Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/LT6oMW2Nzzj1P46JZlF7iLAisiA.roa
File:                     LT6oMW2Nzzj1P46JZlF7iLAisiA.roa (raw, json)
Hash identifier:          TeyfV9DBgn/ohIXg9KRz53rD6LMHcCa3mwqRuh0YAVY=
Subject key identifier:   2D:3E:A8:31:6D:8D:CF:38:F5:3F:8E:89:66:51:7B:88:B0:22:B2:20
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3E527AC5F8833BCA95780DD2CF79
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/LT6oMW2Nzzj1P46JZlF7iLAisiA.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208223
IP address blocks:        2a12:3fc2:df00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3e:52:7a:c5:f8:83:3b:ca:95:78:0d:d2:cf:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d3ea8316d8dcf38f53f8e8966517b88b022b220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:33:16:74:01:bc:7d:06:78:22:65:98:52:c7:
                    14:95:c9:7b:07:10:41:3c:c1:6a:fd:d3:58:fd:13:
                    ca:e2:ec:19:f1:10:46:4b:a4:cb:78:8e:5a:d5:22:
                    7d:7b:b1:96:17:6d:83:46:75:5d:f2:2c:5d:b7:9e:
                    7b:d7:cf:aa:48:7b:e3:ea:e3:f4:93:f6:68:f1:ef:
                    18:8a:9c:b9:f0:f1:3b:7f:53:8d:24:64:05:3c:00:
                    9a:c0:98:24:f8:82:e9:08:ee:b2:85:2f:a5:2a:26:
                    66:e1:ee:7b:0b:bc:1f:a0:30:af:95:8e:ef:b2:53:
                    0e:17:06:0b:6c:8e:1d:3f:bc:6f:34:50:bd:81:42:
                    f2:34:a0:c5:13:64:e9:f0:47:64:bb:e6:af:2b:ca:
                    ef:f9:f8:ff:1a:d4:05:c3:f2:d1:a0:7a:eb:76:d1:
                    15:6e:f5:74:e0:be:36:95:84:74:5c:e2:6d:b1:31:
                    dc:b7:6f:1d:e6:7c:c9:b7:78:27:bc:ef:a0:7a:57:
                    7f:e3:f8:8e:33:c6:04:4c:8b:de:d2:bb:4a:00:2a:
                    8d:e8:5a:b9:56:c9:e4:1b:bb:3b:3f:93:7a:43:18:
                    05:7c:61:1a:c2:ab:1c:99:4e:9a:ad:49:56:e6:8e:
                    a8:90:64:e5:32:e1:a0:1f:75:49:e1:7c:2d:77:b5:
                    6f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:3E:A8:31:6D:8D:CF:38:F5:3F:8E:89:66:51:7B:88:B0:22:B2:20
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/LT6oMW2Nzzj1P46JZlF7iLAisiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:df00::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:f5:54:e3:f9:eb:87:b4:c0:3a:5b:eb:af:a2:c0:c5:11:38:
         17:83:7f:24:b2:a2:9f:c5:2f:2e:dd:44:f6:70:84:77:5c:db:
         9d:b6:93:7e:4e:d6:8e:1e:60:ce:12:c3:12:26:af:a2:bb:40:
         4e:c6:ed:86:2c:80:6b:a7:48:bb:2b:c7:f7:85:84:d6:6d:00:
         21:66:ae:7e:1b:a1:41:01:b7:33:37:b8:f0:49:56:5a:da:94:
         70:2e:fb:b6:0c:84:1d:ce:7a:2b:df:97:38:61:52:40:23:8c:
         f2:d9:9a:2f:39:da:b0:b3:2b:8c:3a:41:cb:27:51:74:b8:e3:
         b3:8f:02:6b:f2:9a:5f:dd:64:68:fa:ec:55:e0:f2:5e:12:f1:
         f2:ed:3d:9d:5e:57:93:0e:60:a2:54:2e:41:cd:7d:89:12:31:
         86:fb:85:4a:8a:42:a9:e3:d1:40:85:46:94:4a:9c:67:8d:33:
         be:25:e7:d1:6b:de:99:c0:b6:da:51:da:8b:98:b3:3c:29:d1:
         53:5f:a5:3e:0e:f1:68:5d:4d:54:66:32:e8:2c:06:07:05:9c:
         81:83:55:84:a6:1b:70:e6:c2:88:b5:c2:75:32:f4:12:0a:8d:
         59:c0:0f:02:43:a0:66:7e:24:a5:f2:ff:45:1e:48:91:c2:42:
         64:a6:bc:e5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSz5SesX4gzvKlXgN0s95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDNlYTgzMTZkOGRjZjM4ZjUzZjhlODk2NjUxN2I4OGIwMjJiMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzMWdAG8fQZ4ImWYUscUlcl7BxBB
PMFq/dNY/RPK4uwZ8RBGS6TLeI5a1SJ9e7GWF22DRnVd8ixdt55718+qSHvj6uP0
k/Zo8e8Yipy58PE7f1ONJGQFPACawJgk+ILpCO6yhS+lKiZm4e57C7wfoDCvlY7v
slMOFwYLbI4dP7xvNFC9gULyNKDFE2Tp8Edku+avK8rv+fj/GtQFw/LRoHrrdtEV
bvV04L42lYR0XOJtsTHct28d5nzJt3gnvO+geld/4/iOM8YETIve0rtKACqN6Fq5
VsnkG7s7P5N6QxgFfGEawqscmU6arUlW5o6okGTlMuGgH3VJ4Xwtd7VvpQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC0+qDFtjc849T+OiWZRe4iwIrIgMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvTFQ2b01XMk56emoxUDQ2SlpsRjdpTEFpc2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/wt8w
DQYJKoZIhvcNAQELBQADggEBACT1VOP564e0wDpb66+iwMUROBeDfySyop/FLy7d
RPZwhHdc2522k35O1o4eYM4SwxImr6K7QE7G7YYsgGunSLsrx/eFhNZtACFmrn4b
oUEBtzM3uPBJVlralHAu+7YMhB3OeivflzhhUkAjjPLZmi852rCzK4w6QcsnUXS4
47OPAmvyml/dZGj67FXg8l4S8fLtPZ1eV5MOYKJULkHNfYkSMYb7hUqKQqnj0UCF
RpRKnGeNM74l59Fr3pnAttpR2ouYszwp0VNfpT4O8WhdTVRmMugsBgcFnIGDVYSm
G3Dmwoi1wnUy9BIKjVnADwJDoGZ+JKXy/0UeSJHCQmSmvOU=
-----END CERTIFICATE-----