Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/em4jeeGDyI2Leeko2gkILinzDcw.roa
File:                     em4jeeGDyI2Leeko2gkILinzDcw.roa (raw, json)
Hash identifier:          +Qx0Xn1kqUWUwEQB/gtE33C5i4xsBgO6+Yj8But4MVY=
Subject key identifier:   7A:6E:23:79:E1:83:C8:8D:8B:79:E9:28:DA:09:08:2E:29:F3:0D:CC
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B36A4B077F1B750D7AE06647D203A
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/em4jeeGDyI2Leeko2gkILinzDcw.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138211
IP address blocks:        2a12:3fc2:e600::/40 maxlen: 48
                          2a12:3fc2:e800::/40 maxlen: 48
                          2a12:3fc2:8000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:36:a4:b0:77:f1:b7:50:d7:ae:06:64:7d:20:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a6e2379e183c88d8b79e928da09082e29f30dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:08:15:87:17:51:06:2f:af:91:e3:47:40:99:
                    01:81:0a:f6:2b:27:20:ac:55:4d:cf:a4:f1:27:fc:
                    73:0c:24:28:8f:6b:0b:1b:c8:8c:6c:50:95:a2:8c:
                    96:bb:00:5c:29:9b:c5:b9:19:3d:42:99:89:a1:27:
                    1d:61:f7:f7:f1:13:d1:d0:b2:9c:61:ab:d0:43:70:
                    60:a9:28:23:7d:0f:fc:9d:19:d2:9e:35:2d:d7:50:
                    42:a1:a8:c2:cb:69:58:0d:26:c2:9c:2a:e4:44:e2:
                    d8:a8:8c:11:cf:cc:01:93:e2:c8:f8:48:0c:ba:5f:
                    da:37:b1:79:98:14:ca:7c:6c:bf:0d:1d:e1:4f:24:
                    44:8b:0c:31:2e:12:71:51:ad:72:ab:c7:f0:08:95:
                    c6:8d:55:5b:29:92:b6:cc:5b:5a:b5:1e:9e:2a:f8:
                    8e:09:36:28:1e:31:d6:df:65:e2:b6:6d:9b:94:d2:
                    21:36:2c:e1:ef:cf:34:36:b2:99:b7:3b:69:44:25:
                    76:ed:ef:04:4d:f4:df:2e:fc:02:f8:2f:c6:6e:5d:
                    6f:a1:f8:15:e9:3b:94:44:e2:62:47:bb:41:1d:a3:
                    e6:a5:65:59:8a:01:e6:e1:ac:b1:b3:d9:9f:b0:d3:
                    29:1a:2a:a5:52:34:b7:1b:bc:65:20:22:21:d5:27:
                    c3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:6E:23:79:E1:83:C8:8D:8B:79:E9:28:DA:09:08:2E:29:F3:0D:CC
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/em4jeeGDyI2Leeko2gkILinzDcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:8000::/36
                  2a12:3fc2:e600::/40
                  2a12:3fc2:e800::/40

    Signature Algorithm: sha256WithRSAEncryption
         20:03:30:b3:14:af:54:48:29:17:e2:57:f6:02:82:d9:b0:7f:
         f7:3e:62:a7:44:33:70:cf:02:78:95:c3:de:08:88:da:ce:71:
         4b:f9:dd:96:03:d6:9c:9d:20:f2:e6:a1:1a:0d:4d:d7:02:5b:
         aa:97:b8:39:6c:27:a9:cf:51:98:d6:32:03:e6:3a:0f:ab:f7:
         2e:35:70:81:64:93:0e:b7:5b:e5:c8:89:a4:96:ab:c8:02:cc:
         5a:3c:7e:7b:9e:60:1b:f3:74:d1:a1:19:8c:fc:5f:f1:7c:21:
         0a:b2:fe:98:3c:3e:e3:60:be:54:94:55:73:b1:7d:b7:ae:51:
         c3:b5:b9:b1:ff:cd:7c:81:ae:83:98:20:86:b8:00:0e:a8:47:
         25:bf:cf:0e:bd:3e:9d:6c:f7:f6:71:52:31:c6:83:9b:a8:ad:
         8b:95:47:63:e8:44:6f:c4:03:b6:c1:1a:2a:0e:89:40:41:6f:
         67:ee:1a:c8:3a:03:ce:eb:de:9c:e6:ec:9e:90:ca:ca:92:ef:
         5c:48:31:4d:95:15:32:d4:a4:80:4d:cc:b7:df:97:e6:3d:88:
         f3:2f:be:c8:a5:79:93:78:8e:1e:a1:46:cd:c5:ea:76:3c:a5:
         ae:ec:52:ba:fc:41:68:a0:07:23:0e:e3:b8:42:89:40:ea:3e:
         de:32:92:ab
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGSzaksHfxt1DXrgZkfSA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTZlMjM3OWUxODNjODhkOGI3OWU5MjhkYTA5MDgyZTI5ZjMwZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAgVhxdRBi+vkeNHQJkBgQr2Kycg
rFVNz6TxJ/xzDCQoj2sLG8iMbFCVooyWuwBcKZvFuRk9QpmJoScdYff38RPR0LKc
YavQQ3BgqSgjfQ/8nRnSnjUt11BCoajCy2lYDSbCnCrkROLYqIwRz8wBk+LI+EgM
ul/aN7F5mBTKfGy/DR3hTyREiwwxLhJxUa1yq8fwCJXGjVVbKZK2zFtatR6eKviO
CTYoHjHW32Xitm2blNIhNizh7880NrKZtztpRCV27e8ETfTfLvwC+C/Gbl1vofgV
6TuUROJiR7tBHaPmpWVZigHm4ayxs9mfsNMpGiqlUjS3G7xlICIh1SfDjwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHpuI3nhg8iNi3npKNoJCC4p8w3MMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvZW00amVlR0R5STJMZWVrbzJna0lMaW56RGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAAjAYAwYEKhI/woAD
BgAqEj/C5gMGACoSP8LoMA0GCSqGSIb3DQEBCwUAA4IBAQAgAzCzFK9USCkX4lf2
AoLZsH/3PmKnRDNwzwJ4lcPeCIjaznFL+d2WA9acnSDy5qEaDU3XAluql7g5bCep
z1GY1jID5joPq/cuNXCBZJMOt1vlyImklqvIAsxaPH57nmAb83TRoRmM/F/xfCEK
sv6YPD7jYL5UlFVzsX23rlHDtbmx/818ga6DmCCGuAAOqEclv88OvT6dbPf2cVIx
xoObqK2LlUdj6ERvxAO2wRoqDolAQW9n7hrIOgPO696c5uyekMrKku9cSDFNlRUy
1KSATcy335fmPYjzL77IpXmTeI4eoUbNxep2PKWu7FK6/EFooAcjDuO4QolA6j7e
MpKr
-----END CERTIFICATE-----