Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/d19O-SlLEZeJXIsq2fCQ4joNRXg.roa
File:                     d19O-SlLEZeJXIsq2fCQ4joNRXg.roa (raw, json)
Hash identifier:          BYn1jhOUXkk2yQTlpiWuL6EideJJ4fUHLOKcIxhhZTY=
Subject key identifier:   77:5F:4E:F9:29:4B:11:97:89:5C:8B:2A:D9:F0:90:E2:3A:0D:45:78
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3934481DCF5332F4ACE48237DAC7
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/d19O-SlLEZeJXIsq2fCQ4joNRXg.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201815
IP address blocks:        2a12:3fc2:ab30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:39:34:48:1d:cf:53:32:f4:ac:e4:82:37:da:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=775f4ef9294b1197895c8b2ad9f090e23a0d4578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:dd:50:53:88:f7:93:61:43:f4:8b:a2:dd:39:
                    b2:5f:2a:8e:bb:8e:99:32:6e:12:5a:c7:0c:97:dc:
                    0a:7b:06:2e:fa:3f:41:39:13:7a:ce:14:f2:a2:17:
                    b7:6f:91:d2:b8:79:77:95:c1:e7:df:79:89:ac:ef:
                    d9:99:87:0d:0e:b5:b2:15:f3:5e:1c:e7:27:f1:db:
                    28:61:df:89:6a:bd:c3:80:ba:3d:67:9f:e3:d4:6e:
                    dd:6f:5b:60:92:bb:cc:4d:86:96:88:c0:30:40:22:
                    69:6a:49:82:eb:41:90:51:77:61:69:c6:8f:97:d0:
                    a9:ee:2c:50:3f:52:db:9f:82:6d:5f:ed:d2:4d:e5:
                    ce:80:74:e6:a5:af:be:85:aa:93:0b:06:32:3f:5c:
                    ec:31:ae:40:4f:96:07:3a:b3:df:bf:cb:d5:62:bc:
                    f4:0a:cd:cd:5f:8b:20:16:24:ca:e9:c2:23:5b:1e:
                    21:9f:6c:be:d6:3f:88:ae:fb:c3:0c:57:43:6a:bd:
                    c2:24:7c:23:be:b0:d7:96:54:5f:3b:e8:e1:92:df:
                    e4:82:19:f9:0e:7d:18:bd:b6:83:99:e6:7d:e8:3e:
                    11:be:00:70:b3:f9:cb:5e:f6:41:42:99:1b:a4:83:
                    f1:22:c3:a5:6d:75:f5:7e:eb:52:cf:bf:b7:05:53:
                    84:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:5F:4E:F9:29:4B:11:97:89:5C:8B:2A:D9:F0:90:E2:3A:0D:45:78
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/d19O-SlLEZeJXIsq2fCQ4joNRXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:ab30::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:fd:2b:8b:a2:78:fd:fd:87:8e:cd:0b:9b:7a:6b:5d:f5:1a:
         81:46:71:d0:e5:5d:fb:a8:d8:c0:b5:2c:a4:6b:e3:53:ad:63:
         49:f6:68:b5:0b:f9:8e:5d:c9:f4:c4:16:57:f8:83:9b:5e:69:
         dc:ea:a8:65:e8:42:80:3c:29:f6:d7:93:68:9b:94:ef:95:de:
         fb:ec:16:4f:74:4c:3a:0a:cb:03:d3:f0:c8:27:e5:22:01:8f:
         5d:8a:dc:b5:f9:e7:04:73:c9:d4:26:f2:05:4e:9a:7e:81:40:
         22:e1:e2:b3:3a:ae:85:16:0e:7e:82:7b:95:93:11:44:55:42:
         63:b6:c3:10:91:82:6d:55:f2:2f:62:be:96:76:36:3f:06:86:
         df:89:1c:72:58:58:e2:ce:68:31:52:59:b0:e6:5d:1e:87:83:
         24:c3:78:79:6e:35:64:c3:7c:21:e3:88:8b:cd:b3:1d:4b:28:
         f3:41:b8:70:87:cb:d0:41:a8:40:4b:b2:f2:05:a1:b1:a9:ea:
         5e:c6:6c:be:55:af:23:9d:cf:5e:37:bb:5e:ee:4e:70:13:e8:
         ae:34:df:e1:44:8d:5d:5a:49:de:c3:42:a1:9f:7a:2a:54:2a:
         dc:15:83:15:26:79:31:a8:05:13:fb:84:68:63:7a:fa:eb:a6:
         b9:60:9d:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSzk0SB3PUzL0rOSCN9rHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzVmNGVmOTI5NGIxMTk3ODk1YzhiMmFkOWYwOTBlMjNhMGQ0NTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhd1QU4j3k2FD9Iui3TmyXyqOu46Z
Mm4SWscMl9wKewYu+j9BORN6zhTyohe3b5HSuHl3lcHn33mJrO/ZmYcNDrWyFfNe
HOcn8dsoYd+Jar3DgLo9Z5/j1G7db1tgkrvMTYaWiMAwQCJpakmC60GQUXdhacaP
l9Cp7ixQP1Lbn4JtX+3STeXOgHTmpa++haqTCwYyP1zsMa5AT5YHOrPfv8vVYrz0
Cs3NX4sgFiTK6cIjWx4hn2y+1j+IrvvDDFdDar3CJHwjvrDXllRfO+jhkt/kghn5
Dn0YvbaDmeZ96D4RvgBws/nLXvZBQpkbpIPxIsOlbXX1futSz7+3BVOEuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHdfTvkpSxGXiVyLKtnwkOI6DUV4MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvZDE5Ty1TbExFWmVKWElzcTJmQ1E0am9OUlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/wqsw
MA0GCSqGSIb3DQEBCwUAA4IBAQAL/SuLonj9/YeOzQubemtd9RqBRnHQ5V37qNjA
tSyka+NTrWNJ9mi1C/mOXcn0xBZX+IObXmnc6qhl6EKAPCn215Nom5Tvld777BZP
dEw6CssD0/DIJ+UiAY9dity1+ecEc8nUJvIFTpp+gUAi4eKzOq6FFg5+gnuVkxFE
VUJjtsMQkYJtVfIvYr6WdjY/BobfiRxyWFjizmgxUlmw5l0eh4Mkw3h5bjVkw3wh
44iLzbMdSyjzQbhwh8vQQahAS7LyBaGxqepexmy+Va8jnc9eN7te7k5wE+iuNN/h
RI1dWknew0Khn3oqVCrcFYMVJnkxqAUT+4RoY3r666a5YJ1e
-----END CERTIFICATE-----