Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vUKDpBge-I70kV-soynJG5IgEho.roa
File:                     vUKDpBge-I70kV-soynJG5IgEho.roa (raw, json)
Hash identifier:          3/tsvVKEz6fwFayN65Gf37xFXXn7SK/RsS9H1ptfBWw=
Subject key identifier:   BD:42:83:A4:18:1E:F8:8E:F4:91:5F:AC:A3:29:C9:1B:92:20:12:1A
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067E9B289A09DD3A477384C6540DF3B
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vUKDpBge-I70kV-soynJG5IgEho.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201815
IP address blocks:        2a12:3fc2:ab30::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e9:b2:89:a0:9d:d3:a4:77:38:4c:65:40:df:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd4283a4181ef88ef4915faca329c91b9220121a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3b:a6:e7:26:e2:4d:67:c6:d1:41:f0:58:a0:
                    d6:4a:0c:2b:d8:e3:9b:74:f9:91:f7:5a:ae:86:68:
                    58:92:a4:33:39:81:24:69:c9:85:4a:ce:59:60:a4:
                    6e:79:16:97:8e:d7:93:33:9c:ad:26:8e:69:ca:d5:
                    35:d0:ad:c6:7a:f5:8b:ac:1c:86:5c:e2:5b:e6:f1:
                    8b:bc:c4:19:4b:2e:75:14:d8:3f:48:e0:c1:b8:b8:
                    d1:d2:5b:d5:a0:da:92:e3:ba:e7:7c:97:fa:23:86:
                    9e:d1:5e:4e:05:14:49:83:a0:6d:e1:5c:15:a6:d2:
                    0b:16:70:1d:ea:3b:59:2b:58:d7:96:b4:37:83:c4:
                    3d:db:84:eb:c0:a0:89:04:19:cf:c1:f1:5f:51:ef:
                    80:bf:b4:94:41:79:6c:8c:4c:74:47:2c:69:ea:7d:
                    e2:07:24:72:1f:3a:ee:dc:a4:98:36:b3:35:da:27:
                    e9:45:4e:27:2b:96:d2:86:d2:c6:a3:6a:f9:1a:34:
                    42:b8:dc:e1:50:8f:6c:29:29:14:46:bf:9f:51:40:
                    c8:e6:0c:6c:af:f9:93:35:a4:59:57:b6:f9:a5:a6:
                    af:52:6c:8f:be:b8:8f:d7:85:88:59:b3:1f:8b:5a:
                    6c:77:82:15:c9:5d:80:5d:ed:1d:22:e8:f4:1a:3b:
                    83:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:42:83:A4:18:1E:F8:8E:F4:91:5F:AC:A3:29:C9:1B:92:20:12:1A
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vUKDpBge-I70kV-soynJG5IgEho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:ab30::/44

    Signature Algorithm: sha256WithRSAEncryption
         35:ff:ba:45:ef:e4:06:38:e5:22:ff:5b:95:6d:a4:af:11:be:
         89:ef:e9:24:c5:2c:92:3e:99:a2:3e:e2:fa:dd:3f:5d:e9:07:
         eb:44:76:82:62:f0:e7:35:0d:5b:d2:0c:4e:ff:da:43:9a:86:
         d7:a2:b8:00:f0:bc:3a:b9:d2:68:6d:a7:5b:72:2e:7d:41:24:
         2e:f5:6f:53:9c:10:72:4f:c6:d3:7e:e9:f1:53:1f:ee:2f:53:
         34:90:36:f5:f5:8b:17:5f:04:29:88:58:ba:60:a0:8e:be:4b:
         5e:19:11:f7:62:cc:a6:bc:32:10:9c:b8:fd:2d:05:48:a7:1d:
         2a:b4:9b:08:b7:97:81:29:a5:87:17:79:d7:5d:0b:d2:a9:8b:
         08:ba:87:84:8d:6c:7f:f0:cf:39:5d:2d:8f:4d:16:3b:35:14:
         de:a0:f5:3a:de:0c:cf:ba:59:fd:e3:cf:2a:91:dc:cb:83:8c:
         e7:58:02:4d:33:3e:15:23:43:6a:45:39:3c:38:a2:78:60:fe:
         49:d0:84:de:25:61:f2:ce:71:87:84:55:aa:b7:1c:d9:d9:4b:
         0a:73:12:98:a0:06:73:87:35:43:89:35:9a:22:fc:dd:dd:7d:
         cd:b2:b3:92:f7:2e:59:66:89:24:b6:1c:44:2c:10:02:2a:86:
         1f:0c:e6:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgZ+myiaCd06R3OExlQN87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQyODNhNDE4MWVmODhlZjQ5MTVmYWNhMzI5YzkxYjkyMjAxMjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzum5ybiTWfG0UHwWKDWSgwr2OOb
dPmR91quhmhYkqQzOYEkacmFSs5ZYKRueRaXjteTM5ytJo5pytU10K3GevWLrByG
XOJb5vGLvMQZSy51FNg/SODBuLjR0lvVoNqS47rnfJf6I4ae0V5OBRRJg6Bt4VwV
ptILFnAd6jtZK1jXlrQ3g8Q924TrwKCJBBnPwfFfUe+Av7SUQXlsjEx0Ryxp6n3i
ByRyHzru3KSYNrM12ifpRU4nK5bShtLGo2r5GjRCuNzhUI9sKSkURr+fUUDI5gxs
r/mTNaRZV7b5paavUmyPvriP14WIWbMfi1psd4IVyV2AXe0dIuj0GjuD1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL1Cg6QYHviO9JFfrKMpyRuSIBIaMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvdlVLRHBCZ2UtSTcwa1Ytc295bkpHNUlnRWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/wqsw
MA0GCSqGSIb3DQEBCwUAA4IBAQA1/7pF7+QGOOUi/1uVbaSvEb6J7+kkxSySPpmi
PuL63T9d6QfrRHaCYvDnNQ1b0gxO/9pDmobXorgA8Lw6udJobadbci59QSQu9W9T
nBByT8bTfunxUx/uL1M0kDb19YsXXwQpiFi6YKCOvkteGRH3YsymvDIQnLj9LQVI
px0qtJsIt5eBKaWHF3nXXQvSqYsIuoeEjWx/8M85XS2PTRY7NRTeoPU63gzPuln9
488qkdzLg4znWAJNMz4VI0NqRTk8OKJ4YP5J0ITeJWHyznGHhFWqtxzZ2UsKcxKY
oAZzhzVDiTWaIvzd3X3NsrOS9y5ZZokkthxELBACKoYfDOZO
-----END CERTIFICATE-----