Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/020fUQ8kHEOBNC9vpkjMaLo7P8g.roa
File:                     020fUQ8kHEOBNC9vpkjMaLo7P8g.roa (raw, json)
Hash identifier:          WQ7B8z58/qRtjh6o6VwTXEkXispKzB6lD4kimo3u6a8=
Subject key identifier:   D3:6D:1F:51:0F:24:1C:43:81:34:2F:6F:A6:48:CC:68:BA:3B:3F:C8
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC602C0E59F60E7AC9F98C8C215C24
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/020fUQ8kHEOBNC9vpkjMaLo7P8g.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136744
IP address blocks:        212.30.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:60:2c:0e:59:f6:0e:7a:c9:f9:8c:8c:21:5c:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d36d1f510f241c4381342f6fa648cc68ba3b3fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:6a:cc:97:c1:39:aa:ae:86:7a:48:a5:24:46:
                    70:41:da:59:c9:d5:84:e6:d3:65:68:74:c6:d0:d3:
                    97:be:ec:12:7c:67:55:49:1b:ad:2b:fb:ef:1c:80:
                    2c:75:74:05:20:65:59:4a:58:be:d3:f0:ab:59:eb:
                    8b:33:97:52:42:17:54:e3:d1:d4:b0:f8:f7:85:b5:
                    ce:1d:e3:b0:d3:a1:56:86:a8:3f:68:87:76:f3:a2:
                    22:8b:5f:73:3e:6f:4d:f2:3f:c4:b2:6e:7a:c1:90:
                    6d:9c:44:21:19:3b:60:7d:06:b3:34:e6:6f:b5:8d:
                    9a:c4:f0:b6:99:c9:60:1c:a2:d2:41:d8:9c:eb:15:
                    09:75:23:6d:a5:d6:2c:ae:e4:0b:b4:cb:bb:23:64:
                    84:d4:70:e9:91:a4:3d:73:87:be:bc:89:b9:19:18:
                    37:49:1c:ed:bc:a5:79:32:6d:46:59:ad:c6:ff:22:
                    6d:1a:e8:58:45:88:6e:0a:f7:56:88:07:0e:03:c6:
                    b7:c0:ed:1f:4f:d4:cd:34:20:e7:6b:94:00:01:71:
                    f2:3a:e9:74:11:12:ce:77:e0:7d:5d:ae:26:7b:96:
                    a7:cb:9e:d9:e4:f8:bc:d7:22:cc:9b:c3:50:eb:c4:
                    88:b8:f0:90:f9:e6:e0:1f:ed:a3:d6:02:2f:a6:1f:
                    a3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:6D:1F:51:0F:24:1C:43:81:34:2F:6F:A6:48:CC:68:BA:3B:3F:C8
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/020fUQ8kHEOBNC9vpkjMaLo7P8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:21:a6:cd:15:23:7b:27:5f:01:7b:07:72:50:13:96:bb:a9:
         22:15:92:96:62:80:7b:ce:8c:38:d4:d0:3a:34:90:fb:57:30:
         9f:ce:01:45:46:6c:ba:97:85:05:f5:88:11:c7:7d:f3:e1:35:
         9e:bb:68:7e:05:51:bd:f1:31:f8:90:d5:4d:88:45:95:b5:2d:
         86:3b:63:3b:e8:5b:01:f0:16:c1:73:f0:ac:d6:91:28:b2:f5:
         0e:c1:7a:df:52:d9:36:e5:7c:75:7e:e8:6e:09:ab:44:33:65:
         3b:15:ae:03:e8:ff:2d:4d:43:42:36:fb:74:c2:ab:62:12:84:
         57:2c:1d:4f:0d:cf:83:69:15:15:76:d2:99:09:19:2f:1a:2d:
         cb:21:62:be:f0:b8:86:91:ee:3f:20:f0:ee:5d:52:7c:2e:00:
         cf:59:70:4c:e4:1d:64:89:4f:36:f5:f1:da:23:f5:ce:bb:d7:
         00:1c:c5:95:cd:6c:62:92:9e:3f:15:04:ea:56:52:e3:2d:8a:
         09:22:03:25:69:20:63:bc:55:7d:20:71:dc:04:19:25:13:92:
         f6:e9:f6:bb:ae:b7:e8:2b:fe:67:6e:09:23:bc:be:7e:18:a1:
         7e:b3:55:27:d5:38:04:64:bd:b4:7a:66:11:12:9e:3b:98:c6:
         d3:a7:bb:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGAsDln2DnrJ+YyMIVwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzZkMWY1MTBmMjQxYzQzODEzNDJmNmZhNjQ4Y2M2OGJhM2IzZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2rMl8E5qq6GekilJEZwQdpZydWE
5tNlaHTG0NOXvuwSfGdVSRutK/vvHIAsdXQFIGVZSli+0/CrWeuLM5dSQhdU49HU
sPj3hbXOHeOw06FWhqg/aId286Iii19zPm9N8j/Esm56wZBtnEQhGTtgfQazNOZv
tY2axPC2mclgHKLSQdic6xUJdSNtpdYsruQLtMu7I2SE1HDpkaQ9c4e+vIm5GRg3
SRztvKV5Mm1GWa3G/yJtGuhYRYhuCvdWiAcOA8a3wO0fT9TNNCDna5QAAXHyOul0
ERLOd+B9Xa4me5any57Z5Pi81yLMm8NQ68SIuPCQ+ebgH+2j1gIvph+jsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNtH1EPJBxDgTQvb6ZIzGi6Oz/IMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvMDIwZlVROGtIRU9CTkM5dnBrak1hTG83UDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1B49MA0G
CSqGSIb3DQEBCwUAA4IBAQA3IabNFSN7J18BewdyUBOWu6kiFZKWYoB7zow41NA6
NJD7VzCfzgFFRmy6l4UF9YgRx33z4TWeu2h+BVG98TH4kNVNiEWVtS2GO2M76FsB
8BbBc/Cs1pEosvUOwXrfUtk25Xx1fuhuCatEM2U7Fa4D6P8tTUNCNvt0wqtiEoRX
LB1PDc+DaRUVdtKZCRkvGi3LIWK+8LiGke4/IPDuXVJ8LgDPWXBM5B1kiU829fHa
I/XOu9cAHMWVzWxikp4/FQTqVlLjLYoJIgMlaSBjvFV9IHHcBBklE5L26fa7rrfo
K/5nbgkjvL5+GKF+s1Un1TgEZL20emYREp47mMbTp7sD
-----END CERTIFICATE-----