Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/VGWxv1lVxi2D0WEZGovkR9hAEE8.roa
File:                     VGWxv1lVxi2D0WEZGovkR9hAEE8.roa (raw, json)
Hash identifier:          Om7dRkLrk0nNVv3ROCpohCznzyQkn0650ASYslJs6kw=
Subject key identifier:   54:65:B1:BF:59:55:C6:2D:83:D1:61:19:1A:8B:E4:47:D8:40:10:4F
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E02C7D17C49107C072672133C5F4A
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/VGWxv1lVxi2D0WEZGovkR9hAEE8.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199815
IP address blocks:        193.59.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:02:c7:d1:7c:49:10:7c:07:26:72:13:3c:5f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5465b1bf5955c62d83d161191a8be447d840104f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e4:3f:19:83:df:b1:44:a3:93:b5:12:bc:1a:
                    9c:80:d3:eb:30:a7:67:49:90:c0:a2:0b:d4:90:be:
                    69:e1:36:e4:c2:58:3b:f8:1f:c4:2c:a4:83:c5:1b:
                    54:a2:ad:5c:93:24:60:43:19:ee:d8:bd:df:6b:77:
                    8d:8a:a1:97:8d:7c:39:58:4d:51:e2:36:d5:fd:39:
                    bd:3b:d1:b0:40:b3:6f:8c:86:80:26:e6:de:87:1b:
                    7b:dd:64:29:ee:76:50:7a:87:57:7b:70:89:51:e2:
                    30:cf:ae:92:b0:09:c5:92:d4:d6:95:12:8b:ba:21:
                    45:90:fc:8f:60:5a:d8:8f:63:4e:d9:ab:d1:53:5d:
                    5b:12:6e:06:de:80:27:98:66:32:92:85:d1:e0:5f:
                    76:a1:46:ac:72:32:59:02:18:46:94:ff:78:9d:be:
                    ed:d1:f4:a0:72:84:ea:8a:b2:3e:5f:51:b3:15:63:
                    09:05:eb:b6:e1:30:17:60:fc:5a:4a:aa:84:09:dd:
                    da:96:3f:6d:99:cc:97:77:ca:d3:f4:f6:be:bd:53:
                    64:aa:66:75:0f:63:30:2b:4e:ab:f1:3d:2c:bf:07:
                    a6:0e:d8:7b:da:e5:84:a9:d1:f4:cb:52:03:2b:c0:
                    25:4e:45:9c:bb:1f:b3:e8:7e:bc:00:9e:32:75:24:
                    db:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:65:B1:BF:59:55:C6:2D:83:D1:61:19:1A:8B:E4:47:D8:40:10:4F
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/VGWxv1lVxi2D0WEZGovkR9hAEE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c5:fd:5d:f4:91:4e:09:62:83:cc:75:79:f7:82:1a:37:d2:
         f2:0c:b6:03:dd:13:26:7c:bc:ce:8e:b2:5b:3d:8d:8f:bd:15:
         3c:0b:40:ca:ef:fa:16:06:ad:d5:43:fa:16:78:b3:74:de:65:
         28:21:c7:06:36:0f:76:2c:b6:6c:4e:af:35:4c:3c:4c:56:e2:
         17:88:82:72:19:d5:99:2c:de:40:7e:30:a6:89:61:ce:55:22:
         61:b8:10:75:bd:1e:dd:77:df:af:57:fe:55:ff:b8:09:29:be:
         bc:29:0d:4e:7b:e1:c3:07:1c:9a:64:8d:0c:3a:33:e1:9e:5d:
         05:62:31:ad:be:33:33:09:42:d0:ce:a3:a1:d1:07:77:8c:39:
         81:5b:34:42:47:bb:21:71:dd:fa:e7:13:7b:05:7a:a7:eb:6e:
         c4:38:3a:0d:45:f4:c6:0c:bb:e1:9a:6f:5c:1f:1c:0b:16:27:
         6f:63:76:8e:f4:56:d5:c5:a5:45:84:da:de:e3:99:16:65:d4:
         c5:95:24:e1:9f:c9:e9:22:3c:7e:b6:17:9c:31:57:8f:1f:95:
         04:26:fe:80:9c:b2:7b:68:11:b9:12:e1:c6:7e:b1:7c:45:0c:
         e9:e4:d9:ea:cc:48:2d:93:42:1a:eb:91:0a:75:df:dc:94:2e:
         9e:c1:43:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgLH0XxJEHwHJnITPF9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDY1YjFiZjU5NTVjNjJkODNkMTYxMTkxYThiZTQ0N2Q4NDAxMDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOQ/GYPfsUSjk7USvBqcgNPrMKdn
SZDAogvUkL5p4Tbkwlg7+B/ELKSDxRtUoq1ckyRgQxnu2L3fa3eNiqGXjXw5WE1R
4jbV/Tm9O9GwQLNvjIaAJubehxt73WQp7nZQeodXe3CJUeIwz66SsAnFktTWlRKL
uiFFkPyPYFrYj2NO2avRU11bEm4G3oAnmGYykoXR4F92oUascjJZAhhGlP94nb7t
0fSgcoTqirI+X1GzFWMJBeu24TAXYPxaSqqECd3alj9tmcyXd8rT9Pa+vVNkqmZ1
D2MwK06r8T0svwemDth72uWEqdH0y1IDK8AlTkWcux+z6H68AJ4ydSTb/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRlsb9ZVcYtg9FhGRqL5EfYQBBPMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvVkdXeHYxbFZ4aTJEMFdFWkdvdmtSOWhBRUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTuwMA0G
CSqGSIb3DQEBCwUAA4IBAQBSxf1d9JFOCWKDzHV594IaN9LyDLYD3RMmfLzOjrJb
PY2PvRU8C0DK7/oWBq3VQ/oWeLN03mUoIccGNg92LLZsTq81TDxMVuIXiIJyGdWZ
LN5AfjCmiWHOVSJhuBB1vR7dd9+vV/5V/7gJKb68KQ1Oe+HDBxyaZI0MOjPhnl0F
YjGtvjMzCULQzqOh0Qd3jDmBWzRCR7shcd365xN7BXqn627EODoNRfTGDLvhmm9c
HxwLFidvY3aO9FbVxaVFhNre45kWZdTFlSThn8npIjx+thecMVePH5UEJv6AnLJ7
aBG5EuHGfrF8RQzp5NnqzEgtk0Ia65EKdd/clC6ewUPS
-----END CERTIFICATE-----