Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/zng4XuObR4v8Ju2sMJ-PIMeJzFE.roa
File:                     zng4XuObR4v8Ju2sMJ-PIMeJzFE.roa (raw, json)
Hash identifier:          iDTTlVa8fA4mbYnXY+4Bt2SLOp0lkbr6Zk/ONf4Tgl4=
Subject key identifier:   CE:78:38:5E:E3:9B:47:8B:FC:26:ED:AC:30:9F:8F:20:C7:89:CC:51
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067E4A77CAA5370346BBB62E77F301C
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/zng4XuObR4v8Ju2sMJ-PIMeJzFE.roa
Signing time:             Wed 01 Jan 2025 05:47:47 +0000
ROA not before:           Wed 01 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48771
IP address blocks:        2a12:3fc0:4877::/48 maxlen: 48
                          2a12:3fc7:7000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e4:a7:7c:aa:53:70:34:6b:bb:62:e7:7f:30:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce78385ee39b478bfc26edac309f8f20c789cc51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3e:b3:81:fb:b7:25:5b:ab:f2:54:cb:89:be:
                    ec:4c:11:7c:ec:55:78:9f:52:c7:23:7a:07:ec:9c:
                    d0:dd:5d:73:39:25:4e:5d:9b:2b:6d:32:64:72:76:
                    14:ca:56:68:51:25:7d:a7:b2:13:51:06:87:08:75:
                    8d:7c:82:d2:b7:7c:13:3e:26:47:b4:10:84:94:a9:
                    93:42:53:a0:68:32:b5:ba:24:d9:ec:3b:f7:38:41:
                    b6:a7:87:2a:41:13:93:22:58:66:26:83:c3:12:fd:
                    e4:e8:72:25:bc:84:0e:43:68:2f:7f:06:cd:9f:c5:
                    22:b4:4d:c8:e0:5e:79:d1:d1:9c:d9:f1:84:de:01:
                    ee:46:38:ba:1b:1e:e2:b6:f2:e3:8d:a2:0f:36:5b:
                    52:0e:cf:2f:ae:89:c1:4e:6b:31:97:d0:c3:54:6e:
                    ec:e5:b2:ce:a4:18:1f:ba:f7:a2:f5:ae:fe:30:e3:
                    f1:9f:f5:f4:83:24:49:96:e4:4e:20:36:62:4f:eb:
                    2f:41:e9:28:24:bb:e7:77:c6:97:77:21:91:ae:04:
                    64:1b:ee:16:a2:ac:3a:38:f9:da:bc:3c:f7:a8:7c:
                    29:56:61:f5:52:07:06:c5:95:53:71:f5:17:e1:31:
                    f1:2b:a5:45:ef:35:6d:7a:98:3b:b9:c2:88:68:b8:
                    39:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:78:38:5E:E3:9B:47:8B:FC:26:ED:AC:30:9F:8F:20:C7:89:CC:51
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/zng4XuObR4v8Ju2sMJ-PIMeJzFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc0:4877::/48
                  2a12:3fc7:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a5:f3:a7:fb:66:0e:0c:50:e6:5b:6d:77:af:ed:fe:7e:0a:be:
         82:55:46:0e:7a:04:4a:40:0e:df:ba:2e:c0:57:76:1f:53:10:
         76:81:1e:49:2d:05:d1:1b:9b:13:62:ea:39:2f:85:5b:e6:fa:
         98:37:b9:19:7f:9e:d8:06:fa:9d:ce:e0:ba:af:e2:f4:0e:a1:
         05:b6:ed:42:70:6c:c6:cb:ea:5a:0e:b1:6f:45:64:87:ae:07:
         ff:12:23:85:bb:20:00:21:e1:46:68:83:69:da:24:79:64:b5:
         5d:6c:8b:04:1f:6e:dc:52:61:d4:fd:03:a4:cf:2d:1f:aa:49:
         5a:f8:07:ac:84:f9:d3:9e:36:a7:b6:68:48:1a:e0:cf:6b:fe:
         0c:39:c2:ba:8c:7f:f5:f4:62:a1:34:2b:fc:19:d6:d2:a4:9e:
         ed:2e:52:2e:f2:e6:e7:a4:ae:64:ee:a6:da:35:44:33:5a:27:
         d2:62:7b:dd:a2:15:22:3c:f1:75:0b:a9:ec:98:e9:9a:0e:db:
         e5:bf:37:a2:af:4e:46:56:60:64:f9:1f:20:cb:22:41:58:ad:
         04:e0:4a:e6:de:a2:b0:82:92:75:9a:4a:9f:a4:7b:c5:be:06:
         77:7e:1c:97:29:4c:72:2f:5a:b5:a3:73:65:75:df:c1:77:93:
         11:cd:d8:8f
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQgZ+SnfKpTcDRru2LnfzAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTc4Mzg1ZWUzOWI0NzhiZmMyNmVkYWMzMDlmOGYyMGM3ODljYzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0T6zgfu3JVur8lTLib7sTBF87FV4
n1LHI3oH7JzQ3V1zOSVOXZsrbTJkcnYUylZoUSV9p7ITUQaHCHWNfILSt3wTPiZH
tBCElKmTQlOgaDK1uiTZ7Dv3OEG2p4cqQROTIlhmJoPDEv3k6HIlvIQOQ2gvfwbN
n8UitE3I4F550dGc2fGE3gHuRji6Gx7itvLjjaIPNltSDs8vronBTmsxl9DDVG7s
5bLOpBgfuvei9a7+MOPxn/X0gyRJluROIDZiT+svQekoJLvnd8aXdyGRrgRkG+4W
oqw6OPnavDz3qHwpVmH1UgcGxZVTcfUX4THxK6VF7zVtepg7ucKIaLg5rQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFM54OF7jm0eL/CbtrDCfjyDHicxRMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvem5nNFh1T2JSNHY4SnUyc01KLVBJTWVKekZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhI/wEh3
AwYEKhI/x3AwDQYJKoZIhvcNAQELBQADggEBAKXzp/tmDgxQ5lttd6/t/n4KvoJV
Rg56BEpADt+6LsBXdh9TEHaBHkktBdEbmxNi6jkvhVvm+pg3uRl/ntgG+p3O4Lqv
4vQOoQW27UJwbMbL6loOsW9FZIeuB/8SI4W7IAAh4UZog2naJHlktV1siwQfbtxS
YdT9A6TPLR+qSVr4B6yE+dOeNqe2aEga4M9r/gw5wrqMf/X0YqE0K/wZ1tKknu0u
Ui7y5uekrmTupto1RDNaJ9Jie92iFSI88XULqeyY6ZoO2+W/N6KvTkZWYGT5HyDL
IkFYrQTgSubeorCCknWaSp+ke8W+Bnd+HJcpTHIvWrWjc2V138F3kxHN2I8=
-----END CERTIFICATE-----