Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/l23XsO3XAUB9bsyWTvgT0ymXs-g.roa
File:                     l23XsO3XAUB9bsyWTvgT0ymXs-g.roa (raw, json)
Hash identifier:          boRkDTTX0FkLl3pgNtWrbYRzVEhbf5W7Z0z+qJ9fMiI=
Subject key identifier:   97:6D:D7:B0:ED:D7:01:40:7D:6E:CC:96:4E:F8:13:D3:29:97:B3:E8
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067EC7EF6F63A8F2BA39F2403FEA2D6
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/l23XsO3XAUB9bsyWTvgT0ymXs-g.roa
Signing time:             Wed 01 Jan 2025 05:47:49 +0000
ROA not before:           Wed 01 Jan 2025 05:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203133
IP address blocks:        2a12:3fc2:aa60::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ec:7e:f6:f6:3a:8f:2b:a3:9f:24:03:fe:a2:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=976dd7b0edd701407d6ecc964ef813d32997b3e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:46:f0:0c:69:a7:ce:0e:fd:63:e1:53:77:11:
                    31:35:b5:98:05:12:29:88:fa:c1:20:f8:61:88:2a:
                    8f:6f:b0:c9:43:8d:b4:a7:63:7d:14:84:f5:94:e2:
                    df:cf:f3:8a:07:86:b7:de:54:91:36:9f:e0:f8:2b:
                    be:1e:71:03:5b:76:80:21:60:05:cf:f0:ef:c3:e3:
                    82:82:47:9d:a4:ce:d3:07:9c:69:3f:1b:f8:f1:df:
                    d0:32:c6:07:39:2b:fa:e0:78:fd:a4:cd:16:aa:ed:
                    d9:c0:52:c7:f7:f5:18:45:ac:29:7b:a1:76:42:5d:
                    6a:e3:96:77:dc:bd:ab:49:27:f5:f0:6a:35:b9:be:
                    aa:27:76:6c:83:5a:fa:8c:10:57:0b:3e:07:5a:a9:
                    66:e6:66:c5:3b:5b:3b:54:4c:d7:d2:67:a1:6e:6c:
                    3c:19:b5:bc:61:a0:23:c4:ce:2d:67:88:c7:00:3a:
                    9e:94:57:cc:ae:73:da:23:09:e8:12:7e:db:7d:84:
                    30:42:4d:6f:67:6a:13:13:57:aa:be:8a:60:96:b8:
                    24:75:50:d9:a8:92:b7:7e:0b:28:d4:dd:66:bb:78:
                    84:03:4d:77:e5:c1:46:1c:67:70:dc:0b:4c:4f:97:
                    23:67:bb:34:8b:b4:be:35:33:91:1d:ec:89:dc:99:
                    ea:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:6D:D7:B0:ED:D7:01:40:7D:6E:CC:96:4E:F8:13:D3:29:97:B3:E8
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/l23XsO3XAUB9bsyWTvgT0ymXs-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:aa60::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:e4:55:f5:18:d0:77:77:6a:a3:df:e0:36:a5:f6:74:3b:70:
         c0:fb:60:85:51:5b:4a:e3:51:16:4c:23:7e:eb:33:b7:4f:46:
         54:7a:62:73:6d:17:8b:b1:ca:05:0b:f6:5b:3c:9a:ff:c3:a5:
         fd:33:f9:9c:54:13:2e:90:2e:19:67:14:d6:98:16:83:a6:e5:
         bf:b9:43:86:ae:1e:5f:c0:cc:af:68:65:48:e8:c3:f2:6a:ad:
         3b:4b:b3:75:39:53:6c:75:86:f6:a1:94:8a:4d:1a:88:6b:c0:
         3b:9e:33:30:19:3e:f8:30:02:35:22:a3:e6:67:4e:e1:eb:53:
         94:86:74:83:59:d5:5d:4c:11:8f:b2:6e:33:04:b1:ed:88:07:
         dc:49:72:96:67:1f:ee:e8:6b:3a:9e:c5:bf:b0:b5:23:c1:b3:
         91:44:6b:74:d4:0a:99:95:53:87:b0:cb:95:5b:24:e6:99:fa:
         05:ac:c3:6b:d2:67:7e:ae:99:b5:fd:3a:98:3b:9e:af:4a:4b:
         04:73:2a:68:2c:f6:f5:b1:dd:85:08:46:ce:37:30:07:bf:86:
         98:2d:9e:7b:36:57:96:91:f8:1f:6f:b7:71:37:cf:a2:6f:7b:
         2f:f9:ec:ca:f1:76:28:f4:a7:7c:b4:a4:63:3c:a3:0c:16:e5:
         f7:26:c3:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgZ+x+9vY6jyujnyQD/qLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZkZDdiMGVkZDcwMTQwN2Q2ZWNjOTY0ZWY4MTNkMzI5OTdiM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEbwDGmnzg79Y+FTdxExNbWYBRIp
iPrBIPhhiCqPb7DJQ420p2N9FIT1lOLfz/OKB4a33lSRNp/g+Cu+HnEDW3aAIWAF
z/Dvw+OCgkedpM7TB5xpPxv48d/QMsYHOSv64Hj9pM0Wqu3ZwFLH9/UYRawpe6F2
Ql1q45Z33L2rSSf18Go1ub6qJ3Zsg1r6jBBXCz4HWqlm5mbFO1s7VEzX0mehbmw8
GbW8YaAjxM4tZ4jHADqelFfMrnPaIwnoEn7bfYQwQk1vZ2oTE1eqvopglrgkdVDZ
qJK3fgso1N1mu3iEA0135cFGHGdw3AtMT5cjZ7s0i7S+NTORHeyJ3JnqYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJdt17Dt1wFAfW7Mlk74E9Mpl7PoMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvbDIzWHNPM1hBVUI5YnN5V1R2Z1QweW1Ycy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhI/wqpg
MA0GCSqGSIb3DQEBCwUAA4IBAQDN5FX1GNB3d2qj3+A2pfZ0O3DA+2CFUVtK41EW
TCN+6zO3T0ZUemJzbReLscoFC/ZbPJr/w6X9M/mcVBMukC4ZZxTWmBaDpuW/uUOG
rh5fwMyvaGVI6MPyaq07S7N1OVNsdYb2oZSKTRqIa8A7njMwGT74MAI1IqPmZ07h
61OUhnSDWdVdTBGPsm4zBLHtiAfcSXKWZx/u6Gs6nsW/sLUjwbORRGt01AqZlVOH
sMuVWyTmmfoFrMNr0md+rpm1/TqYO56vSksEcypoLPb1sd2FCEbONzAHv4aYLZ57
NleWkfgfb7dxN8+ib3sv+ezK8XYo9Kd8tKRjPKMMFuX3JsPx
-----END CERTIFICATE-----