Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/19LpzfYh7aZld8nuQqNanK3sVS0.roa
File:                     19LpzfYh7aZld8nuQqNanK3sVS0.roa (raw, json)
Hash identifier:          FtTpAqHj9jd1JGHIpnm/Xjkbr216P7K54EVyi0SrqHQ=
Subject key identifier:   D7:D2:E9:CD:F6:21:ED:A6:65:77:C9:EE:42:A3:5A:9C:AD:EC:55:2D
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019493EE77F1C806AE10641069A932324616
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/19LpzfYh7aZld8nuQqNanK3sVS0.roa
Signing time:             Thu 23 Jan 2025 16:11:06 +0000
ROA not before:           Thu 23 Jan 2025 16:11:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41354
IP address blocks:        92.71.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:93:ee:77:f1:c8:06:ae:10:64:10:69:a9:32:32:46:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan 23 16:11:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7d2e9cdf621eda66577c9ee42a35a9cadec552d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5c:fd:fc:de:07:1b:b9:09:4f:6f:42:d8:8c:
                    99:a4:62:36:57:49:6a:86:cd:18:2a:a0:73:ec:b9:
                    c7:42:94:41:44:ea:32:51:58:c2:fb:c9:20:44:47:
                    94:95:7f:6d:27:44:03:2a:90:67:46:f6:73:79:aa:
                    08:b4:f2:82:35:2b:91:e3:72:c9:87:4e:1a:8a:2d:
                    bb:f3:af:8a:c8:98:09:23:63:dd:1f:d1:5d:f1:af:
                    ae:34:9d:41:6a:3b:0b:2f:05:a5:1d:1b:90:cf:31:
                    95:23:a7:82:cd:41:fa:43:02:a0:b8:1e:ba:c8:42:
                    3e:5f:c6:d9:31:1a:41:b2:3d:cf:44:57:00:67:ee:
                    5d:1e:65:55:3b:1d:1b:9c:e3:f4:95:80:58:cf:bf:
                    b5:0e:5e:1e:4b:f6:60:a4:f4:9e:8f:ad:92:5f:68:
                    2c:99:f3:c5:01:f2:9e:dc:35:45:42:82:83:b6:0b:
                    5c:8d:13:04:c2:12:bd:f6:72:6c:14:bf:66:c0:46:
                    24:02:1b:8d:e0:e0:ff:eb:fb:f9:ca:80:c6:b3:b8:
                    65:23:4d:56:fd:81:60:a4:51:b4:3c:09:a8:7b:a9:
                    45:a6:83:a3:a0:bb:5b:7c:bc:5c:3e:78:e0:d3:28:
                    71:d3:d9:62:fb:00:94:7a:89:89:26:eb:03:2f:57:
                    87:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D2:E9:CD:F6:21:ED:A6:65:77:C9:EE:42:A3:5A:9C:AD:EC:55:2D
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/19LpzfYh7aZld8nuQqNanK3sVS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.71.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3b:a2:a9:0b:f1:6a:94:25:7c:a2:42:59:96:91:34:0b:48:d9:
         36:ef:4e:2b:40:65:99:63:72:ef:e7:38:e6:14:a6:04:f2:6b:
         14:f7:01:1f:86:e3:1f:85:d8:39:36:f6:a4:4d:1d:8b:bd:c8:
         87:4d:8d:a9:25:7c:3b:86:07:8c:51:16:75:fb:d3:39:56:9f:
         97:e7:ff:45:69:d0:da:ff:78:d6:61:cf:e4:3e:4e:92:45:d4:
         3c:7a:d5:25:ad:1b:67:c1:73:a3:fe:d5:11:bd:d3:79:1a:32:
         79:25:14:ac:4e:0b:63:9f:82:48:f4:98:4c:cc:7f:67:3b:7e:
         a6:5e:09:71:98:8e:72:69:34:01:26:fc:49:c0:e7:89:95:67:
         1d:87:e6:20:19:e1:61:c6:dd:68:16:cb:69:0a:57:72:78:58:
         19:2b:fb:84:d1:71:5d:0e:bd:ae:9b:04:8f:70:43:0d:2c:80:
         2f:9c:73:ad:60:af:96:4e:3d:69:95:c3:24:5a:00:02:91:5f:
         7f:9a:e6:9d:08:dc:44:3d:31:c2:bf:6b:e5:71:b0:03:02:2a:
         40:0d:e7:1e:3b:f7:a8:2c:4b:6b:2a:c7:eb:52:84:3c:be:11:
         62:0a:98:a0:95:ff:de:ed:7e:1f:f9:b3:f5:fd:fa:a9:1e:9f:
         ad:8e:67:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZST7nfxyAauEGQQaakyMkYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTIzMTYxMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2QyZTljZGY2MjFlZGE2NjU3N2M5ZWU0MmEzNWE5Y2FkZWM1NTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFz9/N4HG7kJT29C2IyZpGI2V0lq
hs0YKqBz7LnHQpRBROoyUVjC+8kgREeUlX9tJ0QDKpBnRvZzeaoItPKCNSuR43LJ
h04aii2786+KyJgJI2PdH9Fd8a+uNJ1BajsLLwWlHRuQzzGVI6eCzUH6QwKguB66
yEI+X8bZMRpBsj3PRFcAZ+5dHmVVOx0bnOP0lYBYz7+1Dl4eS/ZgpPSej62SX2gs
mfPFAfKe3DVFQoKDtgtcjRMEwhK99nJsFL9mwEYkAhuN4OD/6/v5yoDGs7hlI01W
/YFgpFG0PAmoe6lFpoOjoLtbfLxcPnjg0yhx09li+wCUeomJJusDL1eHywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfS6c32Ie2mZXfJ7kKjWpyt7FUtMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMTlMcHpmWWg3YVpsZDhudVFxTmFuSzNzVlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFXEeAMA0G
CSqGSIb3DQEBCwUAA4IBAQA7oqkL8WqUJXyiQlmWkTQLSNk2704rQGWZY3Lv5zjm
FKYE8msU9wEfhuMfhdg5NvakTR2LvciHTY2pJXw7hgeMURZ1+9M5Vp+X5/9FadDa
/3jWYc/kPk6SRdQ8etUlrRtnwXOj/tURvdN5GjJ5JRSsTgtjn4JI9JhMzH9nO36m
XglxmI5yaTQBJvxJwOeJlWcdh+YgGeFhxt1oFstpCldyeFgZK/uE0XFdDr2umwSP
cEMNLIAvnHOtYK+WTj1plcMkWgACkV9/muadCNxEPTHCv2vlcbADAipADeceO/eo
LEtrKsfrUoQ8vhFiCpiglf/e7X4f+bP1/fqpHp+tjmc8
-----END CERTIFICATE-----