Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/3QOE9YqRcm4z3U15xcdpaBv3BKg.roa
File:                     3QOE9YqRcm4z3U15xcdpaBv3BKg.roa (raw, json)
Hash identifier:          DfV9rOpA76F8vdA8l3mWlC/XvEGC/PkfMxezFIhTV1A=
Subject key identifier:   DD:03:84:F5:8A:91:72:6E:33:DD:4D:79:C5:C7:69:68:1B:F7:04:A8
Certificate issuer:       /CN=31cb00d2f84401810c3200b52fa388e93651ddf3
Certificate serial:       0192FC7E30B8E52328E1F87A1879B72104C7
Authority key identifier: 31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/3QOE9YqRcm4z3U15xcdpaBv3BKg.roa
Signing time:             Tue 05 Nov 2024 13:23:01 +0000
ROA not before:           Tue 05 Nov 2024 13:23:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5483
IP address blocks:        79.121.100.0/22 maxlen: 22
                          188.127.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:7e:30:b8:e5:23:28:e1:f8:7a:18:79:b7:21:04:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31cb00d2f84401810c3200b52fa388e93651ddf3
        Validity
            Not Before: Nov  5 13:23:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd0384f58a91726e33dd4d79c5c769681bf704a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2d:d3:a8:4f:e4:71:78:ec:18:c1:5d:b0:da:
                    5a:49:90:85:85:c0:be:91:49:0c:79:3c:db:b4:d8:
                    b5:87:2b:2b:bd:d1:d7:8a:9a:7e:df:47:50:2c:35:
                    76:9c:aa:5d:df:62:da:86:30:f6:47:07:fe:d2:18:
                    1e:17:25:1f:55:58:b9:70:67:27:a9:1e:85:a1:48:
                    21:8d:11:10:a7:9b:cb:72:24:30:cf:5d:45:6c:4d:
                    a8:7b:36:36:88:9f:b8:18:27:53:80:8a:2f:64:20:
                    bc:5c:79:9c:52:a3:38:cd:31:8a:66:20:76:07:6c:
                    e9:26:07:c2:ed:74:11:86:2c:32:68:a3:67:02:f3:
                    d2:c4:c4:5f:61:eb:ac:31:98:01:67:4e:31:22:b2:
                    fc:c6:60:41:4a:3b:54:a5:b5:79:36:a6:3d:52:f8:
                    ef:6a:41:34:57:74:ed:05:c6:fe:cd:0f:3b:74:ca:
                    51:fc:48:8c:67:03:f3:38:93:2c:c8:eb:68:43:17:
                    b1:2d:db:39:5f:06:0b:4d:94:94:2d:52:ad:51:75:
                    eb:e5:0f:be:3c:53:e2:40:2b:7d:e8:41:bc:66:60:
                    c6:13:c7:85:84:13:67:7f:3b:82:a9:ae:d6:6c:99:
                    4b:27:a5:e2:27:b6:2a:44:67:30:c3:09:bd:e6:35:
                    67:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:03:84:F5:8A:91:72:6E:33:DD:4D:79:C5:C7:69:68:1B:F7:04:A8
            X509v3 Authority Key Identifier:
                keyid:31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/3QOE9YqRcm4z3U15xcdpaBv3BKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.121.100.0/22
                  188.127.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         37:29:7d:ed:e8:70:60:ad:99:fb:ad:cc:61:88:66:8b:bf:6f:
         da:2b:05:d2:78:1e:32:9a:0c:95:6a:fe:74:e6:06:df:9d:0d:
         ce:5c:9d:fe:2f:c2:e2:13:94:74:2a:ca:8a:43:54:c3:9d:cc:
         0f:a1:19:07:48:51:57:98:d9:47:f6:91:c1:a3:f1:c2:2f:d0:
         8e:42:22:ea:a9:9f:79:91:e3:10:4b:2c:3a:a2:68:19:a0:67:
         fc:5d:36:c7:5a:3f:59:83:8d:4d:0c:a4:3e:5e:a4:53:45:a7:
         6e:83:ac:10:9d:e3:83:92:eb:eb:68:8e:a9:81:f1:d7:31:13:
         b4:e5:23:88:35:24:94:a3:55:89:cb:6b:03:40:58:d3:aa:c0:
         8d:24:46:d0:e3:68:7d:52:34:4a:19:e5:75:e0:7b:bb:ba:25:
         a5:38:9e:6a:6c:b1:be:a9:82:35:85:b8:8f:5b:26:70:35:45:
         5e:64:67:fa:83:ae:ff:4b:d3:39:22:63:d3:b5:03:91:1b:21:
         4a:d5:64:4a:36:6b:ba:4f:3d:5d:76:8d:a5:b1:05:19:ab:97:
         ac:27:02:5f:59:3f:48:e5:e0:bc:3f:d1:3b:2b:9f:79:d3:d9:
         7b:76:71:b3:a8:3c:95:c1:3e:a3:4d:c7:58:3e:d4:f0:5d:ee:
         64:0a:e6:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZL8fjC45SMo4fh6GHm3IQTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxY2IwMGQyZjg0NDAxODEwYzMyMDBiNTJmYTM4OGU5MzY1
MWRkZjMwHhcNMjQxMTA1MTMyMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDAzODRmNThhOTE3MjZlMzNkZDRkNzljNWM3Njk2ODFiZjcwNGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwC3TqE/kcXjsGMFdsNpaSZCFhcC+
kUkMeTzbtNi1hysrvdHXipp+30dQLDV2nKpd32LahjD2Rwf+0hgeFyUfVVi5cGcn
qR6FoUghjREQp5vLciQwz11FbE2oezY2iJ+4GCdTgIovZCC8XHmcUqM4zTGKZiB2
B2zpJgfC7XQRhiwyaKNnAvPSxMRfYeusMZgBZ04xIrL8xmBBSjtUpbV5NqY9Uvjv
akE0V3TtBcb+zQ87dMpR/EiMZwPzOJMsyOtoQxexLds5XwYLTZSULVKtUXXr5Q++
PFPiQCt96EG8ZmDGE8eFhBNnfzuCqa7WbJlLJ6XiJ7YqRGcwwwm95jVnjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN0DhPWKkXJuM91NecXHaWgb9wSoMB8GA1UdIwQY
MBaAFDHLANL4RAGBDDIAtS+jiOk2Ud3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUt
ODBlNDI3NTk2YjVkLzEvM1FPRTlZcVJjbTR6M1UxNXhjZHBhQnYzQktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUtODBlNDI3NTk2YjVk
LzEvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCT3lkAwQF
vH+AMA0GCSqGSIb3DQEBCwUAA4IBAQA3KX3t6HBgrZn7rcxhiGaLv2/aKwXSeB4y
mgyVav505gbfnQ3OXJ3+L8LiE5R0KsqKQ1TDncwPoRkHSFFXmNlH9pHBo/HCL9CO
QiLqqZ95keMQSyw6omgZoGf8XTbHWj9Zg41NDKQ+XqRTRadug6wQneODkuvraI6p
gfHXMRO05SOINSSUo1WJy2sDQFjTqsCNJEbQ42h9UjRKGeV14Hu7uiWlOJ5qbLG+
qYI1hbiPWyZwNUVeZGf6g67/S9M5ImPTtQORGyFK1WRKNmu6Tz1ddo2lsQUZq5es
JwJfWT9I5eC8P9E7K59509l7dnGzqDyVwT6jTcdYPtTwXe5kCuZp
-----END CERTIFICATE-----