Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/FlXu-17Wm4L0HR0umNSo84wJlWk.roa
File:                     FlXu-17Wm4L0HR0umNSo84wJlWk.roa (raw, json)
Hash identifier:          2TLDsftG/hxUTl33W9yrK34XvCQ5ujsflBhFw0CvbHE=
Subject key identifier:   16:55:EE:FB:5E:D6:9B:82:F4:1D:1D:2E:98:D4:A8:F3:8C:09:95:69
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067E192145DCCB07D6ECE086DE24152
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/FlXu-17Wm4L0HR0umNSo84wJlWk.roa
Signing time:             Wed 01 Jan 2025 05:47:46 +0000
ROA not before:           Wed 01 Jan 2025 05:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7721
IP address blocks:        2a12:3fc2:6600::/40 maxlen: 48
                          2a12:3fc2:6666::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e1:92:14:5d:cc:b0:7d:6e:ce:08:6d:e2:41:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1655eefb5ed69b82f41d1d2e98d4a8f38c099569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b8:a6:34:a8:2c:c4:95:f1:1a:6e:ba:e5:b6:
                    10:9c:db:06:c3:a0:3d:35:6f:ae:87:3e:14:9b:f8:
                    14:54:99:4f:55:c6:ae:06:95:32:a4:a3:9b:7a:4b:
                    c0:c6:24:46:38:82:2b:88:c7:35:32:e0:e7:cf:97:
                    91:73:c2:9e:04:92:d2:7f:07:41:95:4c:3f:8c:81:
                    cb:d7:05:b4:3c:62:59:c8:94:4c:40:63:1d:5d:9e:
                    58:d1:ca:30:e8:bc:c8:3d:ca:27:c7:e5:45:69:73:
                    91:af:7f:ce:1c:d7:21:1a:f0:66:b3:67:dd:29:f5:
                    78:74:cc:30:19:3d:8b:8c:2f:5a:82:a1:f4:38:de:
                    68:de:9f:77:d8:c7:96:69:f1:46:0d:29:6a:01:cb:
                    dc:d9:cf:1e:ef:e3:a9:46:33:4f:c9:b5:8d:d3:6c:
                    57:94:61:e9:0b:04:58:fc:88:df:9e:33:e5:4c:a8:
                    59:2b:5d:18:6d:7b:95:47:90:c1:0b:5a:c9:d5:fc:
                    87:48:50:06:14:20:f8:eb:e3:b3:11:b1:f6:f8:64:
                    2e:f9:46:b3:1a:c0:de:be:cb:f1:a0:6b:9c:2b:af:
                    9d:b1:b1:ed:0d:83:a7:77:9e:88:05:b5:fb:19:3d:
                    95:9d:99:13:63:15:1d:1f:92:a2:33:30:d9:3f:49:
                    ef:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:55:EE:FB:5E:D6:9B:82:F4:1D:1D:2E:98:D4:A8:F3:8C:09:95:69
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/FlXu-17Wm4L0HR0umNSo84wJlWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:6600::/40

    Signature Algorithm: sha256WithRSAEncryption
         03:af:9f:8a:c7:13:fd:82:6d:a7:be:98:49:81:1a:3d:be:f2:
         83:ed:69:83:01:8c:5a:21:4d:1f:0c:bf:48:58:93:c3:e5:c8:
         73:ba:90:19:5c:44:f7:f5:9b:93:6e:1b:fe:77:75:15:df:bb:
         4d:ae:d0:0d:dc:9f:18:91:78:fa:23:8e:10:d1:2d:67:98:ab:
         39:d2:a1:ec:a4:32:13:0c:29:74:c8:c1:ab:50:9b:89:5b:be:
         6f:75:1b:66:e0:f0:b3:56:4e:4f:ff:53:39:92:bc:e8:6a:94:
         91:fc:f7:49:3d:0d:7b:fc:f4:af:37:49:f1:62:c6:4d:85:39:
         0b:a7:87:0c:11:96:cc:48:e2:33:1b:04:ae:b7:91:27:b5:2b:
         e5:dc:b6:e4:f1:eb:12:a0:c7:8e:b4:89:52:da:f0:b7:fb:ad:
         c1:77:53:d5:6f:60:17:8a:ce:1c:40:91:9c:b7:a2:d7:50:c7:
         e1:f5:85:72:79:e9:92:d2:30:d8:4c:a5:65:45:6c:bf:fa:54:
         3f:9d:8c:89:a5:28:75:9d:5e:b5:a4:75:90:99:db:5c:8e:5b:
         fa:85:25:0f:42:64:dd:67:a8:d8:df:3b:f8:8f:bc:dd:bd:19:
         5e:17:f0:ff:71:77:e7:b9:91:bd:55:44:26:8b:fd:ac:a6:fe:
         ea:8b:b3:03
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQgZ+GSFF3MsH1uzght4kFSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjU1ZWVmYjVlZDY5YjgyZjQxZDFkMmU5OGQ0YThmMzhjMDk5NTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrimNKgsxJXxGm665bYQnNsGw6A9
NW+uhz4Um/gUVJlPVcauBpUypKObekvAxiRGOIIriMc1MuDnz5eRc8KeBJLSfwdB
lUw/jIHL1wW0PGJZyJRMQGMdXZ5Y0cow6LzIPconx+VFaXORr3/OHNchGvBms2fd
KfV4dMwwGT2LjC9agqH0ON5o3p932MeWafFGDSlqAcvc2c8e7+OpRjNPybWN02xX
lGHpCwRY/IjfnjPlTKhZK10YbXuVR5DBC1rJ1fyHSFAGFCD46+OzEbH2+GQu+Uaz
GsDevsvxoGucK6+dsbHtDYOnd56IBbX7GT2VnZkTYxUdH5KiMzDZP0nvkQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBZV7vte1puC9B0dLpjUqPOMCZVpMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvRmxYdS0xN1dtNEwwSFIwdW1OU284NHdKbFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/wmYw
DQYJKoZIhvcNAQELBQADggEBAAOvn4rHE/2Cbae+mEmBGj2+8oPtaYMBjFohTR8M
v0hYk8PlyHO6kBlcRPf1m5NuG/53dRXfu02u0A3cnxiRePojjhDRLWeYqznSoeyk
MhMMKXTIwatQm4lbvm91G2bg8LNWTk//UzmSvOhqlJH890k9DXv89K83SfFixk2F
OQunhwwRlsxI4jMbBK63kSe1K+XctuTx6xKgx460iVLa8Lf7rcF3U9VvYBeKzhxA
kZy3otdQx+H1hXJ56ZLSMNhMpWVFbL/6VD+djImlKHWdXrWkdZCZ21yOW/qFJQ9C
ZN1nqNjfO/iPvN29GV4X8P9xd+e5kb1VRCaL/aym/uqLswM=
-----END CERTIFICATE-----