Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/eVJEK86h0Ctz4Xqh6oTspJ9K_dk.roa
File:                     eVJEK86h0Ctz4Xqh6oTspJ9K_dk.roa (raw, json)
Hash identifier:          vdnF5T2H7GhhYD+PrtRMCutXZ24r+nVOaFLiaS16mak=
Subject key identifier:   79:52:44:2B:CE:A1:D0:2B:73:E1:7A:A1:EA:84:EC:A4:9F:4A:FD:D9
Certificate issuer:       /CN=31cb00d2f84401810c3200b52fa388e93651ddf3
Certificate serial:       018DA78878DD877B28B48F64C3F7FCFD16F1
Authority key identifier: 31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/eVJEK86h0Ctz4Xqh6oTspJ9K_dk.roa
Signing time:             Wed 14 Feb 2024 12:12:35 +0000
ROA not before:           Wed 14 Feb 2024 12:12:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44419
IP address blocks:        188.127.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:88:78:dd:87:7b:28:b4:8f:64:c3:f7:fc:fd:16:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31cb00d2f84401810c3200b52fa388e93651ddf3
        Validity
            Not Before: Feb 14 12:12:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7952442bcea1d02b73e17aa1ea84eca49f4afdd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:5b:32:72:cd:02:ca:38:f4:a7:ee:db:28:f9:
                    af:ce:ef:b6:64:8a:cc:02:91:9c:7c:8a:76:04:91:
                    2f:52:3b:17:6a:d7:cf:b3:9d:ea:71:b0:d9:7a:5b:
                    87:48:29:38:65:fe:46:8f:5d:eb:9d:ba:32:e9:08:
                    19:47:d8:4a:26:1d:17:9b:67:c6:a1:64:99:87:2e:
                    da:96:5b:98:1b:f4:b2:0b:66:3a:ec:78:ed:89:e8:
                    32:c2:58:77:19:be:b4:07:8d:ef:7a:24:19:2f:59:
                    bd:a9:ae:8d:eb:ce:2f:dd:f3:e9:48:77:36:5c:ca:
                    8d:32:a5:75:bb:f6:7d:6b:44:06:b7:29:49:3e:8a:
                    c4:fb:ff:4e:e4:de:b6:35:36:d2:1c:e6:80:d9:ca:
                    39:0e:35:18:70:6b:48:80:23:fb:92:3f:4b:e7:fc:
                    00:82:63:46:db:74:8d:7b:8f:8f:a9:cf:8c:cd:be:
                    08:0f:e1:0d:d7:18:d6:83:3d:ea:48:60:d6:db:d4:
                    d3:91:6a:71:d5:d0:76:05:1f:b2:69:09:b1:3b:31:
                    94:90:2e:ed:5e:6f:cc:5d:d8:67:6e:50:09:79:68:
                    38:a6:91:08:b2:ff:44:f7:4a:6f:76:cb:e8:c5:46:
                    e7:e7:55:d6:fa:7f:a2:ea:3f:cc:1e:f0:cb:8f:7a:
                    86:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:52:44:2B:CE:A1:D0:2B:73:E1:7A:A1:EA:84:EC:A4:9F:4A:FD:D9
            X509v3 Authority Key Identifier:
                keyid:31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/eVJEK86h0Ctz4Xqh6oTspJ9K_dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.127.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         77:ac:e5:eb:ef:e3:f8:51:83:dd:58:ab:28:09:90:79:4c:7c:
         e1:2c:06:f8:5b:e6:87:c3:30:83:3e:7a:c6:92:fa:4f:b6:99:
         d3:ca:28:f9:5e:b6:11:c2:b8:21:07:46:fc:18:6d:a8:44:3d:
         68:20:14:39:c6:df:32:49:f4:34:99:75:6a:e0:cd:6f:fd:24:
         bf:14:bd:7f:2f:73:6d:4f:74:53:4d:0b:15:d7:bd:07:3f:dd:
         a1:70:61:a6:eb:6e:d9:45:1d:e1:da:af:5b:59:3b:f0:1d:d3:
         65:77:4c:71:f2:b3:13:68:ea:1c:cb:6d:bc:d0:b7:31:5a:4a:
         ac:3b:9e:34:75:f1:61:cc:4a:88:62:77:35:4d:95:09:9d:fe:
         c9:46:17:27:f4:d6:3a:c7:d1:46:c6:cd:04:e1:93:7f:85:73:
         21:d6:84:dc:1f:bc:26:85:59:08:24:71:8a:b6:32:48:4a:b1:
         b5:73:1d:7f:a9:cf:f7:a5:51:5f:d8:68:85:24:9d:56:17:5b:
         66:65:35:38:5a:74:0f:0d:8d:7d:a5:2f:1f:8d:8a:6d:ff:43:
         7d:c0:ab:25:a3:fa:d7:7e:ce:08:c0:8b:1a:70:2c:7d:d2:07:
         64:58:6c:70:20:96:4d:c5:fa:1c:e4:61:b3:ad:49:f9:d1:7b:
         be:75:b2:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2niHjdh3sotI9kw/f8/RbxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxY2IwMGQyZjg0NDAxODEwYzMyMDBiNTJmYTM4OGU5MzY1
MWRkZjMwHhcNMjQwMjE0MTIxMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTUyNDQyYmNlYTFkMDJiNzNlMTdhYTFlYTg0ZWNhNDlmNGFmZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVsycs0Cyjj0p+7bKPmvzu+2ZIrM
ApGcfIp2BJEvUjsXatfPs53qcbDZeluHSCk4Zf5Gj13rnboy6QgZR9hKJh0Xm2fG
oWSZhy7alluYG/SyC2Y67Hjtiegywlh3Gb60B43veiQZL1m9qa6N684v3fPpSHc2
XMqNMqV1u/Z9a0QGtylJPorE+/9O5N62NTbSHOaA2co5DjUYcGtIgCP7kj9L5/wA
gmNG23SNe4+Pqc+Mzb4ID+EN1xjWgz3qSGDW29TTkWpx1dB2BR+yaQmxOzGUkC7t
Xm/MXdhnblAJeWg4ppEIsv9E90pvdsvoxUbn51XW+n+i6j/MHvDLj3qG8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlSRCvOodArc+F6oeqE7KSfSv3ZMB8GA1UdIwQY
MBaAFDHLANL4RAGBDDIAtS+jiOk2Ud3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUt
ODBlNDI3NTk2YjVkLzEvZVZKRUs4NmgwQ3R6NFhxaDZvVHNwSjlLX2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUtODBlNDI3NTk2YjVk
LzEvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFvH+AMA0G
CSqGSIb3DQEBCwUAA4IBAQB3rOXr7+P4UYPdWKsoCZB5THzhLAb4W+aHwzCDPnrG
kvpPtpnTyij5XrYRwrghB0b8GG2oRD1oIBQ5xt8ySfQ0mXVq4M1v/SS/FL1/L3Nt
T3RTTQsV170HP92hcGGm627ZRR3h2q9bWTvwHdNld0xx8rMTaOocy2280LcxWkqs
O540dfFhzEqIYnc1TZUJnf7JRhcn9NY6x9FGxs0E4ZN/hXMh1oTcH7wmhVkIJHGK
tjJISrG1cx1/qc/3pVFf2GiFJJ1WF1tmZTU4WnQPDY19pS8fjYpt/0N9wKslo/rX
fs4IwIsacCx90gdkWGxwIJZNxfoc5GGzrUn50Xu+dbLv
-----END CERTIFICATE-----