Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/f017qKo0c2dN4ewXBSd_HVQK4GY.roa
File:                     f017qKo0c2dN4ewXBSd_HVQK4GY.roa (raw, json)
Hash identifier:          J3YBUMnwIm+kjwGUFNK3tjgmaEdUSucOwVccVTncZXI=
Subject key identifier:   7F:4D:7B:A8:AA:34:73:67:4D:E1:EC:17:05:27:7F:1D:54:0A:E0:66
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3D52857F6F1274E1DC6CB0361AA3
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/f017qKo0c2dN4ewXBSd_HVQK4GY.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203899
IP address blocks:        2a12:3fc2:e400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3d:52:85:7f:6f:12:74:e1:dc:6c:b0:36:1a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f4d7ba8aa3473674de1ec1705277f1d540ae066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:bd:f5:24:eb:84:b7:6e:c9:6b:48:fc:b1:a2:
                    75:e3:92:e9:5b:cf:1e:26:81:6d:32:40:6e:64:df:
                    ca:97:eb:3a:60:8b:26:96:d1:c1:05:03:90:c7:49:
                    fd:77:4b:af:b3:e8:e0:d3:27:1e:e1:03:c3:fc:17:
                    ce:0f:5a:20:46:04:28:9a:a7:b9:ac:9a:4d:45:a2:
                    f9:18:94:28:c7:df:a8:03:a8:75:f1:38:c7:de:e1:
                    f5:55:bf:1d:9a:85:ca:c0:8b:5b:45:a7:d5:aa:a0:
                    73:b0:a4:f9:f1:d7:44:ba:9e:fb:33:1a:6a:fa:5f:
                    ce:24:63:fb:f8:88:9b:9d:8b:c4:0c:e1:c0:c4:48:
                    f9:9f:ce:67:aa:06:0b:68:07:ab:28:b0:c9:d7:5a:
                    40:a8:a0:5f:86:3e:68:4a:fe:ab:40:9f:26:7c:58:
                    9d:5d:4c:c3:6f:a4:77:f5:02:0c:fc:b7:c4:c6:5d:
                    d0:f0:69:be:c5:3e:78:07:17:1a:b1:be:e2:52:08:
                    72:f0:72:61:79:cb:04:a3:2b:de:03:6c:d0:47:dd:
                    f3:9b:0e:ca:61:23:a0:51:fd:95:0e:91:b5:2e:de:
                    af:26:03:fb:2b:0f:bf:4b:ea:c4:45:0c:a6:a9:eb:
                    5d:11:cd:df:2d:7c:b6:38:ab:43:51:fa:50:07:25:
                    e5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:4D:7B:A8:AA:34:73:67:4D:E1:EC:17:05:27:7F:1D:54:0A:E0:66
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/f017qKo0c2dN4ewXBSd_HVQK4GY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:e400::/40

    Signature Algorithm: sha256WithRSAEncryption
         ba:c0:e2:fb:d6:6e:a7:13:18:05:82:51:57:5b:06:c0:0d:b2:
         d1:b7:4c:5e:a6:e9:83:38:0d:af:63:9d:e4:f3:f1:87:92:eb:
         b8:5b:5d:2b:af:11:ea:ef:02:cf:93:6b:a3:85:44:92:77:d5:
         82:bb:a0:66:2a:16:c1:72:fb:f8:a1:b5:b7:de:f6:5f:07:7f:
         4d:f5:1d:1d:12:9f:14:55:81:78:04:31:ef:51:43:6e:69:59:
         42:5f:a7:e6:72:46:5a:32:cb:29:3d:63:4f:14:5d:67:99:4d:
         1e:44:c2:01:7f:04:87:09:3a:83:84:a5:fe:33:6e:54:d2:81:
         f7:e0:a5:2d:bb:c1:f3:83:03:2f:66:2e:30:e5:9b:6c:4c:f8:
         7a:4c:37:ac:26:df:9b:d1:ea:28:d4:3c:62:3f:45:f5:30:36:
         c0:93:61:40:a3:b4:e6:31:4e:4f:90:eb:a6:8d:f4:0b:a2:eb:
         45:10:cc:3d:1f:8e:1a:04:32:0e:00:25:79:97:57:97:41:ef:
         39:09:fb:2f:36:c2:fe:a7:d8:bf:73:e9:36:c8:65:06:7f:5c:
         9c:85:f9:6f:5d:7e:58:39:4b:5a:8b:dc:50:ad:94:cb:a9:6b:
         42:be:0b:96:92:9e:7d:f7:da:3e:47:dc:9c:6c:83:16:fd:8a:
         da:2c:38:60
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSz1ShX9vEnTh3GywNhqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjRkN2JhOGFhMzQ3MzY3NGRlMWVjMTcwNTI3N2YxZDU0MGFlMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApr31JOuEt27Ja0j8saJ145LpW88e
JoFtMkBuZN/Kl+s6YIsmltHBBQOQx0n9d0uvs+jg0yce4QPD/BfOD1ogRgQomqe5
rJpNRaL5GJQox9+oA6h18TjH3uH1Vb8dmoXKwItbRafVqqBzsKT58ddEup77Mxpq
+l/OJGP7+IibnYvEDOHAxEj5n85nqgYLaAerKLDJ11pAqKBfhj5oSv6rQJ8mfFid
XUzDb6R39QIM/LfExl3Q8Gm+xT54Bxcasb7iUghy8HJhecsEoyveA2zQR93zmw7K
YSOgUf2VDpG1Lt6vJgP7Kw+/S+rERQymqetdEc3fLXy2OKtDUfpQByXlwQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFH9Ne6iqNHNnTeHsFwUnfx1UCuBmMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvZjAxN3FLbzBjMmRONGV3WEJTZF9IVlFLNEdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/wuQw
DQYJKoZIhvcNAQELBQADggEBALrA4vvWbqcTGAWCUVdbBsANstG3TF6m6YM4Da9j
neTz8YeS67hbXSuvEervAs+Ta6OFRJJ31YK7oGYqFsFy+/ihtbfe9l8Hf031HR0S
nxRVgXgEMe9RQ25pWUJfp+ZyRloyyyk9Y08UXWeZTR5EwgF/BIcJOoOEpf4zblTS
gffgpS27wfODAy9mLjDlm2xM+HpMN6wm35vR6ijUPGI/RfUwNsCTYUCjtOYxTk+Q
66aN9Aui60UQzD0fjhoEMg4AJXmXV5dB7zkJ+y82wv6n2L9z6TbIZQZ/XJyF+W9d
flg5S1qL3FCtlMupa0K+C5aSnn332j5H3Jxsgxb9itosOGA=
-----END CERTIFICATE-----