c:83:
         51:e1:8a:4c:a5:66:13:ec:31:ac:f2:09:e9:12:21:5d:a0:81:
         03:20:c4:9e:36:04:47:f3:8e:d5:41:5b:1d:94:46:e0:97:45:
         ce:92:48:72:71:8e:bb:84:2d:0d:e3:98:5d:ca:39:07:8f:55:
         1e:80:e7:94:d1:e1:d3:08:2e:51:38:82:be:7e:1f:13:4c:73:
         3f:63:b9:6c:8a:d5:cc:02:e9:d4:82:ca:bf:ef:16:36:ce:e5:
         b8:f3:8c:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSzYKnn1FCeUOUFvMT8CCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzgwMGQ4YzZkM2JlZjg1NDFkYmY0ZTAwMWY2YzZkOTA5YmQ0OWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qXZQj859fIZXwXTMlT5ju5vUQM2
m6IszfZw9ohFfwubq3ow45Xk3DyS1GpVDDSzbneFRPyb8rgYCD2+97cryup5Aab9
OBSDRC6zvv8U5U8HTUVf/R9d5J7hNIxhQ+h1xJ05eJqDX/VvFFipMmbNS2Dhkjv5
Dr1+fMlaJIZXKDfMHbUZvvI7wTrApGZHmSuQoziEabO2ZdTlMJK6ti9nKc6fvqxg
XuDFrfbtPJYmbKrOtrPZLYGnSRC1mlMliVHSXo3r2xlI1v3D2/XErk3fA7Ot/+/z
Uo6IjbQsOeeuowGyJuFdqGOitS4e4GAILyR659kOOrQWfIyofhtGMvS2YQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLyADYxtO++FQdv04AH2xtkJvUnYMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvdklBTmpHMDc3NFZCMl9UZ0FmYkcyUW05U2RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/wqpA
MA0GCSqGSIb3DQEBCwUAA4IBAQC250JLoJTqQIH49exY1JHVaMEFieDERccD6ofp
3Gr5BTwinUYY96/tgGZEJLCQk4UHVD/clyJdXoWptvx3PovR3qo/WN9sRoGxONAi
PjhuJXYrwsfYOWQPGDXvdjkorPezf5mamvdoAT4Cfr766feJTNS43CWpiTj06o0J
u9QPW5/i/Ud4hIbKO46g8plyFKRCvbzfVtwz2ehIxsMVg3/LHINR4YpMpWYT7DGs
8gnpEiFdoIEDIMSeNgRH847VQVsdlEbgl0XOkkhycY67hC0N45hdyjkHj1UegOeU
0eHTCC5ROIK+fh8TTHM/Y7lsitXMAunUgsq/7xY2zuW484yi
-----END CERTIFICATE-----