Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/1-HAvTJ97cGWI3qaGt2MN01i1ANY.roa
File:                     1-HAvTJ97cGWI3qaGt2MN01i1ANY.roa (raw, json)
Hash identifier:          xTsrxkGfjCMDIs0l9mLl7ItMVHU9CxHpsoUCHqRnp/c=
Subject key identifier:   F8:70:2F:4C:9F:7B:70:65:88:DE:A6:86:B7:63:0D:D3:58:B5:00:D6
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E012D29FAE3F1BB5B0728D34D3284
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/1-HAvTJ97cGWI3qaGt2MN01i1ANY.roa
Signing time:             Tue 02 Jan 2024 08:33:01 +0000
ROA not before:           Tue 02 Jan 2024 08:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198777
IP address blocks:        193.59.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:01:2d:29:fa:e3:f1:bb:5b:07:28:d3:4d:32:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8702f4c9f7b706588dea686b7630dd358b500d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:db:35:13:14:59:59:27:37:09:ee:eb:3c:72:
                    6f:2e:70:09:ca:52:ec:a8:4e:2b:30:85:f1:54:fb:
                    e3:f5:54:12:09:2d:60:8d:27:07:03:50:24:5d:de:
                    ac:80:61:96:c6:36:49:05:75:1d:56:08:06:4a:ac:
                    0b:05:50:0c:be:46:4a:65:b4:8f:50:5d:7e:4b:ba:
                    87:19:2f:41:45:84:aa:b5:8a:ba:79:fd:f5:6b:8e:
                    62:8c:0d:b8:c2:9d:eb:be:38:71:6e:00:a7:25:92:
                    6e:38:6c:66:39:e6:c5:3b:dc:76:30:f8:8b:16:27:
                    0e:47:e3:2e:a8:91:37:0e:f2:89:5b:76:76:7e:fc:
                    91:2e:38:01:39:2f:b7:77:24:48:e7:f4:a5:7a:53:
                    1c:27:05:f1:5a:9c:57:4d:db:d1:c1:61:cc:67:1e:
                    6d:ef:20:a2:21:9f:92:7e:d6:e9:c6:78:c6:70:08:
                    ba:08:38:36:85:8a:bd:c0:78:a7:15:d5:b8:e3:2f:
                    21:e7:93:77:ba:1d:4f:54:b4:3a:73:32:ca:d2:68:
                    f3:b5:91:f7:8d:db:fa:c7:ce:21:c7:9d:5e:e3:a0:
                    4e:eb:e7:5c:ff:95:c9:58:80:66:58:85:63:47:db:
                    bc:27:82:d3:62:b6:13:8f:4e:d1:f9:6e:07:66:f4:
                    77:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:70:2F:4C:9F:7B:70:65:88:DE:A6:86:B7:63:0D:D3:58:B5:00:D6
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/1-HAvTJ97cGWI3qaGt2MN01i1ANY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:05:ec:29:24:15:2e:42:81:69:33:6a:7f:4a:5c:f2:3d:79:
         48:3c:bb:08:29:05:54:88:e8:9a:fe:c1:fc:6a:7b:80:4d:e1:
         ca:40:0f:76:b9:92:ef:8e:03:0c:df:3f:91:92:50:d4:c7:1d:
         38:79:7a:e2:31:92:63:43:a9:5e:45:61:05:a1:88:8e:03:fb:
         1a:f8:39:6b:93:b0:90:fc:43:fd:e8:09:21:8e:ac:98:84:c7:
         38:b1:bf:be:54:56:c8:45:8d:b4:ca:3c:fc:ba:cc:61:31:33:
         0d:dc:1d:a3:48:c5:e6:01:74:e8:13:93:5e:e0:63:25:49:d8:
         ea:f0:2f:46:c2:2b:6b:54:48:75:a3:21:f2:29:36:bb:c4:29:
         31:e7:2f:6b:b2:22:9f:9b:0f:51:77:20:58:e8:37:2d:de:89:
         a9:68:61:fe:cb:77:06:47:7c:73:ea:e2:2a:a1:93:83:56:a0:
         2f:a9:03:d5:66:f9:86:c7:47:a4:62:06:00:fd:62:c9:c5:07:
         df:12:d5:f8:ad:fc:3e:5e:02:5b:b2:8b:22:ca:41:f9:09:08:
         76:39:33:9e:57:57:be:a5:c4:1b:ca:6c:b8:65:11:6a:9c:9c:
         a7:c2:6b:57:06:8d:3c:f9:26:b0:54:38:57:81:f8:8b:9c:9e:
         ee:9d:4c:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTgEtKfrj8btbByjTTTKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODcwMmY0YzlmN2I3MDY1ODhkZWE2ODZiNzYzMGRkMzU4YjUwMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnds1ExRZWSc3Ce7rPHJvLnAJylLs
qE4rMIXxVPvj9VQSCS1gjScHA1AkXd6sgGGWxjZJBXUdVggGSqwLBVAMvkZKZbSP
UF1+S7qHGS9BRYSqtYq6ef31a45ijA24wp3rvjhxbgCnJZJuOGxmOebFO9x2MPiL
FicOR+MuqJE3DvKJW3Z2fvyRLjgBOS+3dyRI5/SlelMcJwXxWpxXTdvRwWHMZx5t
7yCiIZ+SftbpxnjGcAi6CDg2hYq9wHinFdW44y8h55N3uh1PVLQ6czLK0mjztZH3
jdv6x84hx51e46BO6+dc/5XJWIBmWIVjR9u8J4LTYrYTj07R+W4HZvR32QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhwL0yfe3BliN6mhrdjDdNYtQDWMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvMS1IQXZUSjk3Y0dXSTNxYUd0Mk1OMDFpMUFOWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTEvYjc4ZmI1LWFmY2EtNGRiNy04ODg2LWMwNjcxYmY0Y2Yz
ZS8xL01NUUpZVF9xQ2l0RUxPRVM2Y3ZiU0Y0QkdJOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcE7WDAN
BgkqhkiG9w0BAQsFAAOCAQEACQXsKSQVLkKBaTNqf0pc8j15SDy7CCkFVIjomv7B
/Gp7gE3hykAPdrmS744DDN8/kZJQ1McdOHl64jGSY0OpXkVhBaGIjgP7Gvg5a5Ow
kPxD/egJIY6smITHOLG/vlRWyEWNtMo8/LrMYTEzDdwdo0jF5gF06BOTXuBjJUnY
6vAvRsIra1RIdaMh8ik2u8QpMecva7Iin5sPUXcgWOg3Ld6JqWhh/st3Bkd8c+ri
KqGTg1agL6kD1Wb5hsdHpGIGAP1iycUH3xLV+K38Pl4CW7KLIspB+QkIdjkznldX
vqXEG8psuGURapycp8JrVwaNPPkmsFQ4V4H4i5ye7p1MBA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 18:56:08 2024 by rpki-client on console-fra.rpki-client.org