Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/FJiZaMUBtAUUCAR7GnrCeKRKaiY.roa
File:                     FJiZaMUBtAUUCAR7GnrCeKRKaiY.roa (raw, json)
Hash identifier:          82c//JgDtlzilUCwfHn76Vm7Sb7ZZYLIJ/9BrLfCwhg=
Subject key identifier:   14:98:99:68:C5:01:B4:05:14:08:04:7B:1A:7A:C2:78:A4:4A:6A:26
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC62298F887B90146B2E0F2F4B0E75
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/FJiZaMUBtAUUCAR7GnrCeKRKaiY.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        212.30.35.0/24 maxlen: 24
                          212.30.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:62:29:8f:88:7b:90:14:6b:2e:0f:2f:4b:0e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14989968c501b4051408047b1a7ac278a44a6a26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b5:4e:42:09:67:62:6c:8a:97:39:9a:e4:a9:
                    62:03:dc:85:ff:5d:a6:ef:55:e4:7d:5e:39:74:77:
                    b0:8e:c3:34:d1:bf:68:8f:59:fe:fa:51:48:6d:7c:
                    f0:83:dc:85:7f:a4:c2:81:5c:b3:95:8e:4d:1f:43:
                    d8:7e:71:1d:16:1f:f4:91:aa:95:ad:e6:56:da:2d:
                    26:89:94:e4:9a:50:dd:a0:2f:78:e6:78:12:dd:74:
                    d2:e8:a9:76:28:f4:13:c2:da:75:6b:b3:15:fd:66:
                    1f:aa:37:d8:6e:4e:cd:64:fb:6a:e3:8d:3b:86:5a:
                    d2:38:94:59:27:57:19:a0:62:aa:99:48:15:f2:f4:
                    2e:ff:8d:db:d3:f1:11:4b:86:e4:7a:7e:fd:6d:82:
                    0b:5e:b9:0e:fb:48:05:4b:7d:29:b8:b0:b3:0c:9e:
                    55:1a:6e:9e:01:86:07:2c:64:db:5b:3f:c7:75:4e:
                    b5:91:fd:88:99:a0:3a:ac:2e:c5:06:4d:d2:f0:6f:
                    6d:3b:9c:4f:f7:87:90:d4:fb:31:42:bf:94:17:c9:
                    29:03:a2:80:57:75:6d:26:2f:72:86:f7:92:f5:3a:
                    7d:50:14:39:7a:20:87:29:75:05:82:0c:f9:fc:15:
                    7e:dd:64:ba:3d:00:fc:56:70:f5:60:77:69:74:03:
                    2a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:98:99:68:C5:01:B4:05:14:08:04:7B:1A:7A:C2:78:A4:4A:6A:26
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/FJiZaMUBtAUUCAR7GnrCeKRKaiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.35.0/24
                  212.30.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:de:96:73:8a:f4:03:b4:63:70:52:f4:56:20:c3:62:d3:da:
         22:f8:e8:2b:f9:c0:4c:f9:f0:6a:35:f0:c2:47:54:6d:36:1c:
         83:b5:8e:c7:b7:64:9f:fd:a5:39:63:fe:88:b1:21:96:92:94:
         ba:17:34:57:9c:cc:cb:12:3d:99:38:8b:98:35:78:ac:dc:f0:
         26:c9:98:5d:53:b7:d9:ea:5c:ec:0f:9e:02:47:25:ba:9f:fd:
         b0:13:22:ef:31:06:ba:3c:39:02:c2:44:af:66:0c:71:96:b8:
         e8:ce:84:34:e6:e7:30:9c:b3:51:98:e3:62:5e:cd:de:e4:2a:
         96:37:22:4b:73:9d:72:a0:8c:95:b7:0f:a8:68:c1:ef:8c:0e:
         4b:f1:6d:c8:31:63:aa:3d:7b:b6:f4:70:ee:29:32:7e:54:c1:
         78:4e:d1:e0:4b:4d:62:02:bb:88:77:13:e6:93:4f:da:9a:54:
         0d:2e:20:4b:64:f6:e9:d1:81:9b:24:2a:d5:f6:eb:f8:f2:a3:
         25:79:92:e3:1a:0c:0b:1f:20:99:4b:ae:0d:ae:03:e7:cd:d7:
         8d:9b:b1:b7:37:22:02:e3:61:ff:4c:51:cb:fb:f6:4a:93:4b:
         03:78:f7:56:8d:1a:6e:4b:14:f0:29:3a:7c:7e:91:36:43:73:
         7a:c6:58:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvGIpj4h7kBRrLg8vSw51MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDk4OTk2OGM1MDFiNDA1MTQwODA0N2IxYTdhYzI3OGE0NGE2YTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbVOQglnYmyKlzma5KliA9yF/12m
71XkfV45dHewjsM00b9oj1n++lFIbXzwg9yFf6TCgVyzlY5NH0PYfnEdFh/0kaqV
reZW2i0miZTkmlDdoC945ngS3XTS6Kl2KPQTwtp1a7MV/WYfqjfYbk7NZPtq4407
hlrSOJRZJ1cZoGKqmUgV8vQu/43b0/ERS4bken79bYILXrkO+0gFS30puLCzDJ5V
Gm6eAYYHLGTbWz/HdU61kf2ImaA6rC7FBk3S8G9tO5xP94eQ1PsxQr+UF8kpA6KA
V3VtJi9yhveS9Tp9UBQ5eiCHKXUFggz5/BV+3WS6PQD8VnD1YHdpdAMqmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBSYmWjFAbQFFAgEexp6wnikSmomMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvRkppWmFNVUJ0QVVVQ0FSN0duckNlS1JLYWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1B4jAwQA
1B4/MA0GCSqGSIb3DQEBCwUAA4IBAQBP3pZzivQDtGNwUvRWIMNi09oi+Ogr+cBM
+fBqNfDCR1RtNhyDtY7Ht2Sf/aU5Y/6IsSGWkpS6FzRXnMzLEj2ZOIuYNXis3PAm
yZhdU7fZ6lzsD54CRyW6n/2wEyLvMQa6PDkCwkSvZgxxlrjozoQ05ucwnLNRmONi
Xs3e5CqWNyJLc51yoIyVtw+oaMHvjA5L8W3IMWOqPXu29HDuKTJ+VMF4TtHgS01i
AruIdxPmk0/amlQNLiBLZPbp0YGbJCrV9uv48qMleZLjGgwLHyCZS64NrgPnzdeN
m7G3NyIC42H/TFHL+/ZKk0sDePdWjRpuSxTwKTp8fpE2Q3N6xlim
-----END CERTIFICATE-----