Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ln3wcdgx34du7j_Gqi3USjnPYlU.roa
File:                     ln3wcdgx34du7j_Gqi3USjnPYlU.roa (raw, json)
Hash identifier:          aq8ioS+0GiPbrJnTYAwWH/P1I48amSE6Rqbt6eC72Nc=
Subject key identifier:   96:7D:F0:71:D8:31:DF:87:6E:EE:3F:C6:AA:2D:D4:4A:39:CF:62:55
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067EF58809BB50E8B361F7DC7859E33
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ln3wcdgx34du7j_Gqi3USjnPYlU.roa
Signing time:             Wed 01 Jan 2025 05:47:49 +0000
ROA not before:           Wed 01 Jan 2025 05:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207780
IP address blocks:        2a12:3fc6::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ef:58:80:9b:b5:0e:8b:36:1f:7d:c7:85:9e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=967df071d831df876eee3fc6aa2dd44a39cf6255
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cb:cb:85:6f:07:61:31:20:3c:3a:9b:12:59:
                    10:6e:84:09:b9:54:a9:ef:95:16:8e:df:a7:bd:6d:
                    85:cf:8e:9e:41:f1:ff:fd:a7:d1:7a:fd:9b:1a:60:
                    7f:81:f4:e8:6e:ec:24:41:9f:1f:cc:40:e2:eb:ce:
                    55:15:c3:24:33:e9:94:88:5d:7d:0d:36:84:17:7d:
                    d4:b0:d8:93:db:44:81:76:1e:72:69:39:29:6a:ab:
                    8c:f3:de:b6:42:31:e7:60:a2:33:6e:e3:95:cb:26:
                    b4:28:84:2e:b3:2c:8b:2b:63:d2:15:4f:3e:ad:25:
                    98:ca:de:72:00:b5:1b:7e:68:40:33:32:4b:bc:64:
                    af:60:da:68:b4:36:d6:56:02:02:0d:d6:11:23:4f:
                    d0:74:b4:51:30:31:f1:5b:c9:78:65:82:03:63:85:
                    8c:ca:ef:f4:4a:0a:f8:e9:ae:5a:8f:03:2e:69:32:
                    56:83:6a:12:c6:3f:81:85:ca:d4:4f:41:df:1b:bd:
                    ca:6b:6c:28:d6:d6:2e:46:eb:56:3c:5c:04:7d:af:
                    73:52:73:ed:cd:73:19:56:10:af:5f:c2:f2:d8:1a:
                    1f:b1:a3:15:4c:84:d9:76:81:24:32:48:3c:81:9d:
                    2d:c7:f6:de:5d:27:ee:a4:95:31:e1:e1:7f:4e:5c:
                    47:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:7D:F0:71:D8:31:DF:87:6E:EE:3F:C6:AA:2D:D4:4A:39:CF:62:55
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ln3wcdgx34du7j_Gqi3USjnPYlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc6::/44

    Signature Algorithm: sha256WithRSAEncryption
         c5:84:5c:ab:02:7f:84:5a:63:fc:45:2d:2e:9f:35:1b:b7:97:
         33:6c:1a:98:de:86:85:43:c6:26:4d:55:9d:0e:59:6c:1c:7f:
         fe:83:c9:7e:9a:7a:46:2d:eb:2f:6c:63:65:41:7e:24:c5:c3:
         de:77:ad:42:dd:b5:e2:b1:3f:f6:42:a8:0c:e8:9c:86:12:ac:
         69:4b:dc:b1:42:8e:f5:25:29:9d:5b:ac:0d:fa:e7:1a:60:a0:
         7d:5f:77:c3:8b:ac:4d:44:ff:2c:6d:d2:df:b0:80:15:40:75:
         46:78:2c:ef:2d:08:31:ee:71:af:dc:e6:31:2f:1f:cf:9c:85:
         15:71:bd:88:85:09:e5:f4:8a:c4:f0:b2:2e:f4:05:3b:2f:3b:
         40:5a:f4:c5:7e:46:16:fe:66:9f:9b:a2:c9:c4:85:5f:3f:a1:
         8e:7a:5b:1a:9a:3a:4c:c3:d1:83:4e:56:77:a1:aa:ed:eb:72:
         1b:54:5e:01:53:af:3b:dd:6a:89:4b:e9:74:b2:18:35:5b:16:
         a5:e3:06:0e:28:9b:a5:d7:6f:0e:fb:70:8a:df:f2:56:61:30:
         be:12:8f:b2:eb:a9:e7:89:99:f9:37:c2:28:50:97:b4:27:49:
         a3:5e:11:2b:18:cf:4f:d6:40:e5:e5:b5:2a:04:ff:ef:15:15:
         a1:54:b5:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgZ+9YgJu1Dos2H33HhZ4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjdkZjA3MWQ4MzFkZjg3NmVlZTNmYzZhYTJkZDQ0YTM5Y2Y2MjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMvLhW8HYTEgPDqbElkQboQJuVSp
75UWjt+nvW2Fz46eQfH//afRev2bGmB/gfTobuwkQZ8fzEDi685VFcMkM+mUiF19
DTaEF33UsNiT20SBdh5yaTkpaquM8962QjHnYKIzbuOVyya0KIQusyyLK2PSFU8+
rSWYyt5yALUbfmhAMzJLvGSvYNpotDbWVgICDdYRI0/QdLRRMDHxW8l4ZYIDY4WM
yu/0Sgr46a5ajwMuaTJWg2oSxj+BhcrUT0HfG73Ka2wo1tYuRutWPFwEfa9zUnPt
zXMZVhCvX8Ly2BofsaMVTITZdoEkMkg8gZ0tx/beXSfupJUx4eF/TlxHHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJZ98HHYMd+Hbu4/xqot1Eo5z2JVMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvbG4zd2NkZ3gzNGR1N2pfR3FpM1VTam5QWWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/xgAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDFhFyrAn+EWmP8RS0unzUbt5czbBqY3oaFQ8Ym
TVWdDllsHH/+g8l+mnpGLesvbGNlQX4kxcPed61C3bXisT/2QqgM6JyGEqxpS9yx
Qo71JSmdW6wN+ucaYKB9X3fDi6xNRP8sbdLfsIAVQHVGeCzvLQgx7nGv3OYxLx/P
nIUVcb2IhQnl9IrE8LIu9AU7LztAWvTFfkYW/mafm6LJxIVfP6GOelsamjpMw9GD
TlZ3oart63IbVF4BU6873WqJS+l0shg1Wxal4wYOKJul128O+3CK3/JWYTC+Eo+y
66nniZn5N8IoUJe0J0mjXhErGM9P1kDl5bUqBP/vFRWhVLXt
-----END CERTIFICATE-----