Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/Uj3RRxvldIS7KO3N2_uESZFn0pQ.roa
File:                     Uj3RRxvldIS7KO3N2_uESZFn0pQ.roa (raw, json)
Hash identifier:          JIw4TqMp1EoDsc28RdZBznl7CyXaNXBOdlHkV131ciE=
Subject key identifier:   52:3D:D1:47:1B:E5:74:84:BB:28:ED:CD:DB:FB:84:49:91:67:D2:94
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       0191222746CE2D846B2B66378C77378D212D
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/Uj3RRxvldIS7KO3N2_uESZFn0pQ.roa
Signing time:             Mon 05 Aug 2024 10:48:04 +0000
ROA not before:           Mon 05 Aug 2024 10:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43019
IP address blocks:        212.30.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:22:27:46:ce:2d:84:6b:2b:66:37:8c:77:37:8d:21:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Aug  5 10:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=523dd1471be57484bb28edcddbfb84499167d294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8d:0c:14:8e:8b:a1:56:2f:46:43:cf:a5:a9:
                    d3:4d:c8:27:42:8b:a0:4e:ce:b5:d3:d9:18:01:84:
                    b8:ad:f2:3b:c7:31:7e:d7:b3:54:ae:d5:12:a9:8e:
                    dc:5e:50:2f:3c:7d:c2:09:d0:31:0b:20:57:41:32:
                    4e:bc:a8:4f:2f:31:36:88:82:ac:92:7d:c8:8a:09:
                    13:85:7a:c1:b8:bd:fb:8c:63:c9:d0:71:ec:88:90:
                    5b:67:c7:5b:fc:57:36:19:42:e2:8b:26:10:53:24:
                    d0:8f:82:9e:27:1d:6c:24:12:b3:49:ac:d8:cd:3d:
                    00:53:31:53:dd:fa:82:e3:32:8b:3f:ab:87:62:83:
                    3e:96:9d:20:af:16:1b:dd:f8:7a:28:fa:7d:2d:c3:
                    ef:47:c0:fe:c0:49:44:30:2b:9c:33:6c:81:ec:00:
                    fd:32:1a:1c:48:ab:4d:92:93:9e:21:02:4f:57:b1:
                    ab:29:ba:d6:c7:05:25:06:d8:7d:90:1f:42:1d:08:
                    57:d1:40:a8:8a:f7:8b:a9:a2:67:8d:22:d2:48:c0:
                    81:b5:ef:a7:84:ed:b8:91:20:a7:81:5f:15:86:66:
                    e1:23:61:b6:8d:88:71:1e:e5:eb:f2:54:16:25:eb:
                    52:dd:c3:b9:e4:5d:dd:61:28:82:e7:46:73:78:ae:
                    ab:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:3D:D1:47:1B:E5:74:84:BB:28:ED:CD:DB:FB:84:49:91:67:D2:94
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/Uj3RRxvldIS7KO3N2_uESZFn0pQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:32:55:6c:ce:02:45:37:5c:8e:16:87:ef:c7:83:67:5c:12:
         68:e4:cb:b5:ff:8a:01:26:1f:7f:8e:0f:4d:a2:1c:74:da:74:
         fe:e4:05:9b:f1:c4:43:59:73:ab:1f:7c:ea:33:20:b5:80:d3:
         e9:9b:6d:49:a8:32:98:3b:86:44:9f:59:5f:51:0b:80:69:5f:
         6d:8d:5a:02:1b:7e:0e:bd:28:e2:a1:82:28:65:e2:69:92:6a:
         85:c0:03:16:21:79:13:6c:11:97:63:da:c8:76:5c:b8:a3:3f:
         ba:f2:4b:df:23:48:a7:10:c6:c6:79:e6:c8:c0:8c:a9:a7:fc:
         d0:3e:a4:af:7e:63:1d:da:86:54:32:d1:83:22:91:89:f3:dd:
         cc:9c:f6:ce:e7:27:73:97:78:f8:d0:ce:81:cd:41:1b:c1:d9:
         2e:c5:6a:13:71:31:b2:45:0d:76:71:78:67:6f:5d:d3:1c:a5:
         d7:71:e7:cc:42:1d:c4:de:44:07:20:28:97:12:81:bd:5d:2c:
         19:f7:cb:d7:76:16:34:a3:d0:cf:d7:ae:e1:77:0e:f5:71:19:
         f3:4d:d8:0b:d9:47:49:79:ab:3f:d3:af:6e:ad:f1:8f:37:27:
         bc:28:5f:5d:3e:61:4e:d8:f8:af:e1:a2:12:fb:7f:51:11:86:
         29:0b:78:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEiJ0bOLYRrK2Y3jHc3jSEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwODA1MTA0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjNkZDE0NzFiZTU3NDg0YmIyOGVkY2RkYmZiODQ0OTkxNjdkMjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnI0MFI6LoVYvRkPPpanTTcgnQoug
Ts6109kYAYS4rfI7xzF+17NUrtUSqY7cXlAvPH3CCdAxCyBXQTJOvKhPLzE2iIKs
kn3IigkThXrBuL37jGPJ0HHsiJBbZ8db/Fc2GULiiyYQUyTQj4KeJx1sJBKzSazY
zT0AUzFT3fqC4zKLP6uHYoM+lp0grxYb3fh6KPp9LcPvR8D+wElEMCucM2yB7AD9
MhocSKtNkpOeIQJPV7GrKbrWxwUlBth9kB9CHQhX0UCoiveLqaJnjSLSSMCBte+n
hO24kSCngV8VhmbhI2G2jYhxHuXr8lQWJetS3cO55F3dYSiC50ZzeK6rLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFI90Ucb5XSEuyjtzdv7hEmRZ9KUMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvVWozUlJ4dmxkSVM3S08zTjJfdUVTWkZuMHBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1B4pMA0G
CSqGSIb3DQEBCwUAA4IBAQAwMlVszgJFN1yOFofvx4NnXBJo5Mu1/4oBJh9/jg9N
ohx02nT+5AWb8cRDWXOrH3zqMyC1gNPpm21JqDKYO4ZEn1lfUQuAaV9tjVoCG34O
vSjioYIoZeJpkmqFwAMWIXkTbBGXY9rIdly4oz+68kvfI0inEMbGeebIwIypp/zQ
PqSvfmMd2oZUMtGDIpGJ893MnPbO5ydzl3j40M6BzUEbwdkuxWoTcTGyRQ12cXhn
b13THKXXcefMQh3E3kQHICiXEoG9XSwZ98vXdhY0o9DP167hdw71cRnzTdgL2UdJ
eas/069urfGPNye8KF9dPmFO2Piv4aIS+39REYYpC3jK
-----END CERTIFICATE-----