Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/iHl9M9dD_Q4GMUfJ48BHVZYAO9Y.roa
File:                     iHl9M9dD_Q4GMUfJ48BHVZYAO9Y.roa (raw, json)
Hash identifier:          5ajkJVPU2aNKACUypGflrQtIm4VQ667e4Q3OVKtR3Qo=
Subject key identifier:   88:79:7D:33:D7:43:FD:0E:06:31:47:C9:E3:C0:47:55:96:00:3B:D6
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC6095585A7CF16DE482FAB950AB4C
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/iHl9M9dD_Q4GMUfJ48BHVZYAO9Y.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        212.30.36.0/24 maxlen: 24
                          212.30.37.0/24 maxlen: 24
                          212.30.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:60:95:58:5a:7c:f1:6d:e4:82:fa:b9:50:ab:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88797d33d743fd0e063147c9e3c0475596003bd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:01:52:9d:62:1a:29:06:91:68:d8:bc:c0:76:
                    69:73:92:0d:8d:c1:66:5a:f7:f7:1d:58:ac:dc:62:
                    85:d2:4b:d6:23:dc:42:9f:16:6f:86:b1:27:68:72:
                    65:81:0c:67:55:8e:d1:a3:d3:30:88:a3:1d:e0:65:
                    4d:48:2c:38:fa:8f:3d:87:dc:ae:62:cc:a3:05:2c:
                    e7:4b:66:d3:c8:a6:7b:9e:9b:67:8b:fd:e1:a9:61:
                    ef:f9:de:1f:18:85:81:0d:75:44:c8:1c:fc:0c:e3:
                    d0:3f:89:bd:92:41:39:d2:1a:77:78:94:0c:da:75:
                    ac:73:7e:8b:08:d5:b1:e8:57:12:e2:1e:1c:21:70:
                    5f:fc:db:70:7d:84:8e:ca:ab:ea:b5:19:e1:77:0a:
                    f6:c4:00:df:bd:8e:94:b9:85:e5:6e:80:e4:8a:be:
                    3b:45:c7:f4:4a:19:a5:c6:3a:74:ae:d1:3e:86:d2:
                    28:a3:ac:e5:7f:e2:bd:be:ee:f6:af:45:9f:ae:d0:
                    70:c5:83:81:11:91:cd:f8:22:82:42:08:dd:37:c3:
                    10:9e:01:c3:ca:7a:5d:f1:83:ca:01:15:a6:0e:06:
                    9b:d6:8a:08:20:41:44:56:4c:6b:8c:63:a9:d2:20:
                    40:aa:8c:3e:d0:b2:4b:f3:68:36:aa:46:ba:9e:4b:
                    88:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:79:7D:33:D7:43:FD:0E:06:31:47:C9:E3:C0:47:55:96:00:3B:D6
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/iHl9M9dD_Q4GMUfJ48BHVZYAO9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.36.0/23
                  212.30.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:bb:31:7e:f2:65:be:c9:c8:6f:81:a8:7b:30:55:e3:7f:f9:
         48:ca:22:d9:3d:62:ac:0f:be:99:55:8b:84:62:3d:a3:76:db:
         31:ca:d1:9f:7e:8b:04:f3:b6:62:61:e5:79:ab:a3:6e:c8:c8:
         26:94:c3:61:0b:03:02:e2:60:4e:a2:0f:11:46:00:72:27:40:
         4e:c6:c4:50:e4:73:99:e6:78:df:eb:2e:55:65:6d:e7:5b:1f:
         47:16:6c:1a:22:b9:5a:c8:f8:de:34:7d:e1:b0:05:0e:66:d5:
         ab:dd:bc:d0:69:bd:a8:27:68:a0:cd:e3:e4:67:b5:a6:ff:e2:
         35:bd:4a:07:47:cb:70:1c:f6:35:00:2d:a9:c2:bd:2b:79:83:
         22:a0:fa:bd:ea:f8:b1:69:08:ef:2d:9d:df:24:36:20:16:f7:
         06:4b:ce:27:75:56:d4:b7:76:81:3e:7a:1d:55:f1:75:58:aa:
         a1:aa:4e:84:35:05:3b:91:b2:22:8a:03:74:c0:63:c1:d5:9a:
         17:41:f8:16:fc:be:f3:6e:07:b1:8a:03:9d:a5:da:66:b2:bf:
         bb:bd:7e:34:2c:1f:6f:e1:4a:3c:13:b5:3b:12:83:0c:0d:67:
         cd:b8:56:4f:23:1e:18:3a:4d:cb:23:1c:c2:6d:8e:60:07:78:
         a9:9e:ab:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvGCVWFp88W3kgvq5UKtMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODc5N2QzM2Q3NDNmZDBlMDYzMTQ3YzllM2MwNDc1NTk2MDAzYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AFSnWIaKQaRaNi8wHZpc5INjcFm
Wvf3HVis3GKF0kvWI9xCnxZvhrEnaHJlgQxnVY7Ro9MwiKMd4GVNSCw4+o89h9yu
YsyjBSznS2bTyKZ7nptni/3hqWHv+d4fGIWBDXVEyBz8DOPQP4m9kkE50hp3eJQM
2nWsc36LCNWx6FcS4h4cIXBf/NtwfYSOyqvqtRnhdwr2xADfvY6UuYXlboDkir47
Rcf0Shmlxjp0rtE+htIoo6zlf+K9vu72r0WfrtBwxYOBEZHN+CKCQgjdN8MQngHD
ynpd8YPKARWmDgab1ooIIEFEVkxrjGOp0iBAqow+0LJL82g2qka6nkuI/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIh5fTPXQ/0OBjFHyePAR1WWADvWMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvaUhsOU05ZERfUTRHTVVmSjQ4QkhWWllBTzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQB1B4kAwQA
1B4/MA0GCSqGSIb3DQEBCwUAA4IBAQBquzF+8mW+ychvgah7MFXjf/lIyiLZPWKs
D76ZVYuEYj2jdtsxytGffosE87ZiYeV5q6NuyMgmlMNhCwMC4mBOog8RRgByJ0BO
xsRQ5HOZ5njf6y5VZW3nWx9HFmwaIrlayPjeNH3hsAUOZtWr3bzQab2oJ2igzePk
Z7Wm/+I1vUoHR8twHPY1AC2pwr0reYMioPq96vixaQjvLZ3fJDYgFvcGS84ndVbU
t3aBPnodVfF1WKqhqk6ENQU7kbIiigN0wGPB1ZoXQfgW/L7zbgexigOdpdpmsr+7
vX40LB9v4Uo8E7U7EoMMDWfNuFZPIx4YOk3LIxzCbY5gB3ipnqvN
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:52:12 2024 by rpki-client on console-ams.rpki-client.org