Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/1-clxQ5FRBuXfTCI96k7NQmsvqPI.roa
File:                     1-clxQ5FRBuXfTCI96k7NQmsvqPI.roa (raw, json)
Hash identifier:          +4Z7J09L3SGSp1PJJm4ThLup+qse+s3TOx8+jnMpWBY=
Subject key identifier:   F9:C9:71:43:91:51:06:E5:DF:4C:22:3D:EA:4E:CD:42:6B:2F:A8:F2
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067E5303142B9498BF0CF10C189745A
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/1-clxQ5FRBuXfTCI96k7NQmsvqPI.roa
Signing time:             Wed 01 Jan 2025 05:47:47 +0000
ROA not before:           Wed 01 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57330
IP address blocks:        2a12:3fc6::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e5:30:31:42:b9:49:8b:f0:cf:10:c1:89:74:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9c97143915106e5df4c223dea4ecd426b2fa8f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:fe:44:c8:5d:06:52:f9:ae:f6:9c:c5:5c:e7:
                    fc:3d:5e:3e:d0:9c:dc:bf:2e:b4:df:87:28:17:e7:
                    1f:00:8b:71:8d:71:d1:49:7f:65:c4:d0:46:53:7a:
                    0b:f7:06:8b:a2:88:76:e5:2a:fb:cb:57:34:f7:a1:
                    db:58:08:16:f7:8d:de:67:29:02:6c:14:63:14:78:
                    75:20:8b:31:19:05:73:c2:c4:c9:a8:64:5d:5b:d2:
                    a7:74:e5:f3:f1:b0:57:17:4e:f9:39:11:df:b7:bc:
                    7b:b9:a9:c7:80:fc:ab:2c:ee:c3:fc:da:29:19:29:
                    75:63:0c:9c:d6:2a:9b:cc:ce:4c:53:b5:44:a7:8c:
                    e5:39:f7:6b:e3:43:64:ab:23:47:a9:84:4d:1b:8d:
                    74:10:47:61:43:30:15:55:57:02:d9:cc:99:0b:16:
                    9f:ec:70:bc:1b:b9:b1:d2:7a:fd:37:0b:83:2c:e1:
                    a1:a3:db:99:2b:53:1b:f4:e7:28:ca:3d:84:1d:84:
                    a7:6a:53:6e:8d:81:a0:47:04:e3:1a:fd:e7:8e:c7:
                    c0:8f:89:2e:77:e3:ed:1f:a1:e5:50:c0:3f:6d:70:
                    6b:3f:37:99:8f:3d:05:1e:e9:8c:e7:4f:c9:8b:57:
                    0b:44:29:94:31:54:5d:f4:eb:dd:e5:29:8a:3a:62:
                    74:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C9:71:43:91:51:06:E5:DF:4C:22:3D:EA:4E:CD:42:6B:2F:A8:F2
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/1-clxQ5FRBuXfTCI96k7NQmsvqPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc6::/44

    Signature Algorithm: sha256WithRSAEncryption
         03:f2:65:4f:58:e7:a1:47:f8:d1:d0:47:fe:c0:fc:1d:1c:5e:
         3f:dc:4c:e7:07:cd:7c:23:dc:75:f5:75:80:21:b8:1e:11:cd:
         cd:4c:bb:06:f6:ad:9f:1e:7f:cc:70:73:f9:25:69:93:1b:9e:
         90:1f:8d:80:46:d6:06:94:a0:f1:68:de:90:25:3b:89:7e:43:
         46:2b:0f:20:e4:06:fb:4f:74:c9:b7:29:80:98:be:45:7f:8c:
         15:b9:0e:ee:e9:9c:4f:5f:57:49:72:ef:39:2c:f6:14:7d:68:
         4c:d6:b7:12:78:c0:38:ae:f0:b2:b4:28:d5:54:8a:8f:64:97:
         9b:da:a6:88:b8:e6:5a:f7:a1:70:de:d8:9d:3e:71:fc:63:18:
         3c:a6:85:63:9b:c7:58:b7:20:4b:7e:2d:75:d0:40:d3:b5:b5:
         13:27:c7:20:41:fb:f8:be:ec:3e:16:83:21:83:45:ba:25:a4:
         e7:12:c2:02:85:5f:1d:49:e2:f8:50:0e:bf:0f:ee:54:86:96:
         f1:8d:f1:39:69:fe:43:bf:3b:4c:18:ef:76:a5:2a:32:27:a1:
         ea:32:0a:ad:7e:af:0a:e1:d3:9f:88:05:bb:63:5e:42:c7:78:
         e8:00:1f:fe:ce:84:dc:1a:1c:3f:ab:68:31:f9:fc:bb:cc:c6:
         bd:e7:ca:f7
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQgZ+UwMUK5SYvwzxDBiXRaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWM5NzE0MzkxNTEwNmU1ZGY0YzIyM2RlYTRlY2Q0MjZiMmZhOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzP5EyF0GUvmu9pzFXOf8PV4+0Jzc
vy6034coF+cfAItxjXHRSX9lxNBGU3oL9waLooh25Sr7y1c096HbWAgW943eZykC
bBRjFHh1IIsxGQVzwsTJqGRdW9KndOXz8bBXF075ORHft7x7uanHgPyrLO7D/Nop
GSl1Ywyc1iqbzM5MU7VEp4zlOfdr40NkqyNHqYRNG410EEdhQzAVVVcC2cyZCxaf
7HC8G7mx0nr9NwuDLOGho9uZK1Mb9Ocoyj2EHYSnalNujYGgRwTjGv3njsfAj4ku
d+PtH6HlUMA/bXBrPzeZjz0FHumM50/Ji1cLRCmUMVRd9Ovd5SmKOmJ0JQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPnJcUORUQbl30wiPepOzUJrL6jyMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvMS1jbHhRNUZSQnVYZlRDSTk2azdOUW1zdnFQSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODMvMzA4ODNhLTE2ZDctNDIxMi05MTk5LTA5ZDBhYTI4ZTU1
MS8xL2VZOTdIOWdDczl4cXZYcGMybmhxWXhIaDFqMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoSP8YA
ADANBgkqhkiG9w0BAQsFAAOCAQEAA/JlT1jnoUf40dBH/sD8HRxeP9xM5wfNfCPc
dfV1gCG4HhHNzUy7Bvatnx5/zHBz+SVpkxuekB+NgEbWBpSg8WjekCU7iX5DRisP
IOQG+090ybcpgJi+RX+MFbkO7umcT19XSXLvOSz2FH1oTNa3EnjAOK7wsrQo1VSK
j2SXm9qmiLjmWvehcN7YnT5x/GMYPKaFY5vHWLcgS34tddBA07W1EyfHIEH7+L7s
PhaDIYNFuiWk5xLCAoVfHUni+FAOvw/uVIaW8Y3xOWn+Q787TBjvdqUqMieh6jIK
rX6vCuHTn4gFu2NeQsd46AAf/s6E3BocP6toMfn8u8zGvefK9w==
-----END CERTIFICATE-----