Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/8TY-Hfd5q5Rj4MUhE7CmY31LHyc.roa
File:                     8TY-Hfd5q5Rj4MUhE7CmY31LHyc.roa (raw, json)
Hash identifier:          vPKsfH2lh7SZOShxHi9r8ed3IerCum4ryQQ50mXWvmI=
Subject key identifier:   F1:36:3E:1D:F7:79:AB:94:63:E0:C5:21:13:B0:A6:63:7D:4B:1F:27
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       0197352E5330B3ACECBD5FD8FB93BFAFCC7B
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/8TY-Hfd5q5Rj4MUhE7CmY31LHyc.roa
Signing time:             Tue 03 Jun 2025 09:45:17 +0000
ROA not before:           Tue 03 Jun 2025 09:45:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        212.30.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:2e:53:30:b3:ac:ec:bd:5f:d8:fb:93:bf:af:cc:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jun  3 09:45:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1363e1df779ab9463e0c52113b0a6637d4b1f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:17:b8:28:b1:06:ab:17:a5:c9:2c:45:e9:ea:
                    73:09:b0:7c:3e:e6:25:35:3f:94:f0:7a:17:55:7d:
                    70:0e:44:6c:f3:dc:cf:99:9e:b5:7b:b0:95:92:ca:
                    e4:3f:57:42:53:13:80:9f:9f:0d:97:56:31:f9:31:
                    49:5e:f4:7f:83:8a:92:b7:0d:38:8f:99:78:f0:94:
                    56:c3:54:c2:f5:bc:21:73:55:4a:86:0d:3b:ce:eb:
                    0a:36:7a:29:ad:17:eb:5f:95:44:79:a6:0d:c8:28:
                    ce:f8:8c:42:4c:90:eb:01:6a:ce:b3:5a:fb:63:3f:
                    e8:52:fc:3a:ff:be:b2:84:3b:f2:b7:1a:30:f4:d5:
                    12:b5:a5:b2:ad:63:aa:6d:56:b3:76:7f:00:46:b4:
                    9a:33:e1:37:62:2e:18:41:d8:33:a0:4a:ff:4a:e5:
                    14:91:53:bf:46:36:7c:d6:03:6d:ce:37:60:b5:26:
                    a2:2a:32:99:c5:bc:f7:64:d1:02:79:9c:45:5c:de:
                    34:95:e3:06:e1:40:55:f8:42:37:a9:15:c9:ba:04:
                    3b:1d:e3:27:38:c5:00:df:a3:ea:45:26:19:55:88:
                    0d:e8:24:b9:a9:4a:cb:10:40:80:a1:56:20:bc:73:
                    bc:16:73:a6:0e:6c:fb:65:49:98:17:e5:f0:cb:d6:
                    7e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:36:3E:1D:F7:79:AB:94:63:E0:C5:21:13:B0:A6:63:7D:4B:1F:27
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/8TY-Hfd5q5Rj4MUhE7CmY31LHyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:90:c9:eb:fa:c2:70:6b:14:4d:6b:fd:25:54:80:b1:7a:ba:
         aa:3d:b2:f0:05:aa:f7:15:08:c2:f1:89:aa:e2:19:f0:5f:a6:
         ba:19:ed:33:66:b1:c4:c7:6d:0e:a6:7d:9d:4f:4d:6e:4c:90:
         f8:c9:91:a1:ff:dc:5c:64:1a:83:50:18:bc:2b:04:f8:5c:5f:
         3b:e1:a6:5a:92:69:c1:bc:c0:74:86:9c:76:b6:c6:b0:79:4c:
         b8:8e:54:50:72:07:c4:a6:9a:e1:2a:f5:c3:bc:ff:b0:3e:3a:
         d3:0c:ec:a6:64:f0:17:e6:25:09:78:80:f8:c1:b9:cd:bd:f1:
         6d:a9:ee:b5:74:7a:78:b8:ad:6f:2d:d9:02:48:46:a2:40:92:
         03:f2:8c:d4:3e:f1:99:b2:a3:5d:b8:c1:76:7b:0b:80:19:09:
         6d:9a:7f:55:1a:32:86:7e:3e:9f:74:5c:a3:3e:c2:ca:c1:be:
         db:9e:ad:ed:10:78:26:a5:44:6a:15:7a:06:60:75:2d:c8:5e:
         22:ba:d1:64:70:0e:ef:65:4b:ea:0a:5f:98:01:60:c3:3c:91:
         5a:d3:6f:29:4b:18:57:29:8c:4b:76:1b:34:86:bc:78:8d:47:
         99:f8:fb:cc:e2:2d:d7:3f:b7:11:56:4d:38:8e:c1:02:76:31:
         02:e8:c1:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1LlMws6zsvV/Y+5O/r8x7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjUwNjAzMDk0NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTM2M2UxZGY3NzlhYjk0NjNlMGM1MjExM2IwYTY2MzdkNGIxZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRe4KLEGqxelySxF6epzCbB8PuYl
NT+U8HoXVX1wDkRs89zPmZ61e7CVksrkP1dCUxOAn58Nl1Yx+TFJXvR/g4qStw04
j5l48JRWw1TC9bwhc1VKhg07zusKNnoprRfrX5VEeaYNyCjO+IxCTJDrAWrOs1r7
Yz/oUvw6/76yhDvytxow9NUStaWyrWOqbVazdn8ARrSaM+E3Yi4YQdgzoEr/SuUU
kVO/RjZ81gNtzjdgtSaiKjKZxbz3ZNECeZxFXN40leMG4UBV+EI3qRXJugQ7HeMn
OMUA36PqRSYZVYgN6CS5qUrLEECAoVYgvHO8FnOmDmz7ZUmYF+Xwy9Z+aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPE2Ph33eauUY+DFIROwpmN9Sx8nMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvOFRZLUhmZDVxNVJqNE1VaEU3Q21ZMzFMSHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1B4sMA0G
CSqGSIb3DQEBCwUAA4IBAQCVkMnr+sJwaxRNa/0lVICxerqqPbLwBar3FQjC8Ymq
4hnwX6a6Ge0zZrHEx20Opn2dT01uTJD4yZGh/9xcZBqDUBi8KwT4XF874aZakmnB
vMB0hpx2tsaweUy4jlRQcgfEpprhKvXDvP+wPjrTDOymZPAX5iUJeID4wbnNvfFt
qe61dHp4uK1vLdkCSEaiQJID8ozUPvGZsqNduMF2ewuAGQltmn9VGjKGfj6fdFyj
PsLKwb7bnq3tEHgmpURqFXoGYHUtyF4iutFkcA7vZUvqCl+YAWDDPJFa028pSxhX
KYxLdhs0hrx4jUeZ+PvM4i3XP7cRVk04jsECdjEC6MEl
-----END CERTIFICATE-----