Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/fHrKntuVADMl4AM_u6m3kI7wuH0.roa
File:                     fHrKntuVADMl4AM_u6m3kI7wuH0.roa (raw, json)
Hash identifier:          IYv8ppflUBnm7Y0ZOXopl+eOWCIIM2g3WX8U1khYU4Y=
Subject key identifier:   7C:7A:CA:9E:DB:95:00:33:25:E0:03:3F:BB:A9:B7:90:8E:F0:B8:7D
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC5D1FB3A78572581D637A106986B7
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/fHrKntuVADMl4AM_u6m3kI7wuH0.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17941
IP address blocks:        212.30.40.0/22 maxlen: 22
                          212.30.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:5d:1f:b3:a7:85:72:58:1d:63:7a:10:69:86:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c7aca9edb95003325e0033fbba9b7908ef0b87d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:06:9e:ec:d4:02:e0:a2:d5:80:95:7c:ee:93:
                    d3:50:3c:73:53:4b:6c:28:e9:73:a1:87:4f:d5:c0:
                    31:b9:cb:c3:c5:0c:39:c9:88:e8:85:86:79:f6:ec:
                    0a:a4:d2:e3:a7:91:11:3f:9b:ba:61:53:ec:1e:13:
                    29:ca:08:68:c9:cb:a9:ae:7d:50:a7:64:75:de:b2:
                    36:66:bd:7d:3b:9c:67:f2:85:be:fc:22:d8:74:cc:
                    9b:9a:3d:47:4f:7b:26:dc:95:e2:2d:bb:39:1b:5d:
                    53:22:3b:d1:d6:2f:e4:bd:81:0f:6b:33:ec:11:7b:
                    a5:14:83:b4:f7:dd:f9:2b:73:d0:df:9e:9e:c9:3c:
                    97:58:0d:0a:95:ee:48:d8:8a:e2:1a:b5:dc:f4:9b:
                    c2:d7:b6:e9:f6:dd:12:cd:64:52:40:04:ff:3c:99:
                    d2:e4:b4:cf:c1:b5:0d:dd:54:88:d4:4c:ce:b8:a9:
                    6e:94:92:42:98:d0:4e:0e:e2:df:5b:60:0a:7c:ac:
                    a6:a1:5a:01:dd:13:7d:ae:c2:64:28:73:1f:43:8d:
                    ee:1e:02:71:78:c2:44:c4:18:74:a1:11:9d:3b:f9:
                    9b:ab:ab:0c:c8:58:7f:f4:91:23:e9:c7:c5:5a:51:
                    37:24:92:58:47:c5:a0:06:48:58:47:64:34:d5:8a:
                    b9:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7A:CA:9E:DB:95:00:33:25:E0:03:3F:BB:A9:B7:90:8E:F0:B8:7D
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/fHrKntuVADMl4AM_u6m3kI7wuH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.40.0/22
                  212.30.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:35:79:27:ff:d6:8c:e6:50:b8:59:68:2d:fd:62:2a:5a:fc:
         d4:4a:f0:a5:9e:ca:36:ea:36:df:f1:be:af:f9:a3:b9:2f:38:
         95:bb:7c:a7:b3:80:a3:7d:ce:d9:d6:71:eb:71:ad:20:bf:aa:
         c0:24:95:eb:0e:d4:1a:f6:17:26:31:ed:f5:40:f6:33:82:3b:
         21:3b:cc:95:e3:ab:9b:84:ae:7c:13:68:ca:03:e5:2d:78:ce:
         71:49:75:47:3d:7e:05:8a:49:6f:bc:b4:8b:44:af:ff:c4:89:
         3e:dc:83:46:02:dc:34:d4:86:2d:23:ef:03:a7:4c:26:d4:0b:
         f4:9b:af:b6:99:dc:82:f3:bd:bf:52:fd:46:77:5e:98:7e:0f:
         41:90:8b:3a:26:da:86:fb:41:30:69:bb:65:99:bc:7b:e0:2f:
         85:cc:30:d6:40:ec:ed:77:ec:09:21:5d:1c:4f:c7:58:49:72:
         6e:0f:c9:59:49:98:98:c5:27:fc:fd:2a:12:92:d4:65:4a:2f:
         fa:e8:df:c8:ed:14:5b:3b:9f:74:60:47:5f:21:1d:bf:7f:b0:
         65:17:19:2f:40:d3:2e:db:a2:ac:0a:26:32:4a:90:b2:72:38:
         20:f6:12:3f:a0:1d:1e:da:1c:bc:90:23:95:a0:11:a2:77:14:
         55:bf:99:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvF0fs6eFclgdY3oQaYa3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzdhY2E5ZWRiOTUwMDMzMjVlMDAzM2ZiYmE5Yjc5MDhlZjBiODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogae7NQC4KLVgJV87pPTUDxzU0ts
KOlzoYdP1cAxucvDxQw5yYjohYZ59uwKpNLjp5ERP5u6YVPsHhMpyghoycuprn1Q
p2R13rI2Zr19O5xn8oW+/CLYdMybmj1HT3sm3JXiLbs5G11TIjvR1i/kvYEPazPs
EXulFIO09935K3PQ356eyTyXWA0Kle5I2IriGrXc9JvC17bp9t0SzWRSQAT/PJnS
5LTPwbUN3VSI1EzOuKlulJJCmNBODuLfW2AKfKymoVoB3RN9rsJkKHMfQ43uHgJx
eMJExBh0oRGdO/mbq6sMyFh/9JEj6cfFWlE3JJJYR8WgBkhYR2Q01Yq5hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHx6yp7blQAzJeADP7upt5CO8Lh9MB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvZkhyS250dVZBRE1sNEFNX3U2bTNrSTd3dUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQC1B4oAwQC
1B44MA0GCSqGSIb3DQEBCwUAA4IBAQC9NXkn/9aM5lC4WWgt/WIqWvzUSvClnso2
6jbf8b6v+aO5LziVu3yns4Cjfc7Z1nHrca0gv6rAJJXrDtQa9hcmMe31QPYzgjsh
O8yV46ubhK58E2jKA+UteM5xSXVHPX4FiklvvLSLRK//xIk+3INGAtw01IYtI+8D
p0wm1Av0m6+2mdyC872/Uv1Gd16Yfg9BkIs6JtqG+0Ewabtlmbx74C+FzDDWQOzt
d+wJIV0cT8dYSXJuD8lZSZiYxSf8/SoSktRlSi/66N/I7RRbO590YEdfIR2/f7Bl
FxkvQNMu26KsCiYySpCycjgg9hI/oB0e2hy8kCOVoBGidxRVv5kb
-----END CERTIFICATE-----