Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/81sism6nJsv3F20SZbGAZb9CLTA.roa
File:                     81sism6nJsv3F20SZbGAZb9CLTA.roa (raw, json)
Hash identifier:          85CPBkiJ4Z/6QtBpKQYkTGm4sJD1nPPBbq+1csMkyCM=
Subject key identifier:   F3:5B:22:B2:6E:A7:26:CB:F7:17:6D:12:65:B1:80:65:BF:42:2D:30
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E0758BBD6040534B77F7D0183C568
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/81sism6nJsv3F20SZbGAZb9CLTA.roa
Signing time:             Tue 02 Jan 2024 08:33:03 +0000
ROA not before:           Tue 02 Jan 2024 08:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204569
IP address blocks:        193.59.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:07:58:bb:d6:04:05:34:b7:7f:7d:01:83:c5:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f35b22b26ea726cbf7176d1265b18065bf422d30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:00:90:b3:6b:8b:b0:c3:7f:d6:a1:37:d3:b9:
                    b4:0a:a2:e4:74:8c:8f:17:49:f6:3b:59:87:1b:f6:
                    99:0f:18:0a:72:e2:68:b8:63:3d:ca:43:3e:bb:27:
                    07:ed:b2:5d:1e:9e:67:d6:4e:b0:0e:55:02:28:43:
                    de:3c:7f:b5:73:e7:05:b5:c1:71:1b:81:e2:d6:e4:
                    b2:50:b8:02:1b:3f:c9:df:b2:1a:ac:78:0a:7d:77:
                    f6:36:96:d5:27:f4:e5:0b:9e:c0:32:d3:f1:6c:8e:
                    29:c9:6e:29:86:4b:0b:e3:2f:6e:ca:57:93:c9:40:
                    31:4b:f1:64:09:a5:2d:a7:0c:60:59:6e:35:da:0d:
                    fe:a6:09:ba:ab:c6:1f:ec:77:ff:dd:d7:7a:7b:2e:
                    84:cb:4e:d7:61:52:5f:86:ce:80:70:a9:bd:74:d6:
                    fc:1f:05:5d:f6:70:86:fe:8d:d8:5e:24:bf:97:1e:
                    1d:ee:ca:9e:77:e8:5a:2a:a8:67:a7:86:d6:3c:48:
                    b6:7e:21:c7:2c:24:57:a5:92:4e:5d:92:9d:cd:4e:
                    80:fb:c1:47:e8:13:d1:dc:2c:f3:6a:d1:45:57:4b:
                    d9:b5:44:17:a8:d4:fc:f4:f7:a0:fd:6c:b5:3e:28:
                    52:a4:52:ae:3d:32:47:4c:a8:c4:a5:91:3f:10:a2:
                    82:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:5B:22:B2:6E:A7:26:CB:F7:17:6D:12:65:B1:80:65:BF:42:2D:30
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/81sism6nJsv3F20SZbGAZb9CLTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:87:22:51:1c:d8:ca:cc:39:79:eb:0c:c2:dc:aa:3a:4b:0c:
         fa:10:2c:99:9c:85:66:06:3f:fe:8e:e4:6f:82:01:e1:54:5d:
         f5:76:9b:a4:f8:a2:9d:27:f3:45:da:d8:7b:76:be:76:23:32:
         b0:a6:87:ab:c5:ae:a2:52:db:04:dc:7b:46:a2:5b:8c:e9:a4:
         ef:b6:7c:68:45:d5:87:ac:f2:ce:23:10:33:cb:0a:9a:8f:0d:
         91:71:89:f1:e6:20:d9:16:fa:c5:2d:4f:75:f2:04:d0:80:89:
         f9:a9:de:e9:da:7d:cf:fd:8a:6e:e1:26:4b:c3:52:f6:09:72:
         62:ac:13:cd:aa:f2:74:8c:7d:cc:ed:4a:45:a2:48:b6:8d:00:
         6d:b7:95:3e:0b:da:09:4c:ea:11:96:5a:07:af:17:be:e2:a3:
         66:df:2c:8a:d3:0c:d5:31:7c:cb:54:4d:89:3c:21:c1:26:12:
         51:5a:75:8d:cb:01:5c:b7:61:95:43:83:b0:7d:a8:b3:fb:8f:
         12:75:14:10:c6:4c:b4:61:e2:2b:1a:c6:6a:e1:67:a3:72:43:
         9a:e9:7d:95:1e:54:d9:7e:78:3d:3d:ca:51:7f:d6:0d:ee:f3:
         d6:8b:fa:75:79:90:40:de:36:5c:0f:47:8e:d2:17:e2:e7:09:
         27:dd:88:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgdYu9YEBTS3f30Bg8VoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzViMjJiMjZlYTcyNmNiZjcxNzZkMTI2NWIxODA2NWJmNDIyZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQCQs2uLsMN/1qE307m0CqLkdIyP
F0n2O1mHG/aZDxgKcuJouGM9ykM+uycH7bJdHp5n1k6wDlUCKEPePH+1c+cFtcFx
G4Hi1uSyULgCGz/J37IarHgKfXf2NpbVJ/TlC57AMtPxbI4pyW4phksL4y9uyleT
yUAxS/FkCaUtpwxgWW412g3+pgm6q8Yf7Hf/3dd6ey6Ey07XYVJfhs6AcKm9dNb8
HwVd9nCG/o3YXiS/lx4d7sqed+haKqhnp4bWPEi2fiHHLCRXpZJOXZKdzU6A+8FH
6BPR3CzzatFFV0vZtUQXqNT89Peg/Wy1PihSpFKuPTJHTKjEpZE/EKKCsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNbIrJupybL9xdtEmWxgGW/Qi0wMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvODFzaXNtNm5Kc3YzRjIwU1piR0FaYjlDTFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTtMMA0G
CSqGSIb3DQEBCwUAA4IBAQAGhyJRHNjKzDl56wzC3Ko6Swz6ECyZnIVmBj/+juRv
ggHhVF31dpuk+KKdJ/NF2th7dr52IzKwpoerxa6iUtsE3HtGoluM6aTvtnxoRdWH
rPLOIxAzywqajw2RcYnx5iDZFvrFLU918gTQgIn5qd7p2n3P/Ypu4SZLw1L2CXJi
rBPNqvJ0jH3M7UpFoki2jQBtt5U+C9oJTOoRlloHrxe+4qNm3yyK0wzVMXzLVE2J
PCHBJhJRWnWNywFct2GVQ4Owfaiz+48SdRQQxky0YeIrGsZq4WejckOa6X2VHlTZ
fng9PcpRf9YN7vPWi/p1eZBA3jZcD0eO0hfi5wkn3YiV
-----END CERTIFICATE-----