Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/y2cUyg-taYmCtaccxoT0zThzGhg.roa
File:                     y2cUyg-taYmCtaccxoT0zThzGhg.roa (raw, json)
Hash identifier:          O06NMdy1ZcnworAQ7e72Ns6udm8KG4O/nU2pwhnM9Qg=
Subject key identifier:   CB:67:14:CA:0F:AD:69:89:82:B5:A7:1C:C6:84:F4:CD:38:73:1A:18
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3BC2DA8D4A0D4AD5FCCF3434A0AD
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/y2cUyg-taYmCtaccxoT0zThzGhg.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203283
IP address blocks:        2a12:3fc2:1b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3b:c2:da:8d:4a:0d:4a:d5:fc:cf:34:34:a0:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb6714ca0fad698982b5a71cc684f4cd38731a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:33:14:f1:91:9d:a6:08:e9:13:ef:88:e8:a6:
                    7e:7b:cd:79:f7:20:b3:4f:9f:19:7f:d7:58:25:8c:
                    8b:36:15:be:c5:e0:f2:38:56:ea:70:94:fd:a0:1c:
                    1f:fb:93:6e:a9:fe:e3:c3:18:a1:96:35:e9:04:95:
                    94:28:46:c1:e3:6e:5c:76:00:7e:5c:64:66:12:f5:
                    97:00:58:0a:e8:10:87:9e:cf:14:99:6b:5c:14:7c:
                    86:15:7d:11:65:72:5c:dc:5d:3f:ad:4a:8b:fd:e3:
                    ea:6d:de:bd:7e:d1:b1:28:a7:bb:a4:c0:94:80:23:
                    af:f1:43:5b:5a:ad:5c:24:9e:76:0b:ed:45:a6:42:
                    1f:ac:4f:34:18:38:12:18:63:c2:81:51:fa:20:c7:
                    2d:97:5b:0b:56:1d:5b:59:0e:01:5d:b7:cc:ce:28:
                    ec:d4:73:02:43:64:29:f8:bd:76:b1:98:dc:52:ae:
                    94:cc:55:ce:7b:ba:98:67:00:b8:bc:a5:eb:db:82:
                    d2:e2:89:48:56:4d:73:04:9f:ac:96:14:d9:39:60:
                    ba:7e:61:f8:c7:43:ff:e2:0a:84:27:6a:fc:46:09:
                    26:90:46:e7:26:e3:df:0b:25:10:22:76:18:f3:96:
                    03:84:fc:68:a0:e6:e9:60:7c:48:bc:60:53:96:54:
                    96:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:67:14:CA:0F:AD:69:89:82:B5:A7:1C:C6:84:F4:CD:38:73:1A:18
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/y2cUyg-taYmCtaccxoT0zThzGhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:1b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         29:63:71:4f:82:89:44:38:e4:43:ae:9b:1c:67:4e:ba:20:37:
         c6:0a:ff:b5:a8:fc:d6:75:89:ae:9f:e7:4c:ee:bc:92:48:bd:
         03:6f:58:ae:1a:94:ab:5f:8a:bd:01:de:1f:81:9b:fa:c3:15:
         8b:c7:63:ee:e8:da:be:a8:44:ad:8b:9d:14:72:d3:61:b2:b6:
         d2:7e:e8:50:f8:97:00:37:50:cf:a8:24:fe:64:d0:8d:d1:0e:
         46:91:e8:2e:3c:9a:cf:6f:cc:56:bc:d8:bf:ab:3a:08:be:78:
         f3:2c:ee:4e:cb:20:cf:68:f8:89:9a:4f:4e:14:4c:f4:12:54:
         81:ad:68:22:8c:4f:9a:77:76:13:74:0e:92:d0:ff:93:eb:3d:
         72:41:58:21:46:43:b3:06:94:c3:02:3c:d4:5d:f0:b0:41:9c:
         37:9e:30:4b:52:1b:41:64:1e:8c:c8:72:d3:9c:1c:47:f7:61:
         8a:cc:d2:28:52:5c:c0:37:26:38:ef:16:b5:99:f8:b4:22:03:
         d1:05:66:e0:91:13:96:ea:a4:3c:24:dc:d4:31:be:c7:de:49:
         05:75:7e:36:38:e6:9e:86:5a:6e:9e:19:82:99:0c:18:31:51:
         48:fa:e7:a8:6c:9e:7b:7e:64:8c:fa:d7:ef:95:cf:2c:17:38:
         97:be:8b:54
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSzvC2o1KDUrV/M80NKCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjY3MTRjYTBmYWQ2OTg5ODJiNWE3MWNjNjg0ZjRjZDM4NzMxYTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjMU8ZGdpgjpE++I6KZ+e8159yCz
T58Zf9dYJYyLNhW+xeDyOFbqcJT9oBwf+5Nuqf7jwxihljXpBJWUKEbB425cdgB+
XGRmEvWXAFgK6BCHns8UmWtcFHyGFX0RZXJc3F0/rUqL/ePqbd69ftGxKKe7pMCU
gCOv8UNbWq1cJJ52C+1FpkIfrE80GDgSGGPCgVH6IMctl1sLVh1bWQ4BXbfMzijs
1HMCQ2Qp+L12sZjcUq6UzFXOe7qYZwC4vKXr24LS4olIVk1zBJ+slhTZOWC6fmH4
x0P/4gqEJ2r8RgkmkEbnJuPfCyUQInYY85YDhPxooObpYHxIvGBTllSWjwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMtnFMoPrWmJgrWnHMaE9M04cxoYMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEveTJjVXlnLXRhWW1DdGFjY3hvVDB6VGh6R2hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/whsw
DQYJKoZIhvcNAQELBQADggEBACljcU+CiUQ45EOumxxnTrogN8YK/7Wo/NZ1ia6f
50zuvJJIvQNvWK4alKtfir0B3h+Bm/rDFYvHY+7o2r6oRK2LnRRy02GyttJ+6FD4
lwA3UM+oJP5k0I3RDkaR6C48ms9vzFa82L+rOgi+ePMs7k7LIM9o+ImaT04UTPQS
VIGtaCKMT5p3dhN0DpLQ/5PrPXJBWCFGQ7MGlMMCPNRd8LBBnDeeMEtSG0FkHozI
ctOcHEf3YYrM0ihSXMA3JjjvFrWZ+LQiA9EFZuCRE5bqpDwk3NQxvsfeSQV1fjY4
5p6GWm6eGYKZDBgxUUj656hsnnt+ZIz61++VzywXOJe+i1Q=
-----END CERTIFICATE-----