Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/n3aSDa0wSjG8DGNhKTdlur88OGE.roa
File:                     n3aSDa0wSjG8DGNhKTdlur88OGE.roa (raw, json)
Hash identifier:          VPcJk8WusHu4dtmr76P4oTKPvI9HQCWwgtPmrWQcNek=
Subject key identifier:   9F:76:92:0D:AD:30:4A:31:BC:0C:63:61:29:37:65:BA:BF:3C:38:61
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018E5D70ECB143BEBB14954AA7CE31EE41C6
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/n3aSDa0wSjG8DGNhKTdlur88OGE.roa
Signing time:             Wed 20 Mar 2024 19:57:45 +0000
ROA not before:           Wed 20 Mar 2024 19:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212150
IP address blocks:        212.30.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5d:70:ec:b1:43:be:bb:14:95:4a:a7:ce:31:ee:41:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Mar 20 19:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f76920dad304a31bc0c6361293765babf3c3861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:11:3b:d7:5f:32:88:71:cf:a0:2e:90:dd:52:
                    25:f4:88:cd:f1:02:8c:68:b9:4f:19:c6:ad:6c:04:
                    e8:1e:60:33:3a:ca:b4:f6:91:2f:b3:af:c8:16:5b:
                    de:6a:58:7b:f6:c2:f1:9a:8e:08:aa:51:27:d9:c9:
                    83:ef:03:fd:8d:8d:00:73:5d:68:cf:25:91:76:52:
                    33:52:a8:f4:7e:ad:ff:e6:31:a2:7b:15:c9:49:a4:
                    94:88:35:3c:0d:92:af:74:5d:32:20:a0:2e:21:6b:
                    d6:b1:02:cc:b7:bf:84:0d:a1:ad:1d:d0:14:78:47:
                    56:9e:31:25:eb:94:e8:17:f5:08:a0:14:12:43:8a:
                    c5:80:e6:f8:eb:0a:ce:bd:54:76:05:bf:e2:bf:ab:
                    eb:6a:a8:70:5a:0e:16:56:e5:b7:67:64:29:4f:f6:
                    16:a3:46:af:82:bc:e2:be:2c:9e:d7:95:85:b8:8f:
                    0c:cc:67:ac:ca:f5:73:92:47:43:ed:83:00:c4:1d:
                    47:26:de:54:71:ae:24:dc:43:0a:a1:70:05:94:92:
                    e7:65:90:79:42:a1:30:f9:60:d9:b1:3a:23:ef:74:
                    10:58:95:67:5d:f0:c8:7c:3f:d0:46:40:96:13:2b:
                    d1:f0:0f:56:bd:d7:ac:76:b3:6a:19:6a:b4:4b:f3:
                    83:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:76:92:0D:AD:30:4A:31:BC:0C:63:61:29:37:65:BA:BF:3C:38:61
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/n3aSDa0wSjG8DGNhKTdlur88OGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:9c:9a:ac:fc:8e:6e:48:65:88:0b:c0:96:ba:79:e8:6c:a7:
         db:2c:f0:c3:e8:0c:51:4e:cc:2d:6f:59:42:df:7e:c6:63:82:
         a2:f4:f8:9c:e0:f0:43:84:3a:87:d1:5a:1b:5b:89:0b:b2:10:
         cf:77:78:4a:63:ab:7f:81:4d:a3:82:0c:49:5a:79:12:b5:de:
         c9:2c:35:59:a3:ac:53:f8:19:ee:0a:07:e9:a4:5a:64:d8:9d:
         8d:14:be:90:cf:09:cc:7c:eb:d9:df:b9:f8:c1:e5:67:d6:fb:
         97:7f:7a:66:87:58:d5:7f:51:68:7f:86:65:3b:66:d2:6d:56:
         e5:3e:b9:8a:cf:47:20:6a:d9:d1:9a:cb:07:e0:ef:53:fc:81:
         02:54:b4:4b:52:2c:7e:d9:7d:3b:1c:7f:38:66:f2:93:ac:12:
         71:fa:c0:cb:6b:cd:78:e5:0c:62:71:02:f7:e3:be:68:30:97:
         5c:81:e4:b6:05:cc:75:7e:d9:b3:aa:ca:0c:a4:14:b6:b3:0a:
         1f:53:18:31:a7:b7:58:52:15:85:e5:5a:68:16:0c:4f:09:b3:
         28:a6:ce:c8:81:ca:ff:41:81:cf:36:ae:97:9c:91:ca:2c:3f:
         96:72:a1:74:7c:e8:92:31:75:d0:62:98:8b:3b:70:de:36:0f:
         db:e5:b8:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5dcOyxQ767FJVKp84x7kHGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMzIwMTk1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc2OTIwZGFkMzA0YTMxYmMwYzYzNjEyOTM3NjViYWJmM2MzODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghE7118yiHHPoC6Q3VIl9IjN8QKM
aLlPGcatbAToHmAzOsq09pEvs6/IFlvealh79sLxmo4IqlEn2cmD7wP9jY0Ac11o
zyWRdlIzUqj0fq3/5jGiexXJSaSUiDU8DZKvdF0yIKAuIWvWsQLMt7+EDaGtHdAU
eEdWnjEl65ToF/UIoBQSQ4rFgOb46wrOvVR2Bb/iv6vraqhwWg4WVuW3Z2QpT/YW
o0avgrziviye15WFuI8MzGesyvVzkkdD7YMAxB1HJt5Uca4k3EMKoXAFlJLnZZB5
QqEw+WDZsToj73QQWJVnXfDIfD/QRkCWEyvR8A9WvdesdrNqGWq0S/ODuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ92kg2tMEoxvAxjYSk3Zbq/PDhhMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvbjNhU0RhMHdTakc4REdOaEtUZGx1cjg4T0dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1B4wMA0G
CSqGSIb3DQEBCwUAA4IBAQBrnJqs/I5uSGWIC8CWunnobKfbLPDD6AxRTswtb1lC
337GY4Ki9Pic4PBDhDqH0VobW4kLshDPd3hKY6t/gU2jggxJWnkStd7JLDVZo6xT
+BnuCgfppFpk2J2NFL6QzwnMfOvZ37n4weVn1vuXf3pmh1jVf1Fof4ZlO2bSbVbl
PrmKz0cgatnRmssH4O9T/IECVLRLUix+2X07HH84ZvKTrBJx+sDLa8145QxicQL3
475oMJdcgeS2Bcx1ftmzqsoMpBS2swofUxgxp7dYUhWF5VpoFgxPCbMops7Igcr/
QYHPNq6XnJHKLD+WcqF0fOiSMXXQYpiLO3DeNg/b5bhC
-----END CERTIFICATE-----