Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/kt9J5p7o9x2JM9pxmJ08eB0nDGg.roa
File:                     kt9J5p7o9x2JM9pxmJ08eB0nDGg.roa (raw, json)
Hash identifier:          FVM0bn58+krMcnDGrTaOW9g1EY/qXJaxavqwW5ce1/4=
Subject key identifier:   92:DF:49:E6:9E:E8:F7:1D:89:33:DA:71:98:9D:3C:78:1D:27:0C:68
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94DFF4F04A5AEBAC228503A465444F0
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/kt9J5p7o9x2JM9pxmJ08eB0nDGg.roa
Signing time:             Tue 02 Jan 2024 08:33:01 +0000
ROA not before:           Tue 02 Jan 2024 08:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59832
IP address blocks:        193.59.104.0/22 maxlen: 24
                          193.59.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ff:4f:04:a5:ae:ba:c2:28:50:3a:46:54:44:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92df49e69ee8f71d8933da71989d3c781d270c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8a:26:5f:b3:a9:87:d6:c9:2e:8e:22:75:cd:
                    51:96:bd:3a:69:f5:ac:af:88:35:8b:40:8d:98:9f:
                    1c:1b:74:3a:40:c2:ca:a5:9c:e6:3f:cf:8c:dd:57:
                    89:4f:84:f3:f7:ab:43:72:b4:f0:02:74:4b:83:80:
                    e1:b5:95:c6:8c:d3:d7:2c:9a:05:0f:5b:6e:e1:29:
                    c6:7a:dc:87:ae:7f:13:31:4e:c7:3b:ee:4b:de:ae:
                    82:8c:a7:57:04:81:12:f3:68:9c:69:1a:ad:b0:cf:
                    e0:4c:1d:40:40:af:89:ac:fa:88:51:1f:db:74:42:
                    9a:b6:3e:d2:14:be:80:32:fb:1b:be:42:c4:d1:52:
                    8a:8a:b0:55:66:fe:2e:61:d0:34:15:d0:b8:b2:98:
                    4c:b9:d2:a9:c8:b0:0a:10:73:97:96:27:3b:c3:bc:
                    b7:b0:0e:a5:f3:60:0b:e6:85:b5:eb:00:da:28:a7:
                    b2:29:13:c1:b0:dc:c6:4f:85:f1:22:23:b1:24:77:
                    1f:4c:39:16:6c:3f:66:21:aa:31:27:9c:96:88:9f:
                    c6:d6:9c:c3:73:5f:f4:d7:56:99:1e:df:07:ee:e2:
                    6d:e2:02:6e:a9:6b:b9:74:8e:ae:21:b9:02:5b:93:
                    99:9a:d1:cb:53:5b:7f:f1:0e:98:60:49:45:1a:33:
                    91:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:DF:49:E6:9E:E8:F7:1D:89:33:DA:71:98:9D:3C:78:1D:27:0C:68
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/kt9J5p7o9x2JM9pxmJ08eB0nDGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.104.0/22
                  193.59.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:b5:e2:cf:d0:71:13:f5:80:1b:73:ab:4d:3c:db:2b:8f:09:
         fb:7c:5e:01:9e:f0:80:dc:94:e6:e3:69:fc:42:fa:84:9f:dc:
         e5:0f:99:23:bf:58:3c:b1:67:bc:72:28:cc:4c:c9:82:61:dc:
         8a:59:ff:f3:d1:9a:1a:07:a1:a9:e5:c8:9a:d8:f6:28:22:1c:
         c5:ae:5b:47:0e:f3:4a:ca:89:f1:62:c2:ae:5a:c7:28:12:a6:
         b3:00:c1:01:66:07:77:38:3d:58:ad:c8:7e:7c:e2:98:53:17:
         27:09:8b:7f:69:dc:22:72:13:56:76:95:a7:b6:a1:55:f9:a8:
         df:50:a5:53:b6:59:f5:9b:71:ef:ad:03:ff:f2:8d:c3:71:b2:
         da:9f:b4:38:e6:e6:d2:f1:8c:67:72:3f:14:2b:7a:6c:94:99:
         d5:2c:e5:d6:c1:27:63:32:7f:3d:20:fb:90:a7:21:89:55:f9:
         0a:44:01:07:ec:70:a0:fe:9b:2f:60:fc:b3:e2:f5:7b:1b:fa:
         c2:bd:ad:ae:63:3b:bd:c9:fd:12:15:89:cc:5a:01:cf:13:af:
         ef:0c:6d:7f:22:04:f4:f7:35:e2:d6:cf:e9:06:7d:0e:63:07:
         85:4a:a1:d9:48:69:ba:bb:3e:9b:49:11:b5:57:25:c6:57:33:
         8b:41:e9:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTf9PBKWuusIoUDpGVETwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmRmNDllNjllZThmNzFkODkzM2RhNzE5ODlkM2M3ODFkMjcwYzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYomX7Oph9bJLo4idc1Rlr06afWs
r4g1i0CNmJ8cG3Q6QMLKpZzmP8+M3VeJT4Tz96tDcrTwAnRLg4DhtZXGjNPXLJoF
D1tu4SnGetyHrn8TMU7HO+5L3q6CjKdXBIES82icaRqtsM/gTB1AQK+JrPqIUR/b
dEKatj7SFL6AMvsbvkLE0VKKirBVZv4uYdA0FdC4sphMudKpyLAKEHOXlic7w7y3
sA6l82AL5oW16wDaKKeyKRPBsNzGT4XxIiOxJHcfTDkWbD9mIaoxJ5yWiJ/G1pzD
c1/011aZHt8H7uJt4gJuqWu5dI6uIbkCW5OZmtHLU1t/8Q6YYElFGjOREwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJLfSeae6PcdiTPacZidPHgdJwxoMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEva3Q5SjVwN285eDJKTTlweG1KMDhlQjBuREdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwTtoAwQA
wTtvMA0GCSqGSIb3DQEBCwUAA4IBAQAwteLP0HET9YAbc6tNPNsrjwn7fF4BnvCA
3JTm42n8QvqEn9zlD5kjv1g8sWe8cijMTMmCYdyKWf/z0ZoaB6Gp5cia2PYoIhzF
rltHDvNKyonxYsKuWscoEqazAMEBZgd3OD1Yrch+fOKYUxcnCYt/adwichNWdpWn
tqFV+ajfUKVTtln1m3HvrQP/8o3DcbLan7Q45ubS8Yxncj8UK3pslJnVLOXWwSdj
Mn89IPuQpyGJVfkKRAEH7HCg/psvYPyz4vV7G/rCva2uYzu9yf0SFYnMWgHPE6/v
DG1/IgT09zXi1s/pBn0OYweFSqHZSGm6uz6bSRG1VyXGVzOLQenQ
-----END CERTIFICATE-----