Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/nMNCPNuFNIme8jkeGGGrwNJRJSE.roa
File:                     nMNCPNuFNIme8jkeGGGrwNJRJSE.roa (raw, json)
Hash identifier:          mmQoWt0UBcaMNvGmjzBh6DPDA4spa/nVvEq1E2xR/tU=
Subject key identifier:   9C:C3:42:3C:DB:85:34:89:9E:F2:39:1E:18:61:AB:C0:D2:51:25:21
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       01907DE5503E33202B37AA506B3861765EA8
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/nMNCPNuFNIme8jkeGGGrwNJRJSE.roa
Signing time:             Thu 04 Jul 2024 13:18:18 +0000
ROA not before:           Thu 04 Jul 2024 13:18:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        212.30.33.0/24 maxlen: 24
                          212.30.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7d:e5:50:3e:33:20:2b:37:aa:50:6b:38:61:76:5e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jul  4 13:18:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cc3423cdb8534899ef2391e1861abc0d2512521
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:89:3a:9c:57:81:70:9d:b6:c7:93:b3:1f:e7:
                    2b:b3:32:8c:98:5d:bf:9e:28:f2:f7:5c:fe:c3:07:
                    c0:05:4b:47:6c:9a:4b:1d:66:78:9a:f9:38:92:11:
                    40:f3:e5:ad:55:3a:be:41:7f:90:80:1a:d4:20:43:
                    e0:80:31:c4:62:7f:30:8d:f0:d9:2d:1b:05:84:de:
                    4d:89:b6:46:bc:2e:9b:b8:5e:d6:f7:07:60:ec:08:
                    a2:83:a1:8d:4f:c0:23:a3:e9:71:a6:41:17:2a:76:
                    ee:4c:2c:61:31:5e:53:05:54:1d:52:9b:b1:ad:52:
                    d4:fb:1f:89:9f:93:f2:2a:3b:40:7f:da:75:7e:7d:
                    db:4b:be:21:42:f8:6f:a0:72:a4:c2:dc:e5:d8:0a:
                    13:a1:14:4c:81:43:06:1f:47:ee:ad:7e:3c:91:0d:
                    ed:42:4c:b9:1e:2c:c6:76:7a:ea:58:5f:f7:c2:c9:
                    80:26:2c:43:db:ef:de:6d:0c:54:75:5e:5d:dc:04:
                    1a:b4:d4:e0:78:a1:ad:c2:af:f2:34:b8:cf:bd:f4:
                    dd:c4:88:7d:be:5f:26:58:b5:d2:12:2a:7c:00:af:
                    9b:01:5c:69:0d:56:a2:33:b5:5c:b5:4f:ca:f3:d9:
                    7d:2a:7c:10:be:0b:a2:1a:c0:f0:2b:cd:06:da:b9:
                    df:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C3:42:3C:DB:85:34:89:9E:F2:39:1E:18:61:AB:C0:D2:51:25:21
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/nMNCPNuFNIme8jkeGGGrwNJRJSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.33.0/24
                  212.30.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:1c:ff:05:48:ed:3e:fb:48:14:8a:5a:7b:00:a4:7f:35:1e:
         51:f3:77:cf:00:81:5e:c8:52:80:6f:7f:b6:07:54:3a:5a:2d:
         43:c9:66:ee:fd:b8:76:f8:c1:a1:55:21:a6:08:86:5c:9e:00:
         9f:c8:e5:2a:94:f3:8f:96:f3:6d:f9:18:c8:21:f0:00:9b:80:
         46:a9:72:74:7c:c1:d0:71:00:5e:6f:df:df:22:e7:7f:6a:5e:
         d1:44:00:d1:e2:49:b7:c9:d0:69:d5:a5:99:7f:29:83:11:94:
         4e:5c:a4:dd:8a:db:3e:49:93:ff:88:d5:4f:5c:16:f6:16:92:
         a2:6e:0f:69:d4:00:62:a9:97:96:a5:1e:bc:79:46:69:b5:95:
         95:90:ff:d4:cb:90:e8:f9:ad:2b:ba:ab:ea:c2:47:5f:39:ce:
         ce:0a:5f:03:0a:f6:be:5f:2b:b1:91:73:bd:36:42:f0:e3:a5:
         1d:73:e2:42:26:cb:52:97:b0:a5:aa:fe:06:bb:78:5d:2f:2e:
         1a:58:ab:4a:8a:27:ba:2a:39:2b:ae:f3:bb:92:86:94:64:95:
         75:cc:a1:07:f2:e6:8f:ca:14:cf:eb:9f:b6:aa:66:85:9a:83:
         86:7f:39:06:f6:df:36:5a:63:87:1e:b3:5c:fe:e7:47:30:59:
         63:49:d2:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZB95VA+MyArN6pQazhhdl6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwNzA0MTMxODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2MzNDIzY2RiODUzNDg5OWVmMjM5MWUxODYxYWJjMGQyNTEyNTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtok6nFeBcJ22x5OzH+crszKMmF2/
nijy91z+wwfABUtHbJpLHWZ4mvk4khFA8+WtVTq+QX+QgBrUIEPggDHEYn8wjfDZ
LRsFhN5NibZGvC6buF7W9wdg7Aiig6GNT8Ajo+lxpkEXKnbuTCxhMV5TBVQdUpux
rVLU+x+Jn5PyKjtAf9p1fn3bS74hQvhvoHKkwtzl2AoToRRMgUMGH0furX48kQ3t
Qky5HizGdnrqWF/3wsmAJixD2+/ebQxUdV5d3AQatNTgeKGtwq/yNLjPvfTdxIh9
vl8mWLXSEip8AK+bAVxpDVaiM7VctU/K89l9KnwQvguiGsDwK80G2rnfswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJzDQjzbhTSJnvI5Hhhhq8DSUSUhMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvbk1OQ1BOdUZOSW1lOGprZUdHR3J3TkpSSlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1B4hAwQA
1B48MA0GCSqGSIb3DQEBCwUAA4IBAQCRHP8FSO0++0gUilp7AKR/NR5R83fPAIFe
yFKAb3+2B1Q6Wi1DyWbu/bh2+MGhVSGmCIZcngCfyOUqlPOPlvNt+RjIIfAAm4BG
qXJ0fMHQcQBeb9/fIud/al7RRADR4km3ydBp1aWZfymDEZROXKTdits+SZP/iNVP
XBb2FpKibg9p1ABiqZeWpR68eUZptZWVkP/Uy5Do+a0ruqvqwkdfOc7OCl8DCva+
XyuxkXO9NkLw46Udc+JCJstSl7Clqv4Gu3hdLy4aWKtKiie6KjkrrvO7koaUZJV1
zKEH8uaPyhTP65+2qmaFmoOGfzkG9t82WmOHHrNc/udHMFljSdK0
-----END CERTIFICATE-----