Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/YuqEz1HB2ioFIYZl_5hwn6B0Hqs.roa
File:                     YuqEz1HB2ioFIYZl_5hwn6B0Hqs.roa (raw, json)
Hash identifier:          2BpszuLKIT3iT5RxUEMOOwCLK/oDiNrEcdijJTq5nxU=
Subject key identifier:   62:EA:84:CF:51:C1:DA:2A:05:21:86:65:FF:98:70:9F:A0:74:1E:AB
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018E09DAB71455506F98081C1B79E70C7827
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/YuqEz1HB2ioFIYZl_5hwn6B0Hqs.roa
Signing time:             Mon 04 Mar 2024 14:25:12 +0000
ROA not before:           Mon 04 Mar 2024 14:25:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199760
IP address blocks:        212.30.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 10:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:da:b7:14:55:50:6f:98:08:1c:1b:79:e7:0c:78:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Mar  4 14:25:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62ea84cf51c1da2a05218665ff98709fa0741eab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e8:90:44:4a:23:c4:98:57:c2:bd:b7:f7:c3:
                    ca:55:7b:57:4a:6b:a5:0c:c3:36:36:f9:16:48:82:
                    59:3a:74:fc:21:76:08:67:b6:e0:52:dc:30:97:9c:
                    67:a9:f6:6a:80:f5:37:07:72:30:9a:88:53:33:17:
                    e3:68:42:09:f2:29:4b:34:ee:6a:3e:d2:43:1e:29:
                    5a:67:4d:2c:d2:ff:cb:0f:4d:29:f4:7c:f2:06:52:
                    37:7d:3e:39:40:9c:7e:96:20:00:23:67:7b:95:08:
                    4f:00:84:8c:19:4b:43:63:72:d2:ee:af:0b:d4:c7:
                    2c:25:e5:46:aa:c1:12:eb:c6:d6:12:0a:7f:9b:27:
                    62:56:1e:7f:f0:95:3c:f5:59:2b:3e:ff:7e:eb:b5:
                    28:6e:9e:bc:9b:65:06:af:fe:38:8d:d9:f9:5d:2b:
                    cf:e7:f1:bd:00:89:ea:ee:90:90:cb:a9:5a:3c:fc:
                    4e:64:e7:fd:95:18:6c:b4:31:60:02:62:af:71:87:
                    c5:c8:e5:0a:ea:ac:f4:bf:09:35:a8:0f:dd:c8:9c:
                    5b:c2:d0:40:7c:bf:06:c2:27:fc:84:e6:74:d6:64:
                    bd:78:1a:05:a2:cc:43:06:df:2b:b5:78:2e:72:60:
                    c8:27:2c:60:2d:bb:75:8a:40:ac:8e:e5:7c:f2:c8:
                    17:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:EA:84:CF:51:C1:DA:2A:05:21:86:65:FF:98:70:9F:A0:74:1E:AB
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/YuqEz1HB2ioFIYZl_5hwn6B0Hqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:82:cd:1e:ca:3f:b9:91:25:c3:5c:36:a0:a9:a1:84:20:b1:
         e6:8e:62:f1:97:c9:ab:3e:0b:86:1f:2e:d8:b0:a1:41:67:a8:
         ba:e2:97:f4:41:a0:2e:95:2c:d4:21:78:7f:04:b9:ab:6a:1a:
         b9:f8:31:ab:ae:74:ec:bf:8d:4b:0e:c7:db:71:37:f8:31:bf:
         c9:f0:ea:e1:53:2a:a3:90:65:a7:42:7c:c4:c4:28:eb:99:2f:
         44:98:28:9a:25:67:0e:88:0f:9d:3f:ea:68:2d:e3:80:03:8c:
         4d:62:cd:0a:b1:d0:9f:dd:27:09:ed:5e:e5:16:3f:cf:60:05:
         56:7f:fa:9b:c4:57:bc:98:f1:4c:04:f4:85:4f:39:5a:a0:e8:
         b6:4e:39:e7:e0:83:ab:a5:b0:cc:ff:21:6a:97:60:74:39:ac:
         c4:6a:5e:a6:85:46:b7:ca:5d:ba:b0:9b:19:e6:d4:b3:ba:2c:
         30:7a:d6:84:f7:fd:61:13:c6:5e:5a:75:0e:c4:20:47:50:50:
         3c:24:81:13:49:74:36:bc:a2:cc:2c:b5:c0:4b:38:c2:89:f3:
         d7:95:75:32:2c:36:d2:68:0a:6c:f0:fa:af:af:86:23:66:12:
         90:f9:69:bc:14:07:89:16:a2:48:95:6b:ac:d9:6b:8e:6e:74:
         20:cc:5b:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4J2rcUVVBvmAgcG3nnDHgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMzA0MTQyNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmVhODRjZjUxYzFkYTJhMDUyMTg2NjVmZjk4NzA5ZmEwNzQxZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouiQREojxJhXwr2398PKVXtXSmul
DMM2NvkWSIJZOnT8IXYIZ7bgUtwwl5xnqfZqgPU3B3IwmohTMxfjaEIJ8ilLNO5q
PtJDHilaZ00s0v/LD00p9HzyBlI3fT45QJx+liAAI2d7lQhPAISMGUtDY3LS7q8L
1McsJeVGqsES68bWEgp/mydiVh5/8JU89VkrPv9+67Uobp68m2UGr/44jdn5XSvP
5/G9AInq7pCQy6laPPxOZOf9lRhstDFgAmKvcYfFyOUK6qz0vwk1qA/dyJxbwtBA
fL8Gwif8hOZ01mS9eBoFosxDBt8rtXgucmDIJyxgLbt1ikCsjuV88sgXPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLqhM9RwdoqBSGGZf+YcJ+gdB6rMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvWXVxRXoxSEIyaW9GSVlabF81aHduNkIwSHFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1B4mMA0G
CSqGSIb3DQEBCwUAA4IBAQBKgs0eyj+5kSXDXDagqaGEILHmjmLxl8mrPguGHy7Y
sKFBZ6i64pf0QaAulSzUIXh/BLmrahq5+DGrrnTsv41LDsfbcTf4Mb/J8OrhUyqj
kGWnQnzExCjrmS9EmCiaJWcOiA+dP+poLeOAA4xNYs0KsdCf3ScJ7V7lFj/PYAVW
f/qbxFe8mPFMBPSFTzlaoOi2Tjnn4IOrpbDM/yFql2B0OazEal6mhUa3yl26sJsZ
5tSzuiwwetaE9/1hE8ZeWnUOxCBHUFA8JIETSXQ2vKLMLLXASzjCifPXlXUyLDbS
aAps8Pqvr4YjZhKQ+Wm8FAeJFqJIlWus2WuObnQgzFtt
-----END CERTIFICATE-----