Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/j9h52iWOsKT12q-BrmfuIevubgA.roa
File:                     j9h52iWOsKT12q-BrmfuIevubgA.roa (raw, json)
Hash identifier:          7AcZb4B5RH1u86bgIFtqIofEGZOrepwFab0r/cXmPIg=
Subject key identifier:   8F:D8:79:DA:25:8E:B0:A4:F5:DA:AF:81:AE:67:EE:21:EB:EE:6E:00
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94DFC31AAB77B0C9E2EC5CC100C5754
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/j9h52iWOsKT12q-BrmfuIevubgA.roa
Signing time:             Tue 02 Jan 2024 08:33:00 +0000
ROA not before:           Tue 02 Jan 2024 08:33:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42619
IP address blocks:        193.59.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:fc:31:aa:b7:7b:0c:9e:2e:c5:cc:10:0c:57:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fd879da258eb0a4f5daaf81ae67ee21ebee6e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dd:20:12:fe:17:23:59:f2:5b:d9:0e:a6:27:
                    ef:54:59:67:bb:6a:36:dd:0a:b0:62:03:23:24:00:
                    80:19:7a:5a:a7:99:b5:38:76:21:31:95:40:41:32:
                    2f:22:06:69:f4:b3:55:b2:5e:82:b1:1f:47:98:a9:
                    7c:aa:7c:0e:50:6e:47:d9:b2:ad:cc:1b:6e:b4:eb:
                    ed:63:ec:a7:88:90:0f:99:62:18:7c:f0:9e:f4:b5:
                    3a:34:5a:22:a9:8c:aa:f2:1e:e5:02:9d:b9:60:6e:
                    e0:07:3d:0d:e9:9a:27:bb:80:54:78:77:d5:ed:44:
                    32:af:2a:60:46:df:10:f6:a7:c3:7a:0d:7b:7d:30:
                    2f:34:ed:47:5f:57:00:fc:93:e0:de:14:8a:6d:88:
                    be:dc:5c:53:84:67:9d:ef:33:92:b4:b9:72:cf:b4:
                    98:e8:9a:02:2b:9e:6b:2a:9d:77:d0:7b:21:7e:b8:
                    1b:9e:df:a0:08:0d:41:4b:3d:e3:f0:1d:25:43:66:
                    6c:46:0e:df:0e:83:fd:ae:b1:94:31:6f:a6:c3:ab:
                    9f:db:80:f8:a3:96:70:52:1a:a5:a5:e3:8a:e1:db:
                    96:33:e3:2c:c2:c8:cd:ba:2a:5b:48:48:10:b1:4a:
                    26:65:1d:8e:c1:c4:d9:e0:a1:46:6e:41:52:21:84:
                    f8:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D8:79:DA:25:8E:B0:A4:F5:DA:AF:81:AE:67:EE:21:EB:EE:6E:00
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/j9h52iWOsKT12q-BrmfuIevubgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:73:38:15:b9:cb:e0:0c:34:29:d3:f7:95:d5:51:bf:70:52:
         17:20:e8:94:7b:3f:fe:29:7f:20:d3:a6:4e:b8:6c:13:c4:27:
         30:09:13:e0:ec:b3:08:02:7d:e5:e4:d1:43:44:00:64:e2:60:
         06:c1:01:d8:a7:52:a8:e2:2a:13:ab:2f:f7:1d:c8:51:e8:9d:
         ae:dd:cd:9a:51:71:b9:b0:db:a9:40:eb:dd:8e:ff:f1:0f:2f:
         8e:92:45:e4:75:e2:46:25:f2:b1:07:d1:a5:47:14:67:80:3e:
         48:a4:d0:3f:fa:83:bf:a9:5f:b7:b5:14:a7:de:5e:77:08:c4:
         f8:48:fd:e1:0f:8f:b5:ed:46:f5:0c:c6:7e:27:cc:0f:23:5b:
         f4:a5:ca:8d:56:8e:5a:79:1f:8d:41:0f:42:61:3b:f5:52:1e:
         56:f4:21:03:84:f7:2c:dc:fe:54:09:d0:15:fc:29:45:7b:62:
         2a:b7:65:ea:ef:e2:ca:7e:b3:03:77:53:ab:97:58:ce:b6:32:
         db:d4:4b:44:39:dc:5e:dd:44:26:88:cb:ef:00:7e:10:f2:21:
         e2:5a:21:c4:75:5d:8a:ee:b4:0a:04:81:27:b7:09:57:54:a6:
         5e:6f:e9:5d:af:ce:31:d4:d6:9e:2c:89:6d:57:cd:02:ec:5d:
         47:84:8b:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTfwxqrd7DJ4uxcwQDFdUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ4NzlkYTI1OGViMGE0ZjVkYWFmODFhZTY3ZWUyMWViZWU2ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd0gEv4XI1nyW9kOpifvVFlnu2o2
3QqwYgMjJACAGXpap5m1OHYhMZVAQTIvIgZp9LNVsl6CsR9HmKl8qnwOUG5H2bKt
zBtutOvtY+yniJAPmWIYfPCe9LU6NFoiqYyq8h7lAp25YG7gBz0N6Zonu4BUeHfV
7UQyrypgRt8Q9qfDeg17fTAvNO1HX1cA/JPg3hSKbYi+3FxThGed7zOStLlyz7SY
6JoCK55rKp130Hshfrgbnt+gCA1BSz3j8B0lQ2ZsRg7fDoP9rrGUMW+mw6uf24D4
o5ZwUhqlpeOK4duWM+MswsjNuipbSEgQsUomZR2OwcTZ4KFGbkFSIYT4/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/YedoljrCk9dqvga5n7iHr7m4AMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvajloNTJpV09zS1QxMnEtQnJtZnVJZXZ1YmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTs8MA0G
CSqGSIb3DQEBCwUAA4IBAQADczgVucvgDDQp0/eV1VG/cFIXIOiUez/+KX8g06ZO
uGwTxCcwCRPg7LMIAn3l5NFDRABk4mAGwQHYp1Ko4ioTqy/3HchR6J2u3c2aUXG5
sNupQOvdjv/xDy+OkkXkdeJGJfKxB9GlRxRngD5IpNA/+oO/qV+3tRSn3l53CMT4
SP3hD4+17Ub1DMZ+J8wPI1v0pcqNVo5aeR+NQQ9CYTv1Uh5W9CEDhPcs3P5UCdAV
/ClFe2Iqt2Xq7+LKfrMDd1Orl1jOtjLb1EtEOdxe3UQmiMvvAH4Q8iHiWiHEdV2K
7rQKBIEntwlXVKZeb+ldr84x1NaeLIltV80C7F1HhIsd
-----END CERTIFICATE-----