Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/3VyxR2gePiGJttTPEQrzSpZrN3c.roa
File:                     3VyxR2gePiGJttTPEQrzSpZrN3c.roa (raw, json)
Hash identifier:          C3U3Fj1QjZEDAFfuu2p266yGYKScx5yDzTJa+vpA2Os=
Subject key identifier:   DD:5C:B1:47:68:1E:3E:21:89:B6:D4:CF:11:0A:F3:4A:96:6B:37:77
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B397CBF99CDEAE97001647B90CF4F
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/3VyxR2gePiGJttTPEQrzSpZrN3c.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202229
IP address blocks:        2a12:3fc2:aa90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:39:7c:bf:99:cd:ea:e9:70:01:64:7b:90:cf:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd5cb147681e3e2189b6d4cf110af34a966b3777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cd:7f:bf:fd:03:20:9d:93:cb:9d:0f:d9:66:
                    4d:ff:5e:68:3a:14:1d:96:4b:21:2f:20:ae:7d:74:
                    61:04:f6:e9:50:87:91:cd:9a:cf:0b:f5:eb:e1:c1:
                    7d:ef:bb:bf:be:97:c8:e5:21:93:52:22:48:d3:5b:
                    9b:9f:3a:49:1d:55:b8:c0:10:10:62:e6:e7:cc:46:
                    73:4f:de:e0:90:04:ea:a9:30:18:39:5c:bd:00:af:
                    90:a6:12:45:d8:fe:f2:29:b0:5a:01:06:e6:ba:fc:
                    82:b4:c3:a3:25:bf:fa:fc:48:21:02:73:5c:f2:7c:
                    fd:d9:85:aa:58:2c:f3:ce:36:8c:ee:fb:ea:b4:7b:
                    00:a0:45:28:50:4e:32:f8:92:50:f3:b2:32:4f:e6:
                    21:de:8c:10:ec:85:44:37:f4:8b:e1:59:eb:44:e5:
                    ee:31:61:c5:b9:ab:16:74:ff:fd:d7:a1:f8:8c:28:
                    12:86:f9:95:30:c0:b2:68:48:94:f8:74:7b:0b:11:
                    52:75:3b:d1:c1:ad:f6:ef:0b:86:f8:d1:88:8b:7d:
                    58:6c:24:51:89:b1:27:02:e8:26:5f:33:35:e4:55:
                    d1:88:f6:80:41:ec:e6:56:e0:67:0f:fb:94:2e:e8:
                    ca:72:ba:8f:23:36:1e:69:4e:30:76:75:16:d4:49:
                    c4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:5C:B1:47:68:1E:3E:21:89:B6:D4:CF:11:0A:F3:4A:96:6B:37:77
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/3VyxR2gePiGJttTPEQrzSpZrN3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:aa90::/44

    Signature Algorithm: sha256WithRSAEncryption
         08:5b:df:e8:cc:df:4b:f0:e5:c2:94:d2:4a:0a:08:0f:81:32:
         57:72:18:af:e5:11:ff:ea:88:10:ff:75:66:ea:a9:4e:33:9e:
         69:b1:bf:f2:9a:b0:4a:b8:a7:0a:77:04:26:ce:97:51:44:e6:
         bd:0e:1f:71:f0:50:b8:d9:6a:04:ac:e6:71:eb:4a:a1:6e:14:
         a5:80:5b:94:8d:e6:18:5e:2e:08:8b:a2:f6:40:13:c4:98:ad:
         a5:04:40:94:3a:9a:41:2d:45:46:66:c6:02:c6:e9:2e:cd:98:
         5f:85:0f:f7:bf:d2:7b:16:06:1a:4f:36:95:cd:82:94:f8:b0:
         4a:3e:e8:4d:2f:60:15:ce:eb:7c:c5:cf:76:93:fb:98:8d:01:
         72:67:f1:17:0a:d1:a5:e9:07:c7:cb:5d:09:63:02:62:b0:ea:
         ca:e6:ae:a1:a7:51:32:52:5a:c1:13:20:78:d3:e2:f9:f1:66:
         fc:bd:87:4b:c0:c7:65:80:8f:63:dc:1c:c7:5b:dd:78:13:25:
         64:fa:b8:b5:8f:b3:5e:69:f2:d7:00:d1:d5:64:81:77:1f:80:
         df:c4:fc:a7:c3:c0:cb:57:05:b6:86:0f:43:8d:a7:3d:ac:a2:
         30:ef:da:90:47:6a:a1:f4:e1:26:41:40:2c:9d:7a:d3:39:38:
         26:b3:5c:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSzl8v5nN6ulwAWR7kM9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDVjYjE0NzY4MWUzZTIxODliNmQ0Y2YxMTBhZjM0YTk2NmIzNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc1/v/0DIJ2Ty50P2WZN/15oOhQd
lkshLyCufXRhBPbpUIeRzZrPC/Xr4cF977u/vpfI5SGTUiJI01ubnzpJHVW4wBAQ
YubnzEZzT97gkATqqTAYOVy9AK+QphJF2P7yKbBaAQbmuvyCtMOjJb/6/EghAnNc
8nz92YWqWCzzzjaM7vvqtHsAoEUoUE4y+JJQ87IyT+Yh3owQ7IVEN/SL4VnrROXu
MWHFuasWdP/916H4jCgShvmVMMCyaEiU+HR7CxFSdTvRwa327wuG+NGIi31YbCRR
ibEnAugmXzM15FXRiPaAQezmVuBnD/uULujKcrqPIzYeaU4wdnUW1EnELQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN1csUdoHj4hibbUzxEK80qWazd3MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvM1Z5eFIyZ2VQaUdKdHRUUEVRcnpTcFpyTjNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/wqqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAIW9/ozN9L8OXClNJKCggPgTJXchiv5RH/6ogQ
/3Vm6qlOM55psb/ymrBKuKcKdwQmzpdRROa9Dh9x8FC42WoErOZx60qhbhSlgFuU
jeYYXi4Ii6L2QBPEmK2lBECUOppBLUVGZsYCxukuzZhfhQ/3v9J7FgYaTzaVzYKU
+LBKPuhNL2AVzut8xc92k/uYjQFyZ/EXCtGl6QfHy10JYwJisOrK5q6hp1EyUlrB
EyB40+L58Wb8vYdLwMdlgI9j3BzHW914EyVk+ri1j7NeafLXANHVZIF3H4DfxPyn
w8DLVwW2hg9Djac9rKIw79qQR2qh9OEmQUAsnXrTOTgms1xi
-----END CERTIFICATE-----