Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/E8LYneNC9Fbt5JG2blqtmNZ328c.roa
File:                     E8LYneNC9Fbt5JG2blqtmNZ328c.roa (raw, json)
Hash identifier:          7vK6RvDAJewr2z4Bkt8ybevgK0jaa851bURoES7M1h4=
Subject key identifier:   13:C2:D8:9D:E3:42:F4:56:ED:E4:91:B6:6E:5A:AD:98:D6:77:DB:C7
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E0ACC2E75587085A0A0E8FAB3B990
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/E8LYneNC9Fbt5JG2blqtmNZ328c.roa
Signing time:             Tue 02 Jan 2024 08:33:04 +0000
ROA not before:           Tue 02 Jan 2024 08:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210271
IP address blocks:        193.59.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:0a:cc:2e:75:58:70:85:a0:a0:e8:fa:b3:b9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13c2d89de342f456ede491b66e5aad98d677dbc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:71:61:d7:c6:2a:a5:29:3b:89:89:62:b7:0d:
                    a3:72:34:a6:60:3b:cd:ec:9e:65:1e:e6:e8:91:cc:
                    08:ea:7c:5c:05:2b:76:74:0e:7b:1a:90:f6:45:89:
                    f4:ca:04:f3:ba:c2:f3:17:d7:bd:21:5e:fe:37:a8:
                    0f:39:8e:a1:67:eb:9e:30:a5:8a:41:d1:99:0e:04:
                    a2:22:da:64:df:ad:77:12:37:89:8f:5b:6b:da:3b:
                    70:31:a4:cf:a2:cb:46:e1:9a:dd:02:84:1c:e9:08:
                    5c:16:6f:34:60:cd:2a:db:0e:5b:51:8b:13:ea:d2:
                    25:33:da:66:2e:c5:d4:23:a1:93:5a:d2:7a:2a:41:
                    97:15:08:ac:9c:4a:1a:04:68:8f:e3:5b:db:5c:69:
                    a4:80:ed:a2:b4:61:0d:bc:76:52:cb:9b:13:53:bb:
                    32:aa:0d:9d:2a:a0:51:cc:e0:1f:d0:ae:7d:52:61:
                    4b:a5:ba:9d:55:b1:30:37:b6:21:67:e9:30:fb:37:
                    53:37:d0:97:68:91:77:d8:6b:57:b0:1a:0b:96:20:
                    e2:4f:87:c6:ba:85:6f:c5:67:b5:17:52:df:4c:22:
                    19:ce:25:53:cf:66:d2:2e:03:c2:06:89:d6:fb:b1:
                    0c:77:92:0b:76:0c:44:d5:b6:c2:e6:ae:01:b4:2f:
                    b7:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C2:D8:9D:E3:42:F4:56:ED:E4:91:B6:6E:5A:AD:98:D6:77:DB:C7
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/E8LYneNC9Fbt5JG2blqtmNZ328c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:35:02:19:9f:b5:1e:25:af:ae:cc:a0:61:3f:1d:ea:58:e6:
         9f:75:5c:54:39:6a:98:b2:14:1c:6f:49:6d:66:97:6e:4f:2b:
         13:8f:cb:6e:1e:87:5e:2c:0a:97:6f:f1:4e:88:4c:9f:04:c9:
         30:83:89:b3:87:a0:56:61:00:73:5c:de:68:e3:ed:f7:d0:c5:
         2b:34:6e:ae:97:7c:b7:88:71:c8:52:3e:96:41:dd:df:30:f5:
         f5:67:de:f2:43:3d:9b:86:b8:49:0c:a4:2e:0f:9b:27:7d:d6:
         5b:3f:90:82:7d:a5:6a:fb:dd:02:52:15:e0:58:85:33:13:72:
         5e:5e:ff:14:6b:24:02:a1:12:b1:73:84:c7:4f:a3:31:1c:41:
         6e:1b:1a:0d:33:93:87:73:91:8f:65:07:19:c1:85:a3:34:83:
         ec:91:e6:36:cf:08:23:c4:13:53:e0:75:f9:c9:9b:db:1f:89:
         3b:30:da:6a:ed:45:75:eb:a2:b8:74:a6:3a:c2:4e:71:db:e2:
         00:6c:d3:88:3c:42:8c:47:08:03:6a:1e:ee:17:df:68:79:1c:
         24:d5:b0:d4:6f:57:a4:d8:11:8e:c9:60:9d:9a:72:ed:41:27:
         c8:05:35:6f:2d:25:14:b2:63:b1:79:5f:cf:f3:e9:0b:d8:58:
         08:3a:3b:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgrMLnVYcIWgoOj6s7mQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2MyZDg5ZGUzNDJmNDU2ZWRlNDkxYjY2ZTVhYWQ5OGQ2NzdkYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHFh18YqpSk7iYlitw2jcjSmYDvN
7J5lHubokcwI6nxcBSt2dA57GpD2RYn0ygTzusLzF9e9IV7+N6gPOY6hZ+ueMKWK
QdGZDgSiItpk3613EjeJj1tr2jtwMaTPostG4ZrdAoQc6QhcFm80YM0q2w5bUYsT
6tIlM9pmLsXUI6GTWtJ6KkGXFQisnEoaBGiP41vbXGmkgO2itGENvHZSy5sTU7sy
qg2dKqBRzOAf0K59UmFLpbqdVbEwN7YhZ+kw+zdTN9CXaJF32GtXsBoLliDiT4fG
uoVvxWe1F1LfTCIZziVTz2bSLgPCBonW+7EMd5ILdgxE1bbC5q4BtC+35QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPC2J3jQvRW7eSRtm5arZjWd9vHMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvRThMWW5lTkM5RmJ0NUpHMmJscXRtTlozMjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTtQMA0G
CSqGSIb3DQEBCwUAA4IBAQALNQIZn7UeJa+uzKBhPx3qWOafdVxUOWqYshQcb0lt
ZpduTysTj8tuHodeLAqXb/FOiEyfBMkwg4mzh6BWYQBzXN5o4+330MUrNG6ul3y3
iHHIUj6WQd3fMPX1Z97yQz2bhrhJDKQuD5snfdZbP5CCfaVq+90CUhXgWIUzE3Je
Xv8UayQCoRKxc4THT6MxHEFuGxoNM5OHc5GPZQcZwYWjNIPskeY2zwgjxBNT4HX5
yZvbH4k7MNpq7UV166K4dKY6wk5x2+IAbNOIPEKMRwgDah7uF99oeRwk1bDUb1ek
2BGOyWCdmnLtQSfIBTVvLSUUsmOxeV/P8+kL2FgIOjuC
-----END CERTIFICATE-----