Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/3B19KPyJnviBgt6JQm40YUwJQoM.roa
File:                     3B19KPyJnviBgt6JQm40YUwJQoM.roa (raw, json)
Hash identifier:          o8Dfv5t8JzRJx/RzpIhHEq/myuas8cpxZLxeR8pP3Oc=
Subject key identifier:   DC:1D:7D:28:FC:89:9E:F8:81:82:DE:89:42:6E:34:61:4C:09:42:83
Certificate issuer:       /CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
Certificate serial:       018E2D5ABCFD9B9C16785DFA408EED189357
Authority key identifier: C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/3B19KPyJnviBgt6JQm40YUwJQoM.roa
Signing time:             Mon 11 Mar 2024 11:51:45 +0000
ROA not before:           Mon 11 Mar 2024 11:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12480
IP address blocks:        194.59.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:5a:bc:fd:9b:9c:16:78:5d:fa:40:8e:ed:18:93:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
        Validity
            Not Before: Mar 11 11:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc1d7d28fc899ef88182de89426e34614c094283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:78:69:48:e5:0f:0d:01:89:35:a9:0e:e5:7b:
                    f8:55:7c:68:53:45:07:72:ac:ad:55:d3:0f:9b:52:
                    3e:86:23:84:7c:86:da:be:b0:03:ae:44:81:97:1e:
                    83:fd:c7:43:a1:51:a8:58:32:75:99:dd:2d:20:94:
                    8e:87:46:1c:62:33:da:c3:bd:15:77:37:42:8e:2f:
                    87:06:3d:c2:ba:ff:ac:bd:e0:72:18:cb:19:73:fc:
                    a2:7b:62:59:13:3a:ef:b3:81:59:b9:b6:e8:d6:e1:
                    36:d3:df:af:8b:19:8f:81:16:38:f3:29:70:a7:be:
                    12:af:30:f3:da:ac:05:3d:9d:d6:bf:ed:2a:8b:ea:
                    18:5a:53:07:bf:35:c7:ea:99:8d:f5:91:88:a0:9f:
                    02:ed:7b:1b:9f:0b:bf:f0:c8:85:96:ac:c8:14:7a:
                    c5:0f:8b:45:59:a1:8f:64:9f:12:70:e6:b6:85:5b:
                    b7:a7:a7:7d:f1:c1:bd:68:49:51:1c:41:72:7c:83:
                    80:96:8b:56:61:1c:94:30:4b:33:e7:13:41:c3:91:
                    44:99:be:ef:fd:61:9a:59:ee:44:df:81:10:6e:13:
                    ea:b5:b9:ba:6e:bd:50:3b:9d:8b:7a:20:58:46:94:
                    77:4a:8f:2d:13:05:74:60:6e:e0:c2:0c:ff:e7:6f:
                    08:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:1D:7D:28:FC:89:9E:F8:81:82:DE:89:42:6E:34:61:4C:09:42:83
            X509v3 Authority Key Identifier:
                keyid:C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/3B19KPyJnviBgt6JQm40YUwJQoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:16:d7:3d:f6:21:96:35:08:26:63:74:a2:0c:96:77:fc:7c:
         59:bf:16:b1:77:b6:da:7e:42:c8:78:a8:43:19:12:48:24:bc:
         ea:65:6f:3e:32:de:26:f3:b6:65:19:8e:1c:6a:a6:66:41:47:
         42:67:5d:d4:11:22:97:de:70:08:f6:67:e2:43:96:87:16:11:
         9c:a8:67:4f:67:55:d2:7b:64:14:3c:42:41:c3:ab:f4:fb:82:
         91:b5:6b:dd:f2:b5:fa:1d:49:a5:68:f1:07:24:4f:07:fa:2e:
         36:2d:8a:97:72:75:ab:67:ae:8b:3c:a7:c8:6f:ff:a0:4e:6b:
         ce:98:53:78:21:52:f2:cb:6f:8e:81:89:f2:2b:20:94:99:86:
         e9:90:93:c0:2e:66:4f:53:a0:19:21:07:99:ee:fb:60:f0:6c:
         94:42:14:fd:2b:15:21:b9:ff:09:32:a0:75:0c:2c:b3:d0:2e:
         d2:b2:3f:8b:37:68:09:3c:18:b6:59:33:ab:74:3e:79:e3:6d:
         15:0f:1b:f0:6c:f4:a4:14:1e:c8:e6:5e:47:f5:07:6e:c2:bf:
         ef:1e:9d:d9:f2:7b:e4:60:ce:28:fa:e8:24:55:e0:46:9d:77:
         b9:cd:99:45:f9:ef:0e:29:ca:6e:b4:42:ca:c5:fb:c8:ad:d7:
         c3:fb:9b:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4tWrz9m5wWeF36QI7tGJNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDBlOTIzNGNjNjcyMTk1N2E0YWMyMTNlYWM2NzUzZWQ4
NWVlYTcwHhcNMjQwMzExMTE1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzFkN2QyOGZjODk5ZWY4ODE4MmRlODk0MjZlMzQ2MTRjMDk0MjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3hpSOUPDQGJNakO5Xv4VXxoU0UH
cqytVdMPm1I+hiOEfIbavrADrkSBlx6D/cdDoVGoWDJ1md0tIJSOh0YcYjPaw70V
dzdCji+HBj3Cuv+sveByGMsZc/yie2JZEzrvs4FZubbo1uE209+vixmPgRY48ylw
p74SrzDz2qwFPZ3Wv+0qi+oYWlMHvzXH6pmN9ZGIoJ8C7Xsbnwu/8MiFlqzIFHrF
D4tFWaGPZJ8ScOa2hVu3p6d98cG9aElRHEFyfIOAlotWYRyUMEsz5xNBw5FEmb7v
/WGaWe5E34EQbhPqtbm6br1QO52LeiBYRpR3So8tEwV0YG7gwgz/528IIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwdfSj8iZ74gYLeiUJuNGFMCUKDMB8GA1UdIwQY
MBaAFMnQ6SNMxnIZV6SsIT6sZ1Pthe6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgt
OWEzMDBiMGE3ZWQyLzEvM0IxOUtQeUpudmlCZ3Q2SlFtNDBZVXdKUW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgtOWEzMDBiMGE3ZWQy
LzEveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsNMA0G
CSqGSIb3DQEBCwUAA4IBAQB1Ftc99iGWNQgmY3SiDJZ3/HxZvxaxd7bafkLIeKhD
GRJIJLzqZW8+Mt4m87ZlGY4caqZmQUdCZ13UESKX3nAI9mfiQ5aHFhGcqGdPZ1XS
e2QUPEJBw6v0+4KRtWvd8rX6HUmlaPEHJE8H+i42LYqXcnWrZ66LPKfIb/+gTmvO
mFN4IVLyy2+OgYnyKyCUmYbpkJPALmZPU6AZIQeZ7vtg8GyUQhT9KxUhuf8JMqB1
DCyz0C7Ssj+LN2gJPBi2WTOrdD55420VDxvwbPSkFB7I5l5H9Qduwr/vHp3Z8nvk
YM4o+ugkVeBGnXe5zZlF+e8OKcputELKxfvIrdfD+5sy
-----END CERTIFICATE-----