Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/HNzUWXlP4veJqPrr6pXP0JJR8j8.roa
File:                     HNzUWXlP4veJqPrr6pXP0JJR8j8.roa (raw, json)
Hash identifier:          su/Z3HJftIxQPXtbWly3dTZmcrPusOAjYOvLjMM2DMs=
Subject key identifier:   1C:DC:D4:59:79:4F:E2:F7:89:A8:FA:EB:EA:95:CF:D0:92:51:F2:3F
Certificate issuer:       /CN=31cb00d2f84401810c3200b52fa388e93651ddf3
Certificate serial:       019420D664AC3D39B1CDFFC9FA2306170931
Authority key identifier: 31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/HNzUWXlP4veJqPrr6pXP0JJR8j8.roa
Signing time:             Wed 01 Jan 2025 07:48:28 +0000
ROA not before:           Wed 01 Jan 2025 07:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5483
IP address blocks:        79.121.100.0/22 maxlen: 22
                          188.127.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:64:ac:3d:39:b1:cd:ff:c9:fa:23:06:17:09:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31cb00d2f84401810c3200b52fa388e93651ddf3
        Validity
            Not Before: Jan  1 07:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cdcd459794fe2f789a8faebea95cfd09251f23f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:39:2f:4f:60:22:05:67:77:41:bc:5e:43:21:
                    6a:8f:f2:ac:a9:cd:88:02:65:25:b3:20:5d:87:f2:
                    f3:4b:6f:ca:29:4c:83:7e:84:e4:7c:44:c9:e2:89:
                    fa:cf:7d:2d:d3:e1:32:a2:be:39:a2:ed:e8:db:92:
                    99:79:35:20:45:03:da:37:df:20:e6:8d:b4:57:ee:
                    6b:59:f9:3b:b3:b6:93:f8:52:83:e2:99:39:45:38:
                    d1:e6:31:43:cc:01:45:53:13:cc:f0:59:1d:7f:09:
                    d7:ce:4e:d6:06:ba:ab:9c:8d:f6:1b:59:be:7f:98:
                    36:d5:0b:07:6c:36:c4:de:96:da:1c:cd:70:a4:0f:
                    a9:81:18:7a:9c:de:ca:90:3e:24:57:03:79:d3:16:
                    e3:11:05:c9:1e:b9:1f:57:89:85:b9:ab:67:99:88:
                    60:ff:8c:3c:cb:1c:52:16:d4:9c:f5:e6:b8:8a:4a:
                    57:63:92:4f:e2:26:32:53:1c:ef:82:7d:3d:fc:04:
                    5a:4c:1b:c3:af:99:79:0d:e3:2c:d6:1b:42:6f:5b:
                    e9:b7:b3:f1:f8:31:ac:90:a7:d3:93:f4:36:2e:23:
                    20:6c:db:aa:e4:77:e8:dc:cd:54:40:58:b1:b5:3b:
                    cc:fa:5b:e6:f3:10:58:df:10:0e:0a:6f:43:bd:b2:
                    34:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:DC:D4:59:79:4F:E2:F7:89:A8:FA:EB:EA:95:CF:D0:92:51:F2:3F
            X509v3 Authority Key Identifier:
                keyid:31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/HNzUWXlP4veJqPrr6pXP0JJR8j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.121.100.0/22
                  188.127.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         52:8a:5b:42:52:f2:43:ca:75:ce:44:c3:b4:da:a4:3d:6f:5d:
         e1:7a:2f:90:02:73:b4:e1:36:70:f9:70:03:03:29:c8:d8:52:
         7f:5e:da:2e:68:f2:1c:e1:c2:d8:a6:a3:81:c1:32:8a:03:87:
         6a:03:5b:f4:81:60:59:44:2e:db:a1:14:b5:1c:b0:e4:93:2e:
         43:26:b5:7b:74:50:15:c2:65:49:b4:a5:53:c4:ff:c5:04:fa:
         b8:48:fb:e2:9e:d6:8e:fd:98:67:20:cd:4c:c4:60:91:90:16:
         71:c8:66:c0:91:1b:ff:a7:c5:40:9b:74:f8:0a:5c:3c:26:5d:
         67:b5:8a:62:ef:ea:46:cf:b8:10:2b:fd:b4:30:f2:90:10:62:
         8e:3c:20:89:c5:c7:cd:07:32:eb:1b:af:c7:1f:85:79:76:92:
         99:17:f1:e0:d9:e1:85:ac:ed:78:04:63:27:97:2d:47:c8:d4:
         b3:02:c9:d4:cc:d7:16:23:d0:95:1e:61:40:10:54:6a:31:c9:
         5f:61:5f:00:4b:4b:f3:e2:b3:8b:d6:b9:cd:6d:7e:0b:c9:5d:
         5a:c5:97:81:2d:3c:91:10:89:64:a7:c0:a5:57:05:d7:c8:f9:
         70:af:6a:a1:20:23:b5:53:47:8f:95:dd:67:6d:4b:a1:5c:ef:
         46:10:81:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1mSsPTmxzf/J+iMGFwkxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxY2IwMGQyZjg0NDAxODEwYzMyMDBiNTJmYTM4OGU5MzY1
MWRkZjMwHhcNMjUwMTAxMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2RjZDQ1OTc5NGZlMmY3ODlhOGZhZWJlYTk1Y2ZkMDkyNTFmMjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDkvT2AiBWd3QbxeQyFqj/Ksqc2I
AmUlsyBdh/LzS2/KKUyDfoTkfETJ4on6z30t0+Eyor45ou3o25KZeTUgRQPaN98g
5o20V+5rWfk7s7aT+FKD4pk5RTjR5jFDzAFFUxPM8FkdfwnXzk7WBrqrnI32G1m+
f5g21QsHbDbE3pbaHM1wpA+pgRh6nN7KkD4kVwN50xbjEQXJHrkfV4mFuatnmYhg
/4w8yxxSFtSc9ea4ikpXY5JP4iYyUxzvgn09/ARaTBvDr5l5DeMs1htCb1vpt7Px
+DGskKfTk/Q2LiMgbNuq5Hfo3M1UQFixtTvM+lvm8xBY3xAOCm9DvbI0WQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBzc1Fl5T+L3iaj66+qVz9CSUfI/MB8GA1UdIwQY
MBaAFDHLANL4RAGBDDIAtS+jiOk2Ud3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUt
ODBlNDI3NTk2YjVkLzEvSE56VVdYbFA0dmVKcVBycjZwWFAwSkpSOGo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUtODBlNDI3NTk2YjVk
LzEvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCT3lkAwQF
vH+AMA0GCSqGSIb3DQEBCwUAA4IBAQBSiltCUvJDynXORMO02qQ9b13hei+QAnO0
4TZw+XADAynI2FJ/XtouaPIc4cLYpqOBwTKKA4dqA1v0gWBZRC7boRS1HLDkky5D
JrV7dFAVwmVJtKVTxP/FBPq4SPvintaO/ZhnIM1MxGCRkBZxyGbAkRv/p8VAm3T4
Clw8Jl1ntYpi7+pGz7gQK/20MPKQEGKOPCCJxcfNBzLrG6/HH4V5dpKZF/Hg2eGF
rO14BGMnly1HyNSzAsnUzNcWI9CVHmFAEFRqMclfYV8AS0vz4rOL1rnNbX4LyV1a
xZeBLTyREIlkp8ClVwXXyPlwr2qhICO1U0ePld1nbUuhXO9GEIGQ
-----END CERTIFICATE-----