Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/xtI4FxymYzhmmmKad9ZOkzTos1E.roa
File:                     xtI4FxymYzhmmmKad9ZOkzTos1E.roa (raw, json)
Hash identifier:          Xd4WHKpPZgsYedQWZYH07M7z75l0J2MM4sU9jDdQuXM=
Subject key identifier:   C6:D2:38:17:1C:A6:63:38:66:9A:62:9A:77:D6:4E:93:34:E8:B3:51
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       019546E8E41209D697F1DCFFD0A26725355D
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/xtI4FxymYzhmmmKad9ZOkzTos1E.roa
Signing time:             Thu 27 Feb 2025 10:17:02 +0000
ROA not before:           Thu 27 Feb 2025 10:17:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207456
IP address blocks:        212.30.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:46:e8:e4:12:09:d6:97:f1:dc:ff:d0:a2:67:25:35:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Feb 27 10:17:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6d238171ca66338669a629a77d64e9334e8b351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2e:c4:40:e4:26:45:50:a7:d2:99:f6:5c:42:
                    87:50:99:db:26:0b:f5:49:f8:db:84:d8:ff:68:5f:
                    0e:9f:a0:76:fe:ca:a9:34:24:14:32:fc:84:32:45:
                    bd:6e:1c:d9:07:e2:8e:8c:c2:d9:8e:bd:6a:2d:0e:
                    d5:d0:e4:ef:9f:c7:ee:6c:ec:d1:83:4f:eb:4a:63:
                    e3:5b:27:d4:e7:ea:7c:4b:e2:05:c6:e9:db:6a:2b:
                    cb:e6:f7:0f:80:87:92:bc:8d:c8:9e:0b:85:5a:78:
                    b9:97:df:6f:9d:f3:6f:12:56:ba:3c:c7:87:05:f7:
                    52:a7:d7:59:1f:bc:d3:39:26:33:22:9a:9e:e5:22:
                    04:c5:3a:73:72:34:91:f6:d3:62:d2:51:a8:c4:59:
                    87:49:5c:8c:25:2e:4b:1b:af:25:9f:d1:81:50:1e:
                    f5:c5:3b:72:95:05:a2:4a:08:53:03:eb:df:4c:50:
                    ed:8d:3b:5c:73:a0:b7:08:af:cf:33:47:82:64:c6:
                    cf:77:30:47:72:7f:e3:8a:58:6c:68:54:ee:0c:cd:
                    00:f4:6f:aa:dd:fc:a0:e4:90:bf:3d:50:66:74:3a:
                    c3:41:72:70:17:25:dd:59:e5:81:1b:2a:e0:f5:cf:
                    5b:7f:92:d8:3a:58:9c:38:5c:d8:5d:6a:cf:d5:ad:
                    7e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D2:38:17:1C:A6:63:38:66:9A:62:9A:77:D6:4E:93:34:E8:B3:51
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/xtI4FxymYzhmmmKad9ZOkzTos1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.30.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:59:98:a6:4f:84:cc:08:25:e0:a1:2d:fd:5f:70:bd:be:51:
         00:a6:84:f4:c7:e1:48:b5:12:6f:c9:7a:37:57:f4:06:d6:74:
         39:d3:1f:f8:31:e3:9d:41:7c:79:db:c6:d6:5e:2e:df:12:32:
         34:e7:1a:7b:cb:ab:63:a5:9b:3c:5f:e5:a7:f4:1b:14:2e:8b:
         66:89:f6:06:e1:04:9c:6b:32:38:ce:4b:6b:f1:95:c5:29:99:
         4d:12:2a:5a:ee:bd:a6:14:dc:e5:e8:4d:a4:05:fc:58:73:ff:
         37:ac:7d:1c:70:fc:76:7c:4a:c1:51:3a:53:20:fe:ea:a3:b6:
         a6:ad:ed:37:01:87:35:12:60:bf:de:32:a9:93:b4:73:98:8c:
         99:1a:89:dd:4b:03:6c:fe:00:67:1f:e9:8c:e3:ad:ba:eb:36:
         da:06:6f:16:6a:76:d6:27:5f:90:7d:d7:5b:66:cf:e1:6d:78:
         59:8a:22:b4:93:0c:74:21:b9:e7:92:47:96:b1:fa:0d:5b:10:
         f4:41:e5:ad:8f:24:16:3d:8f:0c:0a:cd:83:93:e8:2d:8d:6f:
         64:3d:bc:c8:a3:1c:c1:b5:f1:77:80:f0:f5:21:22:99:28:17:
         33:9f:fa:53:81:d1:31:2d:d7:4d:10:c4:91:e8:cf:41:23:96:
         b2:88:dc:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVG6OQSCdaX8dz/0KJnJTVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjUwMjI3MTAxNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQyMzgxNzFjYTY2MzM4NjY5YTYyOWE3N2Q2NGU5MzM0ZThiMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzC7EQOQmRVCn0pn2XEKHUJnbJgv1
SfjbhNj/aF8On6B2/sqpNCQUMvyEMkW9bhzZB+KOjMLZjr1qLQ7V0OTvn8fubOzR
g0/rSmPjWyfU5+p8S+IFxunbaivL5vcPgIeSvI3InguFWni5l99vnfNvEla6PMeH
BfdSp9dZH7zTOSYzIpqe5SIExTpzcjSR9tNi0lGoxFmHSVyMJS5LG68ln9GBUB71
xTtylQWiSghTA+vfTFDtjTtcc6C3CK/PM0eCZMbPdzBHcn/jilhsaFTuDM0A9G+q
3fyg5JC/PVBmdDrDQXJwFyXdWeWBGyrg9c9bf5LYOlicOFzYXWrP1a1+YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbSOBccpmM4ZppimnfWTpM06LNRMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEveHRJNEZ4eW1ZemhtbW1LYWQ5Wk9relRvczFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1B4wMA0G
CSqGSIb3DQEBCwUAA4IBAQAYWZimT4TMCCXgoS39X3C9vlEApoT0x+FItRJvyXo3
V/QG1nQ50x/4MeOdQXx528bWXi7fEjI05xp7y6tjpZs8X+Wn9BsULotmifYG4QSc
azI4zktr8ZXFKZlNEipa7r2mFNzl6E2kBfxYc/83rH0ccPx2fErBUTpTIP7qo7am
re03AYc1EmC/3jKpk7RzmIyZGondSwNs/gBnH+mM46266zbaBm8WanbWJ1+Qfddb
Zs/hbXhZiiK0kwx0IbnnkkeWsfoNWxD0QeWtjyQWPY8MCs2Dk+gtjW9kPbzIoxzB
tfF3gPD1ISKZKBczn/pTgdExLddNEMSR6M9BI5ayiNwy
-----END CERTIFICATE-----