Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/g5Eq0CabVNCARWlMxF5EoStF0z0.roa
File:                     g5Eq0CabVNCARWlMxF5EoStF0z0.roa (raw, json)
Hash identifier:          wL5Em4S9NLbq9o+6j0uIQhg/VFmZnd0cP8erRYXP6u0=
Subject key identifier:   83:91:2A:D0:26:9B:54:D0:80:45:69:4C:C4:5E:44:A1:2B:45:D3:3D
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B33DBF900EA70C2E9A12AC09E8560
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/g5Eq0CabVNCARWlMxF5EoStF0z0.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7721
IP address blocks:        2a12:3fc2:6600::/40 maxlen: 48
                          2a12:3fc2:6666::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:33:db:f9:00:ea:70:c2:e9:a1:2a:c0:9e:85:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83912ad0269b54d08045694cc45e44a12b45d33d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0e:73:30:c3:9f:7e:17:4d:b7:1a:bd:be:0b:
                    0b:fd:5c:05:ef:d5:19:cf:5d:ae:08:5e:f4:33:be:
                    40:ed:ae:ad:78:cc:54:d5:31:30:df:a1:0b:cf:64:
                    10:b6:9d:51:35:0c:e1:71:7a:91:7b:fc:b2:9c:0c:
                    48:bf:f1:7f:19:d3:cb:4d:61:1f:85:a6:55:a2:0f:
                    6b:ce:16:8b:c8:0b:7d:63:cf:9d:31:92:47:d4:4d:
                    42:43:a1:7a:24:e3:9f:ce:17:eb:ac:00:8d:ad:be:
                    87:6c:7b:19:d1:d3:47:81:e5:fe:47:23:24:c6:11:
                    ad:bb:60:16:61:ba:12:fa:6c:58:b1:dc:df:67:13:
                    42:42:89:dd:29:a6:1c:15:b8:37:a4:07:bd:78:1d:
                    0a:fd:e6:3d:f1:77:3d:56:07:31:76:ad:28:5f:c1:
                    64:58:18:e4:cd:52:68:30:79:ed:a7:d8:a9:ba:48:
                    52:ef:65:69:07:af:c8:79:03:a3:89:82:a9:28:30:
                    ae:11:40:2a:90:ab:23:25:87:57:8e:79:c2:80:18:
                    e8:b6:9c:1d:34:6b:a9:b0:48:63:12:08:28:4b:c3:
                    62:aa:a5:9b:f4:fb:54:09:88:db:9e:b4:5f:fb:d9:
                    ad:cf:87:3b:9b:b9:19:4b:05:b0:e2:0b:d9:f6:d5:
                    93:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:91:2A:D0:26:9B:54:D0:80:45:69:4C:C4:5E:44:A1:2B:45:D3:3D
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/g5Eq0CabVNCARWlMxF5EoStF0z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:6600::/40

    Signature Algorithm: sha256WithRSAEncryption
         23:7f:c6:4b:64:87:98:b1:c5:db:20:23:7e:e1:51:80:44:3c:
         cc:e3:13:91:21:ed:37:91:fe:9c:b8:aa:fd:72:84:9f:c1:b3:
         77:2b:f3:32:88:df:12:c5:4c:c5:df:be:2e:46:bf:2e:44:68:
         85:ec:d6:2b:c0:6c:9a:0c:bd:d8:e7:49:3b:0e:d6:32:89:49:
         2e:26:b9:22:ef:ee:c3:2a:76:da:ec:a6:44:a4:f1:53:c8:0c:
         80:28:21:d2:c7:86:64:96:61:61:be:e4:c5:55:41:35:8c:4b:
         71:d0:54:ef:37:5a:a9:ab:a7:a5:ab:60:f9:68:46:50:c1:76:
         96:8d:34:e1:ce:2d:b7:46:02:53:f5:a3:17:1f:a4:ca:c1:8e:
         60:42:15:03:c7:24:48:c2:61:8e:50:45:48:4f:3c:7b:f4:a1:
         fc:1f:1f:04:dc:84:d4:e8:14:f5:ca:25:3d:35:48:87:e9:7c:
         9d:08:65:48:d0:dc:3c:64:59:71:9d:b5:8c:70:15:32:21:8b:
         8f:83:00:9b:66:99:6b:25:e4:ea:34:51:06:13:f3:15:a0:4b:
         12:1f:19:32:1a:aa:1c:ed:1b:fe:78:0f:b1:2e:d7:43:72:51:
         89:58:44:98:6a:eb:ea:84:84:be:27:64:4e:64:c4:77:d7:1c:
         c5:0d:6c:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSzPb+QDqcMLpoSrAnoVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzkxMmFkMDI2OWI1NGQwODA0NTY5NGNjNDVlNDRhMTJiNDVkMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg5zMMOffhdNtxq9vgsL/VwF79UZ
z12uCF70M75A7a6teMxU1TEw36ELz2QQtp1RNQzhcXqRe/yynAxIv/F/GdPLTWEf
haZVog9rzhaLyAt9Y8+dMZJH1E1CQ6F6JOOfzhfrrACNrb6HbHsZ0dNHgeX+RyMk
xhGtu2AWYboS+mxYsdzfZxNCQondKaYcFbg3pAe9eB0K/eY98Xc9Vgcxdq0oX8Fk
WBjkzVJoMHntp9ipukhS72VpB6/IeQOjiYKpKDCuEUAqkKsjJYdXjnnCgBjotpwd
NGupsEhjEggoS8NiqqWb9PtUCYjbnrRf+9mtz4c7m7kZSwWw4gvZ9tWT1QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIORKtAmm1TQgEVpTMReRKErRdM9MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvZzVFcTBDYWJWTkNBUldsTXhGNUVvU3RGMHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/wmYw
DQYJKoZIhvcNAQELBQADggEBACN/xktkh5ixxdsgI37hUYBEPMzjE5Eh7TeR/py4
qv1yhJ/Bs3cr8zKI3xLFTMXfvi5Gvy5EaIXs1ivAbJoMvdjnSTsO1jKJSS4muSLv
7sMqdtrspkSk8VPIDIAoIdLHhmSWYWG+5MVVQTWMS3HQVO83Wqmrp6WrYPloRlDB
dpaNNOHOLbdGAlP1oxcfpMrBjmBCFQPHJEjCYY5QRUhPPHv0ofwfHwTchNToFPXK
JT01SIfpfJ0IZUjQ3DxkWXGdtYxwFTIhi4+DAJtmmWsl5Oo0UQYT8xWgSxIfGTIa
qhztG/54D7Eu10NyUYlYRJhq6+qEhL4nZE5kxHfXHMUNbOA=
-----END CERTIFICATE-----