Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/oLorp9_iFDp4cXGfuxdzhRgZ9LE.roa
File:                     oLorp9_iFDp4cXGfuxdzhRgZ9LE.roa (raw, json)
Hash identifier:          4pwc7NCQP3MEy6N+c5Z/ph82JWsbo5yUQspJIn6/VRw=
Subject key identifier:   A0:BA:2B:A7:DF:E2:14:3A:78:71:71:9F:BB:17:73:85:18:19:F4:B1
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC63CD97B5151CB4A55A05E7F87C2F
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/oLorp9_iFDp4cXGfuxdzhRgZ9LE.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        212.30.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:63:cd:97:b5:15:1c:b4:a5:5a:05:e7:f8:7c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0ba2ba7dfe2143a7871719fbb1773851819f4b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:19:89:3c:cc:17:0e:33:3b:a4:0c:dd:da:0a:
                    1b:28:cd:2b:87:54:ce:fa:0e:e4:c0:74:b4:f4:25:
                    d0:73:34:11:7a:07:9c:52:e3:48:45:85:f8:38:74:
                    aa:bb:c7:60:32:73:cf:25:30:9d:5c:5c:59:e8:40:
                    d9:e6:88:c8:39:4d:df:e4:9f:a6:b0:b6:37:88:68:
                    de:ca:49:c2:d0:6d:06:95:5c:93:de:a9:61:cf:1f:
                    ed:01:2b:5d:17:66:b2:aa:34:98:d3:ed:a9:a3:86:
                    6b:d2:c8:6d:43:af:63:a0:88:eb:b8:2d:7f:dd:cf:
                    63:0f:34:de:27:50:8c:cb:e1:a6:a6:58:cd:b6:b7:
                    85:13:5b:74:73:5b:fb:af:d0:74:61:1d:72:d8:63:
                    5e:d1:3d:ea:0e:ed:64:38:4c:32:3d:e2:14:2e:28:
                    29:b4:63:bc:b1:ef:4f:8c:30:0f:f3:cb:9e:ab:ba:
                    49:b6:3e:f5:ac:b4:78:38:a6:c4:f6:ef:bd:64:eb:
                    ea:6c:af:8b:d1:e8:34:44:da:db:3a:6d:d5:6a:e5:
                    9b:d0:c4:80:99:aa:92:1c:74:f1:3b:52:09:b6:7e:
                    d1:c5:1a:2f:84:e6:71:54:36:ea:d4:62:d6:87:5c:
                    5d:0e:c7:3f:9c:66:55:0a:aa:fc:0a:12:52:d8:50:
                    98:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BA:2B:A7:DF:E2:14:3A:78:71:71:9F:BB:17:73:85:18:19:F4:B1
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/oLorp9_iFDp4cXGfuxdzhRgZ9LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:67:20:6e:b3:37:9f:d7:da:2d:1e:f9:4c:a1:48:4f:43:2d:
         32:42:ae:ca:ab:cd:32:6d:00:6b:a7:cc:49:4d:67:e5:39:0d:
         e2:f5:82:5d:9f:1e:c7:02:22:1f:c8:6b:0a:85:ba:f7:28:0a:
         8e:9b:78:68:87:05:98:80:29:cb:06:12:ee:e2:e5:19:b3:f6:
         12:6b:f1:9b:db:b9:e4:b2:aa:1e:c2:35:d0:d2:17:c6:e9:9c:
         b7:b0:58:95:37:73:a8:4a:bb:fb:5c:25:83:15:1f:70:32:4e:
         13:87:0a:f9:0c:53:6c:e3:60:42:a3:fc:65:a9:fc:c0:0d:5f:
         76:d3:7f:db:7c:85:8e:aa:90:c1:b0:e5:d2:e3:6f:3d:2a:6f:
         0d:18:b5:46:df:4f:b4:90:9c:18:97:79:5b:e8:67:54:b2:04:
         5b:6c:b2:d5:3a:8d:fe:86:57:80:79:72:72:7e:3e:a6:9a:0b:
         c2:77:a5:88:66:75:e5:ef:33:48:a9:da:2b:43:58:41:b0:da:
         0c:75:66:f5:a3:ce:e2:81:04:98:7e:7a:8b:ea:f2:7e:55:8b:
         0c:b5:46:46:7c:f0:12:ca:c1:0f:79:9c:7b:c5:a8:09:f1:20:
         89:09:ce:10:64:1e:94:22:14:53:f5:6a:c0:1b:33:d0:14:45:
         1d:5d:9f:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGPNl7UVHLSlWgXn+HwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJhMmJhN2RmZTIxNDNhNzg3MTcxOWZiYjE3NzM4NTE4MTlmNGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhmJPMwXDjM7pAzd2gobKM0rh1TO
+g7kwHS09CXQczQRegecUuNIRYX4OHSqu8dgMnPPJTCdXFxZ6EDZ5ojIOU3f5J+m
sLY3iGjeyknC0G0GlVyT3qlhzx/tAStdF2ayqjSY0+2po4Zr0shtQ69joIjruC1/
3c9jDzTeJ1CMy+GmpljNtreFE1t0c1v7r9B0YR1y2GNe0T3qDu1kOEwyPeIULigp
tGO8se9PjDAP88ueq7pJtj71rLR4OKbE9u+9ZOvqbK+L0eg0RNrbOm3VauWb0MSA
maqSHHTxO1IJtn7RxRovhOZxVDbq1GLWh1xdDsc/nGZVCqr8ChJS2FCY/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC6K6ff4hQ6eHFxn7sXc4UYGfSxMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvb0xvcnA5X2lGRHA0Y1hHZnV4ZHpoUmdaOUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1B48MA0G
CSqGSIb3DQEBCwUAA4IBAQCbZyBuszef19otHvlMoUhPQy0yQq7Kq80ybQBrp8xJ
TWflOQ3i9YJdnx7HAiIfyGsKhbr3KAqOm3hohwWYgCnLBhLu4uUZs/YSa/Gb27nk
sqoewjXQ0hfG6Zy3sFiVN3OoSrv7XCWDFR9wMk4Thwr5DFNs42BCo/xlqfzADV92
03/bfIWOqpDBsOXS4289Km8NGLVG30+0kJwYl3lb6GdUsgRbbLLVOo3+hleAeXJy
fj6mmgvCd6WIZnXl7zNIqdorQ1hBsNoMdWb1o87igQSYfnqL6vJ+VYsMtUZGfPAS
ysEPeZx7xagJ8SCJCc4QZB6UIhRT9WrAGzPQFEUdXZ+a
-----END CERTIFICATE-----