Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/f9vAB04D264jStUTMcjHsmu2CT0.roa
File:                     f9vAB04D264jStUTMcjHsmu2CT0.roa (raw, json)
Hash identifier:          tEnjtz4KNCSM8UkWeM90vIRtkHvZa0tGvwjmf02eilE=
Subject key identifier:   7F:DB:C0:07:4E:03:DB:AE:23:4A:D5:13:31:C8:C7:B2:6B:B6:09:3D
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3B9147C89ED81F82642E8E4F710D
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/f9vAB04D264jStUTMcjHsmu2CT0.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203236
IP address blocks:        2a12:3fc2:aa10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3b:91:47:c8:9e:d8:1f:82:64:2e:8e:4f:71:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fdbc0074e03dbae234ad51331c8c7b26bb6093d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d1:b4:49:2e:ec:e5:69:a7:8b:fb:6c:fa:13:
                    ef:6b:52:af:7b:08:81:ec:f9:c9:5b:84:53:45:74:
                    62:0f:36:8b:0c:d4:ab:26:1b:6f:d2:6f:4a:57:be:
                    34:24:ea:c7:7e:11:5d:ee:8f:74:5d:6e:e2:ba:bc:
                    0c:80:89:d6:84:fc:f3:4d:80:25:d3:97:e9:10:d8:
                    08:0f:6e:e5:f5:75:14:49:6a:6f:bb:a7:21:45:a2:
                    33:f5:62:41:8d:8b:df:5d:7e:0e:fa:38:72:e3:5d:
                    d3:03:93:13:bd:a3:e3:43:00:4e:c4:47:9c:b1:db:
                    0b:18:55:c7:cc:cf:8a:7d:e8:ec:dd:25:0a:57:42:
                    21:82:1e:bf:6e:68:47:ae:8f:f7:00:67:e0:e1:a5:
                    17:73:22:8f:64:87:21:f2:d7:8e:bf:43:7e:4b:28:
                    2e:09:34:c5:30:c9:17:c4:83:43:92:7e:72:d3:6c:
                    f7:ce:f4:7a:9e:c0:e7:04:b4:f1:ba:fe:03:8d:58:
                    4f:1c:53:e0:aa:5a:3c:dc:53:69:a3:d0:47:a9:ac:
                    76:73:da:8d:73:c9:9b:3c:49:2e:10:ba:6c:d3:ba:
                    39:d4:65:58:a1:de:db:c1:4f:78:1b:f2:6f:58:b0:
                    67:8d:27:db:b2:29:12:d4:8d:ef:7a:d9:ca:80:55:
                    fc:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:DB:C0:07:4E:03:DB:AE:23:4A:D5:13:31:C8:C7:B2:6B:B6:09:3D
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/f9vAB04D264jStUTMcjHsmu2CT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:aa10::/44

    Signature Algorithm: sha256WithRSAEncryption
         d3:9a:1c:6d:bb:00:9c:f1:0b:bd:54:e7:53:a6:30:f0:6c:80:
         8c:98:c1:f4:7e:81:aa:74:19:a8:3e:d1:a9:1f:ee:31:f8:a9:
         08:d1:85:2d:d8:fc:8c:9a:aa:92:2e:a7:04:2d:d3:18:03:bd:
         e3:db:98:f4:5c:ae:73:4e:17:26:69:30:b0:ad:43:1f:b2:93:
         02:c8:04:9a:03:d1:7a:e5:b1:eb:34:4b:51:60:be:2b:f3:78:
         16:7a:4b:76:d5:bd:ff:3a:b8:c8:dd:ba:e9:3f:2c:73:b8:22:
         52:a2:9e:60:f5:e3:7d:81:83:7d:ac:b5:d2:33:e3:69:97:d3:
         68:01:e0:b2:cd:20:8f:bb:02:a4:ad:dc:55:ed:76:d3:89:86:
         32:cb:78:01:9c:19:53:5c:23:4e:3f:d7:18:2d:0a:b4:b8:e0:
         58:92:ba:1a:f1:51:57:99:15:a4:36:8f:59:a6:2b:f2:90:84:
         ed:13:02:3c:27:07:23:2e:d7:c3:6e:b2:f4:00:9c:59:50:f8:
         06:16:07:a4:4a:00:48:a4:ad:4e:bb:0e:68:d3:60:db:f2:10:
         73:6c:16:08:7d:37:3d:dc:b5:b4:f8:3a:60:01:cd:e8:b5:28:
         21:28:3d:5b:64:92:69:74:81:d5:87:ed:26:e4:d4:de:8a:cb:
         b9:40:00:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSzuRR8ie2B+CZC6OT3ENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmRiYzAwNzRlMDNkYmFlMjM0YWQ1MTMzMWM4YzdiMjZiYjYwOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNG0SS7s5Wmni/ts+hPva1KvewiB
7PnJW4RTRXRiDzaLDNSrJhtv0m9KV740JOrHfhFd7o90XW7iurwMgInWhPzzTYAl
05fpENgID27l9XUUSWpvu6chRaIz9WJBjYvfXX4O+jhy413TA5MTvaPjQwBOxEec
sdsLGFXHzM+Kfejs3SUKV0Ihgh6/bmhHro/3AGfg4aUXcyKPZIch8teOv0N+Sygu
CTTFMMkXxINDkn5y02z3zvR6nsDnBLTxuv4DjVhPHFPgqlo83FNpo9BHqax2c9qN
c8mbPEkuELps07o51GVYod7bwU94G/JvWLBnjSfbsikS1I3vetnKgFX87QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH/bwAdOA9uuI0rVEzHIx7Jrtgk9MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvZjl2QUIwNEQyNjRqU3RVVE1jakhzbXUyQ1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/wqoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDTmhxtuwCc8Qu9VOdTpjDwbICMmMH0foGqdBmo
PtGpH+4x+KkI0YUt2PyMmqqSLqcELdMYA73j25j0XK5zThcmaTCwrUMfspMCyASa
A9F65bHrNEtRYL4r83gWekt21b3/OrjI3brpPyxzuCJSop5g9eN9gYN9rLXSM+Np
l9NoAeCyzSCPuwKkrdxV7XbTiYYyy3gBnBlTXCNOP9cYLQq0uOBYkroa8VFXmRWk
No9ZpivykITtEwI8JwcjLtfDbrL0AJxZUPgGFgekSgBIpK1Ouw5o02Db8hBzbBYI
fTc93LW0+DpgAc3otSghKD1bZJJpdIHVh+0m5NTeisu5QAAs
-----END CERTIFICATE-----