Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/8lOMJsbQ9M8szp2qR5MtnVxi-1Y.roa
File:                     8lOMJsbQ9M8szp2qR5MtnVxi-1Y.roa (raw, json)
Hash identifier:          4YMSA1gaPrMPsRU+9OT/2UJCSgwqNWajJwZLAmlsOEE=
Subject key identifier:   F2:53:8C:26:C6:D0:F4:CF:2C:CE:9D:AA:47:93:2D:9D:5C:62:FB:56
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B36CEC124D7E3CC95128C5F2675EE
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/8lOMJsbQ9M8szp2qR5MtnVxi-1Y.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138517
IP address blocks:        2a12:3fc2:dd00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:36:ce:c1:24:d7:e3:cc:95:12:8c:5f:26:75:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2538c26c6d0f4cf2cce9daa47932d9d5c62fb56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:70:b2:c4:35:c4:ed:d9:82:e6:f0:b9:96:3f:
                    86:45:84:41:77:f2:24:c1:41:28:97:a4:96:c2:b0:
                    d3:5f:13:47:a0:4c:18:e6:da:10:20:4b:c7:8c:95:
                    27:d4:ce:bb:83:bd:ba:6e:2e:99:2d:1e:14:af:cc:
                    df:89:02:9a:8d:75:a9:56:9b:90:2c:98:6f:98:01:
                    64:08:8d:67:ea:61:3c:1f:ee:82:75:ca:98:e5:21:
                    a0:79:f7:cc:9a:b0:1b:f7:80:0b:cb:f8:94:7b:c9:
                    c4:e7:3c:d0:0a:9d:4e:86:ee:ad:ec:90:05:7a:5f:
                    d2:1e:70:52:de:13:84:79:e7:b2:ea:38:16:04:60:
                    84:69:1a:0f:56:09:54:32:61:7a:5c:79:3c:ba:60:
                    5f:c3:4b:47:7b:52:62:bf:24:6d:d9:87:21:61:0f:
                    f6:bb:e8:7e:10:ce:d3:f6:21:ba:dd:9d:9b:5a:59:
                    d7:3f:8f:c8:bc:8e:db:29:bd:3d:7a:73:cd:63:40:
                    7a:f0:b1:ff:96:92:de:1c:1c:64:80:eb:1b:12:35:
                    31:44:5b:cd:06:c2:46:a0:d9:1f:85:44:7c:92:85:
                    d5:4b:a0:ee:86:d0:4b:b6:34:8f:99:4b:ea:fe:c6:
                    b7:fc:87:ab:a2:31:67:fd:93:03:7e:0a:dc:b7:ba:
                    da:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:53:8C:26:C6:D0:F4:CF:2C:CE:9D:AA:47:93:2D:9D:5C:62:FB:56
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/8lOMJsbQ9M8szp2qR5MtnVxi-1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:dd00::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:d2:cb:05:bb:8e:6b:22:68:60:06:d6:6f:3c:b1:77:79:55:
         4a:e2:3a:47:e2:d8:5a:b1:ff:2f:c1:fc:17:e1:ca:12:77:fa:
         d8:fa:b7:77:2a:33:c6:64:e6:19:b8:df:ca:83:d0:6b:d9:5c:
         22:2a:b9:a5:dd:bb:62:b0:74:08:6a:f5:31:2e:2a:c3:9e:e1:
         31:f8:cd:82:22:6f:10:28:9e:c6:3d:4a:3e:02:71:70:f4:1e:
         5b:e5:b8:6e:98:26:84:80:10:28:53:6d:5b:f0:34:2f:be:10:
         b7:56:80:4c:e0:8f:d3:e1:f6:a6:b4:cc:02:7c:05:25:d6:50:
         8c:9a:21:b0:24:68:37:a5:e1:97:58:f8:76:e8:fd:e4:cd:30:
         36:c7:93:98:04:09:7e:37:99:f5:52:75:10:06:36:a9:de:f3:
         97:44:c0:93:38:6a:08:4c:dc:d6:be:10:71:0e:4d:e7:ab:8f:
         42:6b:ed:d9:9c:3f:0a:69:c8:1c:4c:69:50:9e:46:e9:0c:bd:
         20:35:bd:e7:e5:bd:20:1c:d9:f7:fa:c9:21:c4:ba:7c:33:f3:
         7d:f7:46:09:38:ce:99:22:7a:0b:10:d2:ca:27:04:11:db:a0:
         7c:fe:e6:09:9e:c7:a5:90:e8:fd:8a:6c:7c:3a:52:6f:57:7e:
         b6:ed:72:ab
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSzbOwSTX48yVEoxfJnXuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjUzOGMyNmM2ZDBmNGNmMmNjZTlkYWE0NzkzMmQ5ZDVjNjJmYjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknCyxDXE7dmC5vC5lj+GRYRBd/Ik
wUEol6SWwrDTXxNHoEwY5toQIEvHjJUn1M67g726bi6ZLR4Ur8zfiQKajXWpVpuQ
LJhvmAFkCI1n6mE8H+6CdcqY5SGgeffMmrAb94ALy/iUe8nE5zzQCp1Ohu6t7JAF
el/SHnBS3hOEeeey6jgWBGCEaRoPVglUMmF6XHk8umBfw0tHe1JivyRt2YchYQ/2
u+h+EM7T9iG63Z2bWlnXP4/IvI7bKb09enPNY0B68LH/lpLeHBxkgOsbEjUxRFvN
BsJGoNkfhUR8koXVS6DuhtBLtjSPmUvq/sa3/IerojFn/ZMDfgrct7raeQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPJTjCbG0PTPLM6dqkeTLZ1cYvtWMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvOGxPTUpzYlE5TThzenAycVI1TXRuVnhpLTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/wt0w
DQYJKoZIhvcNAQELBQADggEBAALSywW7jmsiaGAG1m88sXd5VUriOkfi2Fqx/y/B
/BfhyhJ3+tj6t3cqM8Zk5hm438qD0GvZXCIquaXdu2KwdAhq9TEuKsOe4TH4zYIi
bxAonsY9Sj4CcXD0HlvluG6YJoSAEChTbVvwNC++ELdWgEzgj9Ph9qa0zAJ8BSXW
UIyaIbAkaDel4ZdY+Hbo/eTNMDbHk5gECX43mfVSdRAGNqne85dEwJM4aghM3Na+
EHEOTeerj0Jr7dmcPwppyBxMaVCeRukMvSA1veflvSAc2ff6ySHEunwz8333Rgk4
zpkiegsQ0sonBBHboHz+5gmex6WQ6P2KbHw6Um9Xfrbtcqs=
-----END CERTIFICATE-----