Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ubX36AROQgJ1y-yroPTpx2aFRqU.roa
File:                     ubX36AROQgJ1y-yroPTpx2aFRqU.roa (raw, json)
Hash identifier:          TzZ+Nq0vWF7DB3+uAglpVhlRykxDNFM4orNSpqxdOSc=
Subject key identifier:   B9:B5:F7:E8:04:4E:42:02:75:CB:EC:AB:A0:F4:E9:C7:66:85:46:A5
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3B5B8A93449086513A5486B46568
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ubX36AROQgJ1y-yroPTpx2aFRqU.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203133
IP address blocks:        2a12:3fc2:aa60::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3b:5b:8a:93:44:90:86:51:3a:54:86:b4:65:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9b5f7e8044e420275cbecaba0f4e9c7668546a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ba:ef:fa:af:0f:92:a7:46:d8:0c:98:f3:f0:
                    33:53:58:b0:1c:8f:20:b3:fb:8b:d7:55:0a:7e:14:
                    5a:1f:c8:b5:a5:bc:f0:20:d9:49:95:e5:25:8b:e3:
                    e2:70:07:ae:d3:8d:bd:32:23:59:eb:bb:16:49:65:
                    06:35:ca:82:e8:d8:4d:29:b2:5a:31:82:03:ba:ea:
                    ac:c4:47:e2:b7:bb:ff:21:85:15:01:95:22:92:af:
                    1e:d8:5b:25:00:8d:17:ae:8e:d0:82:e7:83:87:93:
                    18:cd:24:4a:cc:08:7f:10:ae:6c:4f:eb:ed:5d:8b:
                    4c:e3:ab:9b:a6:e7:65:7a:3e:12:d2:a3:d1:20:fc:
                    0e:83:5b:12:e5:3f:42:41:82:6f:70:18:89:a3:88:
                    c8:bf:b6:15:bf:e4:c7:dd:f4:ff:0b:63:00:1b:c5:
                    d3:80:bf:d9:56:af:30:b7:85:f9:62:3f:2d:5d:3f:
                    7f:1a:ff:60:e4:65:8d:e3:24:50:52:dd:95:f7:79:
                    b4:76:8a:be:c7:61:64:f1:72:10:a6:72:6e:1f:d4:
                    d8:08:18:d0:03:b3:ba:54:6e:cc:64:6a:a8:50:9d:
                    c6:1f:5c:aa:51:ca:7d:88:bf:3b:56:cd:24:67:59:
                    70:e6:f8:7a:e2:56:66:f8:a4:59:35:15:07:86:c0:
                    58:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:B5:F7:E8:04:4E:42:02:75:CB:EC:AB:A0:F4:E9:C7:66:85:46:A5
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ubX36AROQgJ1y-yroPTpx2aFRqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:aa60::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:a9:f8:47:d6:3d:b5:81:53:2a:7c:49:6a:38:bc:52:6d:75:
         22:c1:0f:a9:c2:f3:71:32:85:e1:a1:e1:b6:fb:33:81:cf:72:
         18:dd:5e:25:b1:92:1f:d9:77:49:c4:da:93:6e:35:6d:4d:2e:
         f3:c9:18:05:b5:c9:e5:4d:37:cf:b7:c8:10:06:8c:2e:82:c4:
         52:b5:07:71:fa:59:c9:8a:2a:9f:d0:5b:0b:dc:77:82:50:28:
         9e:75:63:0a:76:1a:50:f5:a0:55:c1:31:1f:59:52:b0:31:5f:
         23:91:7e:89:3d:ef:d9:f3:ea:c9:98:34:c6:bd:86:b2:1a:6f:
         5e:aa:5c:57:ea:99:12:b6:ea:7f:a4:9f:9f:77:d9:08:cf:bb:
         40:64:0f:78:8c:0b:c1:58:4b:97:b0:fa:bc:0c:ea:e5:b3:ba:
         00:f8:b3:71:5c:ec:84:dd:7c:8c:e8:18:3c:c0:43:2b:49:9d:
         14:65:37:92:aa:d9:8b:55:23:35:8b:37:66:80:88:d5:40:64:
         32:85:57:15:89:f8:1c:03:b8:29:b9:61:d8:10:d7:a9:d6:bf:
         42:b4:1c:ca:40:ff:4b:a8:51:8e:20:a3:a3:22:5e:af:59:92:
         05:f6:a2:da:85:b0:98:49:01:b4:e3:fe:f1:17:02:c2:08:35:
         66:19:53:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSztbipNEkIZROlSGtGVoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWI1ZjdlODA0NGU0MjAyNzVjYmVjYWJhMGY0ZTljNzY2ODU0NmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7rv+q8PkqdG2AyY8/AzU1iwHI8g
s/uL11UKfhRaH8i1pbzwINlJleUli+PicAeu0429MiNZ67sWSWUGNcqC6NhNKbJa
MYIDuuqsxEfit7v/IYUVAZUikq8e2FslAI0Xro7QgueDh5MYzSRKzAh/EK5sT+vt
XYtM46ubpudlej4S0qPRIPwOg1sS5T9CQYJvcBiJo4jIv7YVv+TH3fT/C2MAG8XT
gL/ZVq8wt4X5Yj8tXT9/Gv9g5GWN4yRQUt2V93m0doq+x2Fk8XIQpnJuH9TYCBjQ
A7O6VG7MZGqoUJ3GH1yqUcp9iL87Vs0kZ1lw5vh64lZm+KRZNRUHhsBYQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLm19+gETkICdcvsq6D06cdmhUalMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvdWJYMzZBUk9RZ0oxeS15cm9QVHB4MmFGUnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhI/wqpg
MA0GCSqGSIb3DQEBCwUAA4IBAQBeqfhH1j21gVMqfElqOLxSbXUiwQ+pwvNxMoXh
oeG2+zOBz3IY3V4lsZIf2XdJxNqTbjVtTS7zyRgFtcnlTTfPt8gQBowugsRStQdx
+lnJiiqf0FsL3HeCUCiedWMKdhpQ9aBVwTEfWVKwMV8jkX6JPe/Z8+rJmDTGvYay
Gm9eqlxX6pkStup/pJ+fd9kIz7tAZA94jAvBWEuXsPq8DOrls7oA+LNxXOyE3XyM
6Bg8wEMrSZ0UZTeSqtmLVSM1izdmgIjVQGQyhVcVifgcA7gpuWHYENep1r9CtBzK
QP9LqFGOIKOjIl6vWZIF9qLahbCYSQG04/7xFwLCCDVmGVPZ
-----END CERTIFICATE-----