Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/Gz-b9zFQbqkSWPjZ-YafZm1Qi6I.roa
File:                     Gz-b9zFQbqkSWPjZ-YafZm1Qi6I.roa (raw, json)
Hash identifier:          1AqmaN/OkXMA+XGP/65KmaZuN8ri7HHwysBRvbPS3vE=
Subject key identifier:   1B:3F:9B:F7:31:50:6E:A9:12:58:F8:D9:F9:86:9F:66:6D:50:8B:A2
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067F252B87E86A0B7E3C18271697C51
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/Gz-b9zFQbqkSWPjZ-YafZm1Qi6I.roa
Signing time:             Wed 01 Jan 2025 05:47:50 +0000
ROA not before:           Wed 01 Jan 2025 05:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215256
IP address blocks:        2a12:3fc5::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f2:52:b8:7e:86:a0:b7:e3:c1:82:71:69:7c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b3f9bf731506ea91258f8d9f9869f666d508ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:89:53:ae:c5:64:d9:45:16:95:42:8f:d0:18:
                    7b:d5:f2:ca:77:21:bd:b8:7e:2b:13:9b:8b:43:07:
                    49:f1:1d:17:1f:f1:00:56:a1:8b:16:87:b7:bf:99:
                    8f:8d:6d:03:37:16:3e:60:37:96:34:0c:27:57:0a:
                    1d:b2:11:71:44:4e:ca:b4:4e:d6:03:2d:be:57:7c:
                    f3:71:08:12:13:9e:62:9c:46:14:c1:8f:35:b8:38:
                    24:88:0a:7f:44:04:56:48:91:54:28:a6:ca:9e:ed:
                    bb:4b:5e:39:2f:86:17:2d:3e:7c:71:57:d2:fa:80:
                    a0:8d:29:26:e4:a6:43:b3:9d:da:4c:27:e5:d5:dd:
                    7b:c9:68:44:92:23:8b:2c:40:51:70:25:6f:d6:de:
                    06:84:45:7d:e2:c9:a7:1a:5c:6c:a7:31:5e:4b:51:
                    9f:7b:64:12:e5:ea:6a:9b:a4:ae:61:b3:55:ba:46:
                    8f:f3:bd:32:26:2b:cf:3b:f3:51:0f:21:00:cc:7a:
                    2a:e2:ba:95:5f:99:38:8d:10:e6:7d:13:7f:38:2d:
                    2f:fb:f2:70:8a:36:01:b3:1d:d9:9a:ba:64:0b:d0:
                    d2:53:70:39:e0:15:73:fc:ea:22:e9:b8:d1:c8:62:
                    c9:4a:7a:20:33:d9:55:99:e7:94:85:a3:84:0a:8e:
                    c3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:3F:9B:F7:31:50:6E:A9:12:58:F8:D9:F9:86:9F:66:6D:50:8B:A2
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/Gz-b9zFQbqkSWPjZ-YafZm1Qi6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:a9:6d:59:43:1d:aa:c6:e7:bf:e5:f9:2b:41:0c:bc:7c:da:
         aa:90:6d:28:24:58:cf:8c:ca:7b:e0:81:0d:eb:73:b5:cd:b8:
         e6:3d:27:60:0a:1e:ca:9e:66:19:54:2f:4f:9c:29:c5:3f:77:
         6a:7c:24:9b:b8:6c:a8:96:ac:b7:19:e7:53:dc:f8:d6:bc:c4:
         e3:45:97:ad:c7:6a:07:31:c2:bb:d1:e2:3a:87:35:11:b9:63:
         dd:0a:33:9b:7c:8c:22:d0:4a:b4:34:ea:d7:a3:a2:97:37:17:
         5a:f8:d9:88:a4:44:d4:44:c0:51:1a:04:29:3c:36:3b:ba:aa:
         16:a4:22:ce:7d:41:24:c8:87:14:42:cf:9c:81:bd:ef:9c:57:
         0a:b7:88:5d:c4:7d:08:52:90:74:94:38:ee:fc:5d:32:14:34:
         97:b7:19:64:ee:fc:88:e7:af:93:42:c2:b6:82:e1:ea:a1:b3:
         c5:b0:c2:03:f6:4f:e4:4e:49:5b:45:77:02:1e:f5:87:c5:47:
         51:25:85:9f:79:fb:15:71:6e:6f:df:a4:1a:49:6a:e4:bc:f7:
         d1:f3:ff:af:96:57:fb:e6:f6:aa:97:3d:a3:5a:12:1e:46:f2:
         26:3c:32:36:57:9d:fb:e8:94:36:b5:4f:50:4f:ca:d6:64:4e:
         42:60:2b:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgZ/JSuH6GoLfjwYJxaXxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjNmOWJmNzMxNTA2ZWE5MTI1OGY4ZDlmOTg2OWY2NjZkNTA4YmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4lTrsVk2UUWlUKP0Bh71fLKdyG9
uH4rE5uLQwdJ8R0XH/EAVqGLFoe3v5mPjW0DNxY+YDeWNAwnVwodshFxRE7KtE7W
Ay2+V3zzcQgSE55inEYUwY81uDgkiAp/RARWSJFUKKbKnu27S145L4YXLT58cVfS
+oCgjSkm5KZDs53aTCfl1d17yWhEkiOLLEBRcCVv1t4GhEV94smnGlxspzFeS1Gf
e2QS5epqm6SuYbNVukaP870yJivPO/NRDyEAzHoq4rqVX5k4jRDmfRN/OC0v+/Jw
ijYBsx3ZmrpkC9DSU3A54BVz/Ooi6bjRyGLJSnogM9lVmeeUhaOECo7DnQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBs/m/cxUG6pElj42fmGn2ZtUIuiMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvR3otYjl6RlFicWtTV1BqWi1ZYWZabTFRaTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhI/xTAN
BgkqhkiG9w0BAQsFAAOCAQEARaltWUMdqsbnv+X5K0EMvHzaqpBtKCRYz4zKe+CB
Detztc245j0nYAoeyp5mGVQvT5wpxT93anwkm7hsqJastxnnU9z41rzE40WXrcdq
BzHCu9HiOoc1Eblj3Qozm3yMItBKtDTq16OilzcXWvjZiKRE1ETAURoEKTw2O7qq
FqQizn1BJMiHFELPnIG975xXCreIXcR9CFKQdJQ47vxdMhQ0l7cZZO78iOevk0LC
toLh6qGzxbDCA/ZP5E5JW0V3Ah71h8VHUSWFn3n7FXFub9+kGklq5Lz30fP/r5ZX
++b2qpc9o1oSHkbyJjwyNled++iUNrVPUE/K1mROQmArVw==
-----END CERTIFICATE-----