Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/2npsbeo06LOYfx6QX9MypRnulo0.roa
File:                     2npsbeo06LOYfx6QX9MypRnulo0.roa (raw, json)
Hash identifier:          qz0Kl17iyLQPCOjV90EKtr40RnQZko25YYW38/r4KS4=
Subject key identifier:   DA:7A:6C:6D:EA:34:E8:B3:98:7F:1E:90:5F:D3:32:A5:19:EE:96:8D
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E02F884A21E3F9D2D669788205060
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/2npsbeo06LOYfx6QX9MypRnulo0.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199845
IP address blocks:        193.59.208.0/24 maxlen: 24
                          193.59.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:02:f8:84:a2:1e:3f:9d:2d:66:97:88:20:50:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da7a6c6dea34e8b3987f1e905fd332a519ee968d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e4:a1:07:a0:df:1c:ad:94:da:69:f7:08:61:
                    5e:09:45:4c:4e:e9:e9:f9:74:95:74:49:eb:48:88:
                    5a:76:be:7c:b1:27:ad:72:0a:57:53:fc:34:68:97:
                    ab:c6:0e:c9:d5:59:e8:09:d3:86:b1:63:0f:db:36:
                    be:4b:00:4a:77:8e:22:fb:dd:19:3f:fd:33:26:01:
                    df:b1:27:2d:f2:0b:73:62:38:42:d3:b9:30:b3:e1:
                    b9:ce:d4:08:3f:b9:09:85:19:96:b0:e9:b0:db:c7:
                    6a:8f:3f:a1:d1:65:14:04:85:c8:a7:48:6a:ac:3d:
                    2b:62:3c:e4:92:98:4b:00:1d:de:db:6b:b2:d7:7c:
                    2a:c7:28:58:0b:e7:4f:98:4c:08:da:76:f6:20:7e:
                    27:ae:0b:ee:12:db:85:ac:d5:03:19:72:e0:6d:c5:
                    e6:78:21:d6:97:5c:70:42:d7:e2:db:b2:e5:dd:50:
                    37:e3:d7:27:c6:3c:0a:3a:8d:02:52:2f:4a:b6:ce:
                    18:06:d4:7f:6c:08:ff:49:7a:71:85:bc:f3:66:1f:
                    d4:d9:fc:74:ce:34:b7:32:21:aa:23:05:4b:2b:f4:
                    e1:5d:6b:db:e5:22:ad:c8:db:5b:37:ad:09:63:e9:
                    81:37:8f:f2:20:ab:2b:ef:c8:e6:68:87:db:ec:2d:
                    f5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7A:6C:6D:EA:34:E8:B3:98:7F:1E:90:5F:D3:32:A5:19:EE:96:8D
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/2npsbeo06LOYfx6QX9MypRnulo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.207.0-193.59.208.255

    Signature Algorithm: sha256WithRSAEncryption
         0a:bb:7d:01:59:7e:d3:30:41:1a:e5:4a:02:31:41:0a:a5:2f:
         07:4d:cf:83:4e:8d:00:07:ec:5c:0b:da:4c:8b:f8:b6:b6:e7:
         6e:85:a5:ef:b9:26:91:65:c7:ac:c7:bf:6c:b1:ab:7b:2b:3b:
         70:c7:71:3f:a1:40:d1:2d:b4:ea:c6:cb:a2:9b:83:56:3d:74:
         a1:29:1e:cf:43:3b:7e:dc:6f:64:ad:14:8e:15:42:6a:50:1a:
         bb:d7:de:f5:ea:e2:7d:21:77:22:37:6a:c7:42:bb:98:56:4a:
         22:1e:41:9d:cd:ad:78:be:f2:52:09:c6:e9:e8:ed:b3:9d:5f:
         9d:9d:e6:e4:cc:8f:31:8a:a8:70:4a:5f:2a:8d:20:23:fd:8e:
         78:88:1c:0b:31:21:62:d2:00:bf:9b:a1:28:15:90:18:11:2b:
         e7:9a:0b:79:71:ff:1d:52:6e:27:26:b9:1b:5e:6f:a8:56:20:
         c5:3d:29:08:e6:c4:47:87:1b:41:fa:86:8b:3f:4f:56:df:03:
         be:f3:a0:1d:4a:94:33:32:2d:43:d3:56:c5:50:8d:02:3f:22:
         dc:a2:6a:dd:43:a0:d3:2a:9e:54:99:2f:7e:ab:c6:d8:92:51:
         73:8b:56:9c:75:9e:91:a8:19:d0:ae:2d:7d:6a:2b:ee:3f:b2:
         27:1e:ef:21
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTgL4hKIeP50tZpeIIFBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTdhNmM2ZGVhMzRlOGIzOTg3ZjFlOTA1ZmQzMzJhNTE5ZWU5NjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOShB6DfHK2U2mn3CGFeCUVMTunp
+XSVdEnrSIhadr58sSetcgpXU/w0aJerxg7J1VnoCdOGsWMP2za+SwBKd44i+90Z
P/0zJgHfsSct8gtzYjhC07kws+G5ztQIP7kJhRmWsOmw28dqjz+h0WUUBIXIp0hq
rD0rYjzkkphLAB3e22uy13wqxyhYC+dPmEwI2nb2IH4nrgvuEtuFrNUDGXLgbcXm
eCHWl1xwQtfi27Ll3VA349cnxjwKOo0CUi9Kts4YBtR/bAj/SXpxhbzzZh/U2fx0
zjS3MiGqIwVLK/ThXWvb5SKtyNtbN60JY+mBN4/yIKsr78jmaIfb7C31uQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNp6bG3qNOizmH8ekF/TMqUZ7paNMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvMm5wc2JlbzA2TE9ZZng2UVg5TXlwUm51bG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADBO88D
BADBO9AwDQYJKoZIhvcNAQELBQADggEBAAq7fQFZftMwQRrlSgIxQQqlLwdNz4NO
jQAH7FwL2kyL+La2526Fpe+5JpFlx6zHv2yxq3srO3DHcT+hQNEttOrGy6Kbg1Y9
dKEpHs9DO37cb2StFI4VQmpQGrvX3vXq4n0hdyI3asdCu5hWSiIeQZ3NrXi+8lIJ
xuno7bOdX52d5uTMjzGKqHBKXyqNICP9jniIHAsxIWLSAL+boSgVkBgRK+eaC3lx
/x1SbicmuRteb6hWIMU9KQjmxEeHG0H6hos/T1bfA77zoB1KlDMyLUPTVsVQjQI/
Ityiat1DoNMqnlSZL36rxtiSUXOLVpx1npGoGdCuLX1qK+4/sice7yE=
-----END CERTIFICATE-----