Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/uurtOIbDUg52KtpeZEKK8kv0ewE.roa
File:                     uurtOIbDUg52KtpeZEKK8kv0ewE.roa (raw, json)
Hash identifier:          X0xp04wFY05WL2ujF3zf1HI8p5AWUMM0Fp9GJoDVQHc=
Subject key identifier:   BA:EA:ED:38:86:C3:52:0E:76:2A:DA:5E:64:42:8A:F2:4B:F4:7B:01
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018FF42E53E37BBCBF2B4533E675518F7492
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/uurtOIbDUg52KtpeZEKK8kv0ewE.roa
Signing time:             Fri 07 Jun 2024 19:30:27 +0000
ROA not before:           Fri 07 Jun 2024 19:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136744
IP address blocks:        212.30.38.0/24 maxlen: 24
                          212.30.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f4:2e:53:e3:7b:bc:bf:2b:45:33:e6:75:51:8f:74:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jun  7 19:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=baeaed3886c3520e762ada5e64428af24bf47b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ad:f5:4a:5f:f7:73:af:47:e4:71:2f:d0:89:
                    14:96:8b:88:ea:a0:7f:26:65:25:2d:fb:c1:5e:9f:
                    49:6c:01:70:09:aa:17:d3:60:1e:3c:41:bf:c2:49:
                    be:b3:34:c6:f8:e1:a4:61:f0:e3:e6:d3:a5:c8:26:
                    80:37:8b:3c:28:80:81:4d:27:e1:c0:02:42:27:3e:
                    f7:b0:64:c0:e7:a3:96:e4:49:72:9e:9d:c3:6c:66:
                    dc:76:dd:a4:20:f2:1e:28:0d:68:5c:59:88:bf:b1:
                    50:49:10:18:73:fd:22:59:24:6c:0d:c0:28:bf:0e:
                    d4:7e:71:a8:22:40:2c:97:08:af:bf:ad:e3:1f:57:
                    86:77:58:88:22:da:02:45:8b:6a:f9:83:bc:f1:09:
                    33:f4:4e:8c:19:2a:80:82:15:71:5a:49:4b:47:fe:
                    39:fd:c3:e3:61:dc:0b:03:eb:49:26:5e:a2:ab:a9:
                    69:61:1f:b3:83:50:2a:8d:0b:ee:aa:21:e2:30:16:
                    e8:66:f7:d6:f4:59:15:0a:16:d6:83:ab:f3:e0:b3:
                    08:2c:1a:ce:4f:fe:d6:97:88:c8:46:b2:ed:1a:5f:
                    c8:85:af:ad:59:1e:7f:da:d3:3c:a7:35:05:90:ca:
                    b1:ef:ba:42:b4:20:83:4f:d9:fb:02:55:a0:bd:22:
                    40:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:EA:ED:38:86:C3:52:0E:76:2A:DA:5E:64:42:8A:F2:4B:F4:7B:01
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/uurtOIbDUg52KtpeZEKK8kv0ewE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.38.0/24
                  212.30.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:84:8c:81:ca:11:2c:a6:2a:99:58:d8:d2:bd:49:a7:22:0d:
         f3:a5:72:77:e7:31:43:98:04:c5:2b:f5:7c:c7:0a:d8:c8:ff:
         b5:f7:af:25:54:8f:81:d0:6b:2e:97:df:79:0e:22:66:97:07:
         73:9a:14:eb:01:31:c7:e9:19:2f:c7:10:d2:d5:dc:03:15:e3:
         b5:bf:c3:81:b3:7d:85:63:f0:36:24:77:f7:d2:8d:3d:ac:94:
         d0:f7:d7:96:bf:dd:e2:39:cb:6a:03:80:98:ec:47:ef:86:7d:
         69:b8:db:4e:df:e6:66:bb:2e:2c:72:18:da:1c:ff:bb:14:cd:
         99:43:55:7c:ab:68:94:14:93:6b:60:19:7c:e9:03:87:8e:38:
         85:af:93:f1:d0:f7:28:68:b9:af:60:c4:2b:73:f9:7e:a2:83:
         87:cc:63:aa:18:44:05:41:55:27:a6:f6:5c:e9:31:09:6b:14:
         e7:dd:ba:47:b8:e8:60:6b:4b:e8:83:03:f3:7e:69:83:75:2d:
         09:29:07:5c:5e:43:cd:13:9e:72:d4:45:f8:e3:5f:38:b0:f6:
         8c:c2:3c:19:d9:1e:e8:fd:bb:3a:2c:8f:17:f2:70:9b:a6:40:
         3b:78:20:68:55:88:94:d0:5b:66:6d:0e:dc:a1:2d:9e:51:55:
         64:5e:dc:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/0LlPje7y/K0Uz5nVRj3SSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwNjA3MTkzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWVhZWQzODg2YzM1MjBlNzYyYWRhNWU2NDQyOGFmMjRiZjQ3YjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxq31Sl/3c69H5HEv0IkUlouI6qB/
JmUlLfvBXp9JbAFwCaoX02AePEG/wkm+szTG+OGkYfDj5tOlyCaAN4s8KICBTSfh
wAJCJz73sGTA56OW5Elynp3DbGbcdt2kIPIeKA1oXFmIv7FQSRAYc/0iWSRsDcAo
vw7UfnGoIkAslwivv63jH1eGd1iIItoCRYtq+YO88Qkz9E6MGSqAghVxWklLR/45
/cPjYdwLA+tJJl6iq6lpYR+zg1AqjQvuqiHiMBboZvfW9FkVChbWg6vz4LMILBrO
T/7Wl4jIRrLtGl/Iha+tWR5/2tM8pzUFkMqx77pCtCCDT9n7AlWgvSJArwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLrq7TiGw1IOdiraXmRCivJL9HsBMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvdXVydE9JYkRVZzUyS3RwZVpFS0s4a3YwZXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1B4mAwQA
1B49MA0GCSqGSIb3DQEBCwUAA4IBAQAXhIyByhEspiqZWNjSvUmnIg3zpXJ35zFD
mATFK/V8xwrYyP+1968lVI+B0Gsul995DiJmlwdzmhTrATHH6RkvxxDS1dwDFeO1
v8OBs32FY/A2JHf30o09rJTQ99eWv93iOctqA4CY7Efvhn1puNtO3+Zmuy4schja
HP+7FM2ZQ1V8q2iUFJNrYBl86QOHjjiFr5Px0PcoaLmvYMQrc/l+ooOHzGOqGEQF
QVUnpvZc6TEJaxTn3bpHuOhga0vogwPzfmmDdS0JKQdcXkPNE55y1EX44184sPaM
wjwZ2R7o/bs6LI8X8nCbpkA7eCBoVYiU0FtmbQ7coS2eUVVkXtxo
-----END CERTIFICATE-----