Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/53Db6I9JbUfv2OZ17vlHehqFOrQ.roa
File:                     53Db6I9JbUfv2OZ17vlHehqFOrQ.roa (raw, json)
Hash identifier:          RPASF/gxsr2rfpyKqhglyjwmpPexvcyQFf2T7Mf463c=
Subject key identifier:   E7:70:DB:E8:8F:49:6D:47:EF:D8:E6:75:EE:F9:47:7A:1A:85:3A:B4
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067EB8128435BFDE44803B5E9993370
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/53Db6I9JbUfv2OZ17vlHehqFOrQ.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202408
IP address blocks:        2a12:3fc2:2b00::/40 maxlen: 48
                          2a12:3fc2:ab10::/44 maxlen: 48
                          2a12:3fc2:ab10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:eb:81:28:43:5b:fd:e4:48:03:b5:e9:99:33:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e770dbe88f496d47efd8e675eef9477a1a853ab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:75:56:44:1a:aa:2d:6b:ee:d1:f9:32:a0:45:
                    6d:f6:7b:5f:84:90:5a:d7:37:e6:1a:05:cd:4c:9a:
                    cf:e7:59:66:8f:f4:bb:e3:59:2c:21:87:e1:56:a5:
                    2a:b6:2e:fb:c3:3f:1b:2a:81:aa:fe:7a:ae:37:4e:
                    00:0d:bb:be:af:40:01:a8:f6:de:b5:24:db:d9:90:
                    fe:a4:c7:18:8d:27:58:aa:25:4e:2b:55:18:f1:11:
                    0b:6a:02:94:1a:5c:ab:58:d7:e9:d7:2e:6f:1f:93:
                    9d:19:f5:f1:ec:63:4f:8e:8b:b9:be:c3:1c:0f:a2:
                    26:21:83:93:00:dc:88:7b:40:c9:84:02:58:f5:ba:
                    f7:02:c5:df:57:12:44:2e:ad:e3:08:8b:0a:17:70:
                    e0:6e:71:ce:fd:1e:fc:3a:5c:bf:f1:50:3d:7e:3d:
                    07:ad:51:b2:65:ca:8c:82:05:72:69:e8:86:90:70:
                    8f:1b:22:56:35:20:da:36:f4:70:f7:db:f5:3e:60:
                    66:ef:d2:6a:b9:17:4e:65:60:20:e0:4d:ff:de:99:
                    d2:86:d8:33:50:0c:d3:90:53:70:17:19:48:ca:35:
                    ef:9e:8d:ac:72:39:d3:24:cf:f6:ec:1f:2f:0a:ad:
                    d2:9f:65:87:af:78:9a:2a:3d:9c:ff:89:34:21:5f:
                    79:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:70:DB:E8:8F:49:6D:47:EF:D8:E6:75:EE:F9:47:7A:1A:85:3A:B4
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/53Db6I9JbUfv2OZ17vlHehqFOrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:2b00::/40
                  2a12:3fc2:ab10::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:1f:77:31:e9:3b:d9:d6:2e:44:1b:3e:ac:53:fd:ea:c0:68:
         4e:36:9e:56:b1:8a:02:1e:8b:46:98:12:d5:38:06:6b:21:0b:
         06:4c:a6:7c:d5:53:a8:a2:4e:37:86:d8:eb:05:9c:b5:03:e3:
         5a:09:62:56:8c:62:c2:67:1c:4d:19:77:68:3f:84:e7:d1:ea:
         cb:48:0f:28:03:21:0b:a5:1b:e6:f7:fa:01:4b:ee:92:01:88:
         dc:05:a6:b3:e4:f1:dd:a5:fa:b0:a9:e6:4e:b3:f9:a9:d0:84:
         7b:e2:9b:36:c1:4c:fd:7d:24:fa:10:29:2a:8a:e0:fc:84:cd:
         4f:b4:79:3a:06:33:90:81:37:e0:31:f9:1f:2d:e1:94:4a:de:
         bf:26:0b:11:94:e8:a7:57:9d:9e:19:c6:02:71:f1:42:f8:97:
         9c:f7:02:f1:ab:c6:75:67:3e:97:d2:5f:59:8b:58:3b:87:02:
         26:6c:34:6a:bc:8b:60:cc:53:30:eb:a1:7b:38:b1:59:0a:b3:
         98:de:51:ae:c7:12:a0:e1:20:1a:50:44:5f:93:78:f9:53:1d:
         5d:40:60:24:1c:ea:3b:57:3a:d8:3d:f6:c8:9d:ea:98:d0:ad:
         f4:76:1c:2d:c8:c0:f3:a6:7b:01:d9:ac:7d:5f:e1:71:02:1b:
         be:18:dc:2c
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQgZ+uBKENb/eRIA7XpmTNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzcwZGJlODhmNDk2ZDQ3ZWZkOGU2NzVlZWY5NDc3YTFhODUzYWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8XVWRBqqLWvu0fkyoEVt9ntfhJBa
1zfmGgXNTJrP51lmj/S741ksIYfhVqUqti77wz8bKoGq/nquN04ADbu+r0ABqPbe
tSTb2ZD+pMcYjSdYqiVOK1UY8RELagKUGlyrWNfp1y5vH5OdGfXx7GNPjou5vsMc
D6ImIYOTANyIe0DJhAJY9br3AsXfVxJELq3jCIsKF3DgbnHO/R78Oly/8VA9fj0H
rVGyZcqMggVyaeiGkHCPGyJWNSDaNvRw99v1PmBm79JquRdOZWAg4E3/3pnShtgz
UAzTkFNwFxlIyjXvno2scjnTJM/27B8vCq3Sn2WHr3iaKj2c/4k0IV95GQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFOdw2+iPSW1H79jmde75R3oahTq0MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvNTNEYjZJOUpiVWZ2Mk9aMTd2bEhlaHFGT3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKhI/wisD
BwQqEj/CqxAwDQYJKoZIhvcNAQELBQADggEBAFUfdzHpO9nWLkQbPqxT/erAaE42
nlaxigIei0aYEtU4BmshCwZMpnzVU6iiTjeG2OsFnLUD41oJYlaMYsJnHE0Zd2g/
hOfR6stIDygDIQulG+b3+gFL7pIBiNwFprPk8d2l+rCp5k6z+anQhHvimzbBTP19
JPoQKSqK4PyEzU+0eToGM5CBN+Ax+R8t4ZRK3r8mCxGU6KdXnZ4ZxgJx8UL4l5z3
AvGrxnVnPpfSX1mLWDuHAiZsNGq8i2DMUzDroXs4sVkKs5jeUa7HEqDhIBpQRF+T
ePlTHV1AYCQc6jtXOtg99sid6pjQrfR2HC3IwPOmewHZrH1f4XECG74Y3Cw=
-----END CERTIFICATE-----