Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/CsMiRnDn04-13qj2mOB4Lyc6YTY.roa
File:                     CsMiRnDn04-13qj2mOB4Lyc6YTY.roa (raw, json)
Hash identifier:          U+GwIsKn5RGQHvbqB5SkD8NlacEA/jyL+KlLQyhYnKY=
Subject key identifier:   0A:C3:22:46:70:E7:D3:8F:B5:DE:A8:F6:98:E0:78:2F:27:3A:61:36
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E09279E6B08703E04BF2A88F6F15E
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/CsMiRnDn04-13qj2mOB4Lyc6YTY.roa
Signing time:             Tue 02 Jan 2024 08:33:03 +0000
ROA not before:           Tue 02 Jan 2024 08:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207684
IP address blocks:        193.59.16.0/22 maxlen: 22
                          193.59.14.0/23 maxlen: 23
                          193.59.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Nov 2024 23:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:09:27:9e:6b:08:70:3e:04:bf:2a:88:f6:f1:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ac3224670e7d38fb5dea8f698e0782f273a6136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a1:f9:be:38:3b:ac:42:b6:45:8f:ed:3e:b0:
                    b5:bf:80:b5:8e:30:78:86:35:ca:34:fa:d2:d9:76:
                    72:81:7c:86:dd:5e:c5:33:b4:8b:c2:a4:41:5d:20:
                    c2:ba:b2:00:3b:15:45:ae:dd:26:90:83:dd:38:81:
                    e7:54:a0:db:c0:28:0a:dd:6e:29:41:fc:0a:0e:ab:
                    23:f9:53:32:24:4b:f8:36:ec:a4:f5:81:81:c6:5e:
                    b7:1a:ef:4c:12:7d:bb:78:25:5c:73:26:b4:e3:9c:
                    28:3f:19:6f:ae:98:6b:4e:0b:61:22:81:f8:c6:49:
                    74:74:f5:f3:25:d3:30:61:0e:7e:59:0c:59:25:84:
                    98:68:2c:71:7e:68:bd:43:43:5a:ea:74:0b:24:27:
                    1c:cd:7b:b7:c2:7f:40:19:67:fd:4b:88:91:bb:b5:
                    fb:e2:9d:f0:d3:cf:3c:84:65:e3:13:d9:b9:b8:04:
                    10:c9:2b:c2:57:d5:fe:82:40:72:16:da:3c:dc:46:
                    16:af:19:1b:80:aa:31:f4:54:4d:1b:cb:de:1f:b2:
                    37:b4:c8:90:b0:ee:01:4a:71:87:80:d9:9c:78:8a:
                    74:d4:c2:d2:f4:c1:09:d2:1a:61:64:81:b1:4a:ed:
                    7f:8d:98:63:8c:ef:2e:97:78:97:0e:f6:d5:72:71:
                    c7:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:C3:22:46:70:E7:D3:8F:B5:DE:A8:F6:98:E0:78:2F:27:3A:61:36
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/CsMiRnDn04-13qj2mOB4Lyc6YTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.14.0-193.59.19.255
                  193.59.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:dc:e7:d2:aa:07:5c:72:70:0a:d9:74:c4:ee:a1:e8:81:ea:
         27:6c:88:bd:b4:7b:b8:5e:e1:9c:f6:c4:2c:8f:4c:91:9d:4c:
         33:a0:30:66:11:5d:cb:6f:c7:0f:26:45:40:42:f3:09:7e:b5:
         7f:80:c0:b9:64:9a:19:ad:d0:fe:29:b6:b5:d7:43:d0:ce:9a:
         78:aa:77:d4:b2:4a:b7:4c:e0:df:f5:62:00:3b:69:b5:e9:c2:
         04:c5:4c:3d:20:b6:4a:f8:04:9f:2c:68:cf:07:52:87:00:42:
         0b:da:2e:82:2e:c7:3e:d2:d3:43:4c:43:a8:2d:1e:1c:cc:84:
         f1:0a:43:3d:53:6d:97:db:18:56:67:7e:5a:09:8b:79:0a:b5:
         ed:ab:37:bf:51:4d:4f:29:7b:d7:6c:36:8f:aa:be:44:8c:82:
         eb:a2:94:7a:24:76:fb:d8:5b:cc:55:5c:ab:76:66:90:a8:a1:
         43:d0:05:bd:09:d0:7a:8d:ff:7b:0b:37:c6:96:aa:04:02:85:
         6e:d6:1a:03:39:b3:16:53:ea:80:df:fd:f6:3d:78:f4:9a:dc:
         78:50:11:c6:e5:f0:62:56:3c:6c:16:93:15:eb:0a:66:c6:94:
         d5:94:c7:36:34:12:ee:3c:f7:e0:39:2f:d9:89:8c:a5:bc:75:
         fd:8f:f5:93
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzJTgknnmsIcD4EvyqI9vFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWMzMjI0NjcwZTdkMzhmYjVkZWE4ZjY5OGUwNzgyZjI3M2E2MTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaH5vjg7rEK2RY/tPrC1v4C1jjB4
hjXKNPrS2XZygXyG3V7FM7SLwqRBXSDCurIAOxVFrt0mkIPdOIHnVKDbwCgK3W4p
QfwKDqsj+VMyJEv4Nuyk9YGBxl63Gu9MEn27eCVccya045woPxlvrphrTgthIoH4
xkl0dPXzJdMwYQ5+WQxZJYSYaCxxfmi9Q0Na6nQLJCcczXu3wn9AGWf9S4iRu7X7
4p3w0888hGXjE9m5uAQQySvCV9X+gkByFto83EYWrxkbgKox9FRNG8veH7I3tMiQ
sO4BSnGHgNmceIp01MLS9MEJ0hphZIGxSu1/jZhjjO8ul3iXDvbVcnHHdQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFArDIkZw59OPtd6o9pjgeC8nOmE2MB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvQ3NNaVJuRG4wNC0xM3FqMm1PQjRMeWM2WVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAHBOw4D
BALBOxADBALBOxgwDQYJKoZIhvcNAQELBQADggEBAF3c59KqB1xycArZdMTuoeiB
6idsiL20e7he4Zz2xCyPTJGdTDOgMGYRXctvxw8mRUBC8wl+tX+AwLlkmhmt0P4p
trXXQ9DOmniqd9SySrdM4N/1YgA7abXpwgTFTD0gtkr4BJ8saM8HUocAQgvaLoIu
xz7S00NMQ6gtHhzMhPEKQz1TbZfbGFZnfloJi3kKte2rN79RTU8pe9dsNo+qvkSM
guuilHokdvvYW8xVXKt2ZpCooUPQBb0J0HqN/3sLN8aWqgQChW7WGgM5sxZT6oDf
/fY9ePSa3HhQEcbl8GJWPGwWkxXrCmbGlNWUxzY0Eu489+A5L9mJjKW8df2P9ZM=
-----END CERTIFICATE-----
Generated at Fri Nov 1 08:37:20 2024 by rpki-client on console-fra.rpki-client.org