Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/YXRKToY-ZkTEgteHDgYDSvF3JbA.roa
File:                     YXRKToY-ZkTEgteHDgYDSvF3JbA.roa (raw, json)
Hash identifier:          HF4vLOpBuvyZR5vL5B5Quw46sVIRX2RSRh0XG+FuUuM=
Subject key identifier:   61:74:4A:4E:86:3E:66:44:C4:82:D7:87:0E:06:03:4A:F1:77:25:B0
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC62981E78A771F0391FD66309DCA3
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/YXRKToY-ZkTEgteHDgYDSvF3JbA.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        212.30.58.0/24 maxlen: 24
                          212.30.57.0/24 maxlen: 24
                          212.30.56.0/24 maxlen: 24
                          212.30.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:62:98:1e:78:a7:71:f0:39:1f:d6:63:09:dc:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61744a4e863e6644c482d7870e06034af17725b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:82:92:31:9e:99:95:68:eb:14:2d:cb:73:7d:
                    48:f2:dd:a3:3c:aa:fa:09:84:0d:ef:11:96:46:42:
                    88:c4:da:3b:40:52:6d:52:f8:e5:d0:b9:83:40:e2:
                    4b:74:0c:1b:b6:81:7f:0b:29:92:7b:d5:a2:57:9e:
                    15:79:81:e4:15:66:29:20:56:6a:45:0c:fe:7e:22:
                    af:e4:30:21:22:33:4f:d7:82:7d:f8:3e:bf:2d:43:
                    02:07:b6:2a:c0:5f:13:72:4d:4e:80:29:5b:0c:ff:
                    f6:cb:52:9b:c3:23:22:39:4b:05:ac:43:ed:8b:30:
                    75:0b:4b:27:36:10:03:12:aa:2c:e1:c9:96:e1:1b:
                    57:c5:6f:8a:fe:36:f2:76:e5:1b:0c:95:7b:df:6e:
                    86:bc:dc:bd:95:43:e5:5b:ad:cc:6a:4a:66:17:c0:
                    42:5b:ec:9b:e5:d1:f1:da:57:08:26:66:21:69:b5:
                    7c:b3:99:14:e2:d2:29:50:fc:d9:07:5c:d6:b7:ad:
                    02:c0:01:b7:a5:ae:b2:ad:ac:40:30:cc:99:47:66:
                    87:a7:7a:22:d0:ce:cb:d8:27:e2:08:a3:3f:bc:53:
                    83:38:ef:06:14:98:e9:75:8d:06:a4:14:fe:94:dd:
                    fe:56:c8:70:18:8f:c2:20:88:6a:61:7d:fb:08:0f:
                    81:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:74:4A:4E:86:3E:66:44:C4:82:D7:87:0E:06:03:4A:F1:77:25:B0
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/YXRKToY-ZkTEgteHDgYDSvF3JbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:00:91:38:c2:2b:59:d8:ae:9f:7f:dd:5e:52:b2:f6:34:2c:
         1e:c7:f7:e3:5b:8b:2e:2a:c7:47:e9:50:e8:06:e9:2d:2e:dc:
         d0:0d:46:18:21:48:bc:a7:8a:14:6f:3d:15:bf:2f:29:9b:e0:
         17:4b:eb:f0:8b:10:7d:f7:43:ad:69:57:54:f0:07:9a:54:2f:
         8f:06:63:f8:e4:d5:a0:78:13:8b:e3:bd:c5:37:de:25:e9:a1:
         1c:45:f4:88:7e:c3:70:e8:b4:9a:88:aa:55:b4:67:71:84:db:
         e3:c0:09:09:69:3a:a4:53:13:c9:00:db:01:06:eb:1b:1a:21:
         d1:df:d9:d5:62:70:bc:47:1a:5b:0c:bd:a2:b1:e0:1f:0f:74:
         8f:0e:a1:30:dc:a6:66:b9:9e:c8:6a:f1:48:bf:50:cc:d8:c6:
         d9:e9:b5:79:aa:ad:d9:0f:40:5a:34:f2:4d:1f:73:f9:03:e8:
         27:20:35:57:2d:4b:08:4b:8f:b5:f5:f0:8d:e4:22:de:0f:3d:
         3a:cc:43:53:5b:6b:65:9e:be:29:12:c0:87:2d:48:67:16:dc:
         45:7f:76:48:2d:b1:ac:cb:d1:d4:25:21:b4:11:c5:25:f0:db:
         c4:cf:b7:fc:cd:94:9a:a2:e5:c0:9e:30:51:7e:fd:f0:44:35:
         59:0b:4f:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGKYHnincfA5H9ZjCdyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTc0NGE0ZTg2M2U2NjQ0YzQ4MmQ3ODcwZTA2MDM0YWYxNzcyNWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoKSMZ6ZlWjrFC3Lc31I8t2jPKr6
CYQN7xGWRkKIxNo7QFJtUvjl0LmDQOJLdAwbtoF/CymSe9WiV54VeYHkFWYpIFZq
RQz+fiKv5DAhIjNP14J9+D6/LUMCB7YqwF8Tck1OgClbDP/2y1KbwyMiOUsFrEPt
izB1C0snNhADEqos4cmW4RtXxW+K/jbyduUbDJV7326GvNy9lUPlW63MakpmF8BC
W+yb5dHx2lcIJmYhabV8s5kU4tIpUPzZB1zWt60CwAG3pa6yraxAMMyZR2aHp3oi
0M7L2CfiCKM/vFODOO8GFJjpdY0GpBT+lN3+VshwGI/CIIhqYX37CA+BYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGF0Sk6GPmZExILXhw4GA0rxdyWwMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvWVhSS1RvWS1aa1RFZ3RlSERnWURTdkYzSmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1B44MA0G
CSqGSIb3DQEBCwUAA4IBAQCdAJE4witZ2K6ff91eUrL2NCwex/fjW4suKsdH6VDo
BuktLtzQDUYYIUi8p4oUbz0Vvy8pm+AXS+vwixB990OtaVdU8AeaVC+PBmP45NWg
eBOL473FN94l6aEcRfSIfsNw6LSaiKpVtGdxhNvjwAkJaTqkUxPJANsBBusbGiHR
39nVYnC8RxpbDL2iseAfD3SPDqEw3KZmuZ7IavFIv1DM2MbZ6bV5qq3ZD0BaNPJN
H3P5A+gnIDVXLUsIS4+19fCN5CLeDz06zENTW2tlnr4pEsCHLUhnFtxFf3ZILbGs
y9HUJSG0EcUl8NvEz7f8zZSaouXAnjBRfv3wRDVZC09L
-----END CERTIFICATE-----