Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vdrQAOZ8OFmDENkyDxCbVWB-MI8.roa
File:                     vdrQAOZ8OFmDENkyDxCbVWB-MI8.roa (raw, json)
Hash identifier:          pGL+dg1Hf1AU9tAujtgYHRq7PTyi52VvMOJPiXbM8Cg=
Subject key identifier:   BD:DA:D0:00:E6:7C:38:59:83:10:D9:32:0F:10:9B:55:60:7E:30:8F
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B35AC10D84C90FCAFB32B3F010250
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vdrQAOZ8OFmDENkyDxCbVWB-MI8.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57330
IP address blocks:        2a12:3fc6::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:35:ac:10:d8:4c:90:fc:af:b3:2b:3f:01:02:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bddad000e67c38598310d9320f109b55607e308f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d3:1f:a7:5e:ea:fe:cd:cf:47:61:d3:2e:d3:
                    f3:78:52:78:2d:f5:e9:ac:3b:3b:55:10:b2:56:1a:
                    a2:9a:11:34:43:56:36:55:59:27:f6:93:bc:f7:59:
                    b9:a1:0e:4a:ed:a2:08:4d:11:43:a0:45:7a:6c:1d:
                    15:91:8a:c9:5c:ea:ac:94:8e:63:31:8d:56:1b:7f:
                    c2:8d:9e:c1:60:4b:10:82:65:c3:20:5b:b1:d5:78:
                    89:7f:99:83:66:76:8a:d5:ac:8e:04:fa:4f:76:25:
                    4a:11:67:19:96:3a:aa:fc:c7:50:43:02:1d:69:d4:
                    a7:ea:a7:d0:98:79:e1:11:e7:e8:15:08:fc:38:0e:
                    98:c1:67:df:18:28:cd:b6:a5:f0:b0:61:81:de:5f:
                    4c:de:40:ee:a3:05:17:d5:a2:49:6d:b0:c1:01:c3:
                    e9:3c:b9:f1:18:53:1c:87:7f:58:0f:3d:48:1e:94:
                    e4:4f:09:36:2e:1a:c4:72:0d:d5:7d:92:4a:79:5b:
                    33:3c:24:5c:98:65:4d:eb:18:a4:18:85:9c:b0:15:
                    89:97:bc:d5:51:83:d6:2d:5d:d2:5d:08:5f:e2:d2:
                    c2:ec:11:83:79:b3:32:ee:a0:22:26:80:0a:0b:7b:
                    2c:2b:e0:79:f0:f2:35:97:9c:cd:89:4c:b9:79:65:
                    a2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:DA:D0:00:E6:7C:38:59:83:10:D9:32:0F:10:9B:55:60:7E:30:8F
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vdrQAOZ8OFmDENkyDxCbVWB-MI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc6::/44

    Signature Algorithm: sha256WithRSAEncryption
         ca:57:24:c2:5e:b1:b3:53:96:e2:e3:6f:4c:65:94:fe:30:e1:
         4f:e2:cb:32:ce:21:82:b9:d9:db:c7:3b:8c:f6:e3:b5:ed:b7:
         c3:7b:2b:2e:20:60:e8:f0:0c:0d:d7:6f:c9:21:b6:c7:e9:60:
         f4:e3:80:ee:d8:89:90:08:4d:96:61:ce:f8:9e:f1:df:d9:eb:
         57:98:57:94:67:5d:84:ad:67:91:0c:08:a0:34:35:38:c6:a8:
         70:43:f9:a2:cc:84:09:bc:9f:bd:02:86:24:a0:f7:47:a9:93:
         f1:d9:12:ac:f6:64:f0:0a:a8:57:7a:a4:92:80:d1:21:03:ed:
         8b:de:21:a9:c5:6e:ea:e5:26:ce:75:2b:b5:8d:76:bb:8f:aa:
         1f:df:26:6a:81:30:9a:79:25:3a:c2:03:d1:37:54:98:1a:dd:
         6a:7f:9c:56:c9:72:7a:79:6e:86:6c:06:5a:43:ec:34:dd:36:
         bd:b1:ca:b2:50:dc:e4:73:0f:d9:bf:c1:18:ea:6a:ea:f4:f7:
         f0:f4:1a:11:17:21:cd:2c:97:cd:96:d7:bd:b1:c3:c4:70:bf:
         c6:49:0c:a1:50:0f:47:51:3d:1f:79:f3:82:f0:1b:90:ae:4d:
         e6:d7:e0:5f:71:eb:20:9b:ba:0e:05:3f:d6:6d:ca:29:c6:2a:
         49:f0:28:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSzWsENhMkPyvsys/AQJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGRhZDAwMGU2N2MzODU5ODMxMGQ5MzIwZjEwOWI1NTYwN2UzMDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptMfp17q/s3PR2HTLtPzeFJ4LfXp
rDs7VRCyVhqimhE0Q1Y2VVkn9pO891m5oQ5K7aIITRFDoEV6bB0VkYrJXOqslI5j
MY1WG3/CjZ7BYEsQgmXDIFux1XiJf5mDZnaK1ayOBPpPdiVKEWcZljqq/MdQQwId
adSn6qfQmHnhEefoFQj8OA6YwWffGCjNtqXwsGGB3l9M3kDuowUX1aJJbbDBAcPp
PLnxGFMch39YDz1IHpTkTwk2LhrEcg3VfZJKeVszPCRcmGVN6xikGIWcsBWJl7zV
UYPWLV3SXQhf4tLC7BGDebMy7qAiJoAKC3ssK+B58PI1l5zNiUy5eWWi1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL3a0ADmfDhZgxDZMg8Qm1VgfjCPMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvdmRyUUFPWjhPRm1ERU5reUR4Q2JWV0ItTUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/xgAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDKVyTCXrGzU5bi429MZZT+MOFP4ssyziGCudnb
xzuM9uO17bfDeysuIGDo8AwN12/JIbbH6WD044Du2ImQCE2WYc74nvHf2etXmFeU
Z12ErWeRDAigNDU4xqhwQ/mizIQJvJ+9AoYkoPdHqZPx2RKs9mTwCqhXeqSSgNEh
A+2L3iGpxW7q5SbOdSu1jXa7j6of3yZqgTCaeSU6wgPRN1SYGt1qf5xWyXJ6eW6G
bAZaQ+w03Ta9scqyUNzkcw/Zv8EY6mrq9Pfw9BoRFyHNLJfNlte9scPEcL/GSQyh
UA9HUT0fefOC8BuQrk3m1+Bfcesgm7oOBT/WbcopxipJ8CiL
-----END CERTIFICATE-----