Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/o9yEWHSQZ0z05zbwDkgEOlGfMk0.roa
File:                     o9yEWHSQZ0z05zbwDkgEOlGfMk0.roa (raw, json)
Hash identifier:          NT2S2WpkTcm6gJi05x4oeeWmQc9in7XFU2Wlr6CAwjo=
Subject key identifier:   A3:DC:84:58:74:90:67:4C:F4:E7:36:F0:0E:48:04:3A:51:9F:32:4D
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E080298502690C63CB0B7022453A8
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/o9yEWHSQZ0z05zbwDkgEOlGfMk0.roa
Signing time:             Tue 02 Jan 2024 08:33:03 +0000
ROA not before:           Tue 02 Jan 2024 08:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206802
IP address blocks:        193.59.50.0/24 maxlen: 24
                          195.187.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:08:02:98:50:26:90:c6:3c:b0:b7:02:24:53:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3dc84587490674cf4e736f00e48043a519f324d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:21:68:f8:1a:e3:a1:b6:ad:97:df:a8:17:74:
                    c7:b1:6e:76:ab:98:84:8f:6d:d5:48:01:8c:dd:9b:
                    88:0d:e8:7c:48:34:7a:ce:8f:f1:f0:37:7d:7a:63:
                    07:2a:93:69:b6:80:e5:ba:e5:c9:dc:d5:64:1e:a2:
                    ca:ba:56:8e:c6:d7:9e:3a:62:2e:2e:d9:b2:82:62:
                    52:2b:1e:04:76:14:ee:1d:d4:4d:98:32:7b:9c:a1:
                    8c:ce:cc:d5:c8:79:a5:71:c3:5b:7b:cc:5d:0a:1f:
                    5f:95:1c:8f:e4:7a:1c:ef:e5:1c:2a:51:20:35:ee:
                    ba:47:e2:2e:2a:aa:f9:f2:17:f5:93:7d:a0:60:55:
                    95:c9:94:b0:06:c1:ce:cc:90:04:48:35:93:6b:ca:
                    cc:5d:ae:ae:1a:b4:4b:95:51:bc:18:c9:f2:8e:49:
                    4d:ab:4e:f3:04:0a:b3:87:97:5b:08:89:8d:d9:63:
                    3e:94:dd:5c:53:56:86:4d:f4:1c:62:6c:b7:31:14:
                    7e:36:46:42:e4:ab:35:fe:56:59:ec:78:43:67:78:
                    41:6c:1e:4c:07:46:65:67:26:57:81:9d:d4:8f:0b:
                    b4:c5:9b:a1:ce:b8:be:ef:9d:4e:c0:42:7c:27:30:
                    8a:b3:18:7e:85:0a:b3:9e:f8:21:72:dc:5c:ed:79:
                    2a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:DC:84:58:74:90:67:4C:F4:E7:36:F0:0E:48:04:3A:51:9F:32:4D
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/o9yEWHSQZ0z05zbwDkgEOlGfMk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.50.0/24
                  195.187.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:dd:a6:98:ca:a2:bc:ab:68:1f:0e:8c:f8:fc:1d:b3:ab:68:
         6a:93:27:fd:fa:4c:4a:e4:92:35:e4:fb:4e:fc:82:ee:a2:a7:
         d8:c0:a7:3d:61:e3:dc:63:63:67:1d:ce:c8:cd:37:34:4d:c7:
         23:1d:bb:f0:56:76:e9:67:b7:21:14:c6:f6:6c:23:3b:0f:e3:
         7e:06:30:e0:ee:63:bf:ff:95:ad:bc:b4:f1:b1:ea:d0:cf:6d:
         c2:b5:e5:3e:ef:b3:5a:43:db:11:64:e6:2d:86:37:cb:61:7c:
         f3:09:49:5d:d5:4b:89:af:4c:c5:77:09:b5:3a:bf:e7:fd:b3:
         ed:7e:6b:a7:6d:09:eb:5c:fc:54:66:95:4b:2a:16:fd:0a:cd:
         67:97:9c:8a:a8:9f:0c:9f:ef:89:5e:e6:82:27:81:8a:6a:35:
         6a:95:20:36:75:df:92:5e:a9:dd:67:f6:c4:f4:62:a1:1d:dc:
         4c:bb:b1:e0:b9:5c:0a:f6:02:1a:5e:9c:d3:85:57:91:4c:e4:
         7a:c8:28:d6:5f:a8:8c:c4:5f:68:dd:63:3e:f4:23:12:fe:ec:
         0b:1e:b2:69:b4:e9:1f:0e:e7:36:48:53:90:f1:ca:20:2f:84:
         bc:60:67:ca:ec:ac:37:b7:b8:29:b2:dd:37:8d:ca:35:78:8b:
         09:77:77:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTggCmFAmkMY8sLcCJFOoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2RjODQ1ODc0OTA2NzRjZjRlNzM2ZjAwZTQ4MDQzYTUxOWYzMjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSFo+Brjobatl9+oF3THsW52q5iE
j23VSAGM3ZuIDeh8SDR6zo/x8Dd9emMHKpNptoDluuXJ3NVkHqLKulaOxteeOmIu
LtmygmJSKx4EdhTuHdRNmDJ7nKGMzszVyHmlccNbe8xdCh9flRyP5Hoc7+UcKlEg
Ne66R+IuKqr58hf1k32gYFWVyZSwBsHOzJAESDWTa8rMXa6uGrRLlVG8GMnyjklN
q07zBAqzh5dbCImN2WM+lN1cU1aGTfQcYmy3MRR+NkZC5Ks1/lZZ7HhDZ3hBbB5M
B0ZlZyZXgZ3Ujwu0xZuhzri+751OwEJ8JzCKsxh+hQqznvghctxc7XkqfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKPchFh0kGdM9Oc28A5IBDpRnzJNMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvbzl5RVdIU1FaMHowNXpid0RrZ0VPbEdmTWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwTsyAwQA
w7tSMA0GCSqGSIb3DQEBCwUAA4IBAQB83aaYyqK8q2gfDoz4/B2zq2hqkyf9+kxK
5JI15PtO/ILuoqfYwKc9YePcY2NnHc7IzTc0TccjHbvwVnbpZ7chFMb2bCM7D+N+
BjDg7mO//5WtvLTxserQz23CteU+77NaQ9sRZOYthjfLYXzzCUld1UuJr0zFdwm1
Or/n/bPtfmunbQnrXPxUZpVLKhb9Cs1nl5yKqJ8Mn++JXuaCJ4GKajVqlSA2dd+S
XqndZ/bE9GKhHdxMu7HguVwK9gIaXpzThVeRTOR6yCjWX6iMxF9o3WM+9CMS/uwL
HrJptOkfDuc2SFOQ8cogL4S8YGfK7Kw3t7gpst03jco1eIsJd3d+
-----END CERTIFICATE-----