Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/c_FoCQObkQ4Vxave_pYU_UrBPcY.roa
File:                     c_FoCQObkQ4Vxave_pYU_UrBPcY.roa (raw, json)
Hash identifier:          H0d2KCgxZ+tFBCJcFvpYqUdjqrM3OKkVbfM4TimW9o4=
Subject key identifier:   73:F1:68:09:03:9B:91:0E:15:C5:AB:DE:FE:96:14:FD:4A:C1:3D:C6
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B37F9146FD5DBC8828B9411573496
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/c_FoCQObkQ4Vxave_pYU_UrBPcY.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200592
IP address blocks:        2a12:3fc2:e300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:37:f9:14:6f:d5:db:c8:82:8b:94:11:57:34:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73f16809039b910e15c5abdefe9614fd4ac13dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:67:20:ff:d6:f1:1c:c9:b3:c7:5b:92:38:41:
                    75:8b:f2:98:7f:bd:66:7e:3f:a0:64:20:b3:50:34:
                    9f:70:80:f7:01:ba:73:3a:de:6f:64:e3:06:f4:21:
                    c8:4b:23:77:a8:55:ef:b9:ef:b8:d0:d9:1f:3c:e7:
                    b0:60:38:d3:3c:2c:94:05:86:62:aa:15:5b:8b:3c:
                    cf:97:90:67:37:ea:31:86:55:f7:ea:84:8e:be:91:
                    1a:db:ea:eb:fd:dd:ed:d1:6d:5b:d7:a5:f5:b3:b8:
                    17:fd:02:b6:72:25:27:f1:0f:33:f1:f8:0d:a2:84:
                    53:58:4d:2e:ea:73:e6:aa:03:c9:38:42:49:b6:33:
                    b3:0d:a6:85:2e:9a:11:d7:00:80:40:55:54:9b:a6:
                    6a:3c:1e:b0:1e:8a:36:f2:46:d6:86:83:8c:2f:83:
                    78:3c:63:4b:59:b9:21:70:0c:da:88:d9:69:57:c0:
                    18:31:20:4b:c9:8b:01:16:da:8f:60:14:59:d6:f7:
                    d9:15:76:3b:c1:fd:f9:3b:6e:b4:fb:ba:1d:a7:8b:
                    04:e1:41:9c:af:30:e6:cc:6c:d8:25:58:3f:7f:08:
                    62:f3:e2:45:8b:d9:21:a6:9d:8b:41:de:f8:e5:c6:
                    b1:40:ed:29:00:4e:39:a7:f0:e4:e2:5c:a6:40:16:
                    79:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:F1:68:09:03:9B:91:0E:15:C5:AB:DE:FE:96:14:FD:4A:C1:3D:C6
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/c_FoCQObkQ4Vxave_pYU_UrBPcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:e300::/40

    Signature Algorithm: sha256WithRSAEncryption
         c8:cb:12:09:19:b4:76:4c:b8:49:9e:37:eb:45:5f:c7:ee:ac:
         6b:25:0c:ca:60:60:bf:44:b4:f1:bd:45:18:32:02:89:ce:06:
         cd:06:8b:3a:c4:b9:24:ba:1e:1c:80:1b:15:29:95:5c:22:54:
         34:96:9f:8f:ca:98:b8:20:87:ba:03:8a:6e:2f:f4:ed:a0:03:
         50:2b:80:e6:f2:cc:a3:19:54:35:b8:73:64:59:43:c3:45:2e:
         42:4f:ce:7b:9e:67:2d:c6:67:9a:59:16:e8:0b:8a:69:c5:0d:
         ba:96:2d:63:6b:7c:e3:02:1e:f6:3a:0d:e6:96:83:00:c1:3e:
         38:68:86:e4:69:f4:15:1d:eb:2d:70:50:02:08:0b:1c:69:4c:
         2b:63:f2:00:39:e0:d6:bd:e6:c1:de:9f:d5:b7:5b:55:d8:b3:
         14:bc:1e:c1:94:42:88:16:63:25:38:27:9b:0f:5a:aa:74:46:
         0a:ad:ff:2d:9e:72:7c:ed:68:4a:1d:6b:98:4a:33:c8:69:0b:
         83:f5:3b:6f:cc:0b:8d:48:0a:b0:9c:2b:8c:f4:a2:c9:bc:7f:
         8f:a0:91:ae:df:6f:21:b1:97:f4:a1:44:5b:22:0d:8c:56:3f:
         03:d1:0d:99:0c:1a:02:85:0a:c5:1d:87:b9:32:47:0c:89:1b:
         33:e9:37:dc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSzf5FG/V28iCi5QRVzSWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2YxNjgwOTAzOWI5MTBlMTVjNWFiZGVmZTk2MTRmZDRhYzEzZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmcg/9bxHMmzx1uSOEF1i/KYf71m
fj+gZCCzUDSfcID3AbpzOt5vZOMG9CHISyN3qFXvue+40NkfPOewYDjTPCyUBYZi
qhVbizzPl5BnN+oxhlX36oSOvpEa2+rr/d3t0W1b16X1s7gX/QK2ciUn8Q8z8fgN
ooRTWE0u6nPmqgPJOEJJtjOzDaaFLpoR1wCAQFVUm6ZqPB6wHoo28kbWhoOML4N4
PGNLWbkhcAzaiNlpV8AYMSBLyYsBFtqPYBRZ1vfZFXY7wf35O260+7odp4sE4UGc
rzDmzGzYJVg/fwhi8+JFi9khpp2LQd745caxQO0pAE45p/Dk4lymQBZ5FwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHPxaAkDm5EOFcWr3v6WFP1KwT3GMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvY19Gb0NRT2JrUTRWeGF2ZV9wWVVfVXJCUGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/wuMw
DQYJKoZIhvcNAQELBQADggEBAMjLEgkZtHZMuEmeN+tFX8furGslDMpgYL9EtPG9
RRgyAonOBs0GizrEuSS6HhyAGxUplVwiVDSWn4/KmLggh7oDim4v9O2gA1ArgOby
zKMZVDW4c2RZQ8NFLkJPznueZy3GZ5pZFugLimnFDbqWLWNrfOMCHvY6DeaWgwDB
PjhohuRp9BUd6y1wUAIICxxpTCtj8gA54Na95sHen9W3W1XYsxS8HsGUQogWYyU4
J5sPWqp0Rgqt/y2ecnztaEoda5hKM8hpC4P1O2/MC41ICrCcK4z0osm8f4+gka7f
byGxl/ShRFsiDYxWPwPRDZkMGgKFCsUdh7kyRwyJGzPpN9w=
-----END CERTIFICATE-----