Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-YnDVD0Fdt3NpawGC8VjTdTptL0.roa
File:                     1-YnDVD0Fdt3NpawGC8VjTdTptL0.roa (raw, json)
Hash identifier:          SSmUOow92RulUdXuVJe2YajT9iMcj4+JicBP7/vR5GY=
Subject key identifier:   F9:89:C3:54:3D:05:76:DD:CD:A5:AC:06:0B:C5:63:4D:D4:E9:B4:BD
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBBA52B8BF0EBE87AC147C8B2E3D16
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-YnDVD0Fdt3NpawGC8VjTdTptL0.roa
Signing time:             Wed 01 Jan 2025 17:48:30 +0000
ROA not before:           Wed 01 Jan 2025 17:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396547
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ba:52:b8:bf:0e:be:87:ac:14:7c:8b:2e:3d:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f989c3543d0576ddcda5ac060bc5634dd4e9b4bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:11:68:a1:3d:ac:b3:79:ae:79:54:af:2c:58:
                    a1:9b:da:b1:50:1c:0b:98:8b:5f:76:68:53:b8:e1:
                    44:4e:aa:e8:64:fc:0c:c7:43:2c:fd:e3:86:cd:93:
                    c1:d0:25:4f:1a:46:b8:63:28:48:44:0b:63:9c:ac:
                    f0:67:6e:25:1f:2f:b1:3a:4b:7e:d7:af:f5:75:68:
                    49:5f:ad:67:5d:d7:a0:20:ff:df:e7:17:d9:de:94:
                    df:d6:48:9e:7d:4f:ae:9f:86:46:e8:ce:49:7a:4a:
                    c8:b1:ab:ba:71:c8:41:c5:58:45:e0:22:08:f9:58:
                    9f:8c:59:06:b7:bd:03:06:d1:c2:11:0e:28:ae:7f:
                    c6:ad:6d:89:ee:e4:27:5d:39:41:7e:24:87:f0:48:
                    e8:b7:50:1d:c9:c0:7e:f5:2e:86:9a:ee:79:9e:88:
                    fb:bd:43:82:b4:d3:40:0a:2a:0e:52:08:51:77:bd:
                    3b:05:55:f7:d1:ab:87:56:d6:30:35:c5:49:9b:97:
                    aa:86:40:e2:da:6f:66:e5:12:bb:ef:68:7e:83:98:
                    39:ab:05:05:88:44:a3:58:dd:d2:21:47:f4:2e:62:
                    f8:a0:13:99:04:fc:1a:e3:8c:05:07:29:7c:79:8c:
                    0c:7b:68:29:bd:84:52:46:e3:5f:c0:fc:4f:d7:fa:
                    3a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:89:C3:54:3D:05:76:DD:CD:A5:AC:06:0B:C5:63:4D:D4:E9:B4:BD
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-YnDVD0Fdt3NpawGC8VjTdTptL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:1e:0e:e5:3f:d6:1a:cb:38:f9:a1:0f:59:ce:e4:80:ec:d1:
         73:31:e4:44:00:20:68:9e:6f:d0:d1:6d:cb:91:05:04:1f:06:
         76:67:b1:40:e2:11:db:e1:fe:b6:57:35:2f:62:f1:eb:8d:2a:
         23:5e:cc:3b:0c:e9:4b:1a:be:e7:42:a9:12:33:3f:c7:2e:5b:
         2a:f6:75:49:d0:a2:04:59:db:14:41:03:f0:f4:a5:d0:fc:fd:
         f7:37:a8:68:a0:2d:02:7a:cf:28:ce:57:9a:ef:8f:d0:95:ab:
         7d:cc:5a:7d:94:5c:c3:a2:66:78:50:c7:2e:02:cb:19:56:0c:
         28:1d:af:20:a2:21:cf:7a:a1:42:99:f5:1e:54:b2:e6:bb:d8:
         1d:a7:34:ce:b7:54:b3:6c:3f:a2:f0:43:46:bc:26:16:73:14:
         b8:c0:a2:f2:a1:58:74:c7:6d:97:e3:66:31:84:92:bd:2c:28:
         6b:ae:5d:09:d1:f6:b8:e9:b8:b6:e9:67:02:da:29:c2:80:55:
         7b:c3:50:ec:a9:5d:90:3e:ee:91:79:2c:be:18:58:4a:81:3f:
         e2:e0:b3:b7:ec:69:9b:88:fc:5b:c1:8e:34:48:d0:2c:55:54:
         a8:05:3f:f8:16:31:8a:ee:18:3f:a6:a2:89:02:3a:a7:c0:05:
         25:b1:f5:c0
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZQi+7pSuL8OvoesFHyLLj0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTg5YzM1NDNkMDU3NmRkY2RhNWFjMDYwYmM1NjM0ZGQ0ZTliNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RFooT2ss3mueVSvLFihm9qxUBwL
mItfdmhTuOFETqroZPwMx0Ms/eOGzZPB0CVPGka4YyhIRAtjnKzwZ24lHy+xOkt+
16/1dWhJX61nXdegIP/f5xfZ3pTf1kiefU+un4ZG6M5JekrIsau6cchBxVhF4CII
+VifjFkGt70DBtHCEQ4orn/GrW2J7uQnXTlBfiSH8Ejot1AdycB+9S6Gmu55noj7
vUOCtNNACioOUghRd707BVX30auHVtYwNcVJm5eqhkDi2m9m5RK772h+g5g5qwUF
iESjWN3SIUf0LmL4oBOZBPwa44wFByl8eYwMe2gpvYRSRuNfwPxP1/o6RwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPmJw1Q9BXbdzaWsBgvFY03U6bS9MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMS1ZbkRWRDBGZHQzTnBhd0dDOFZqVGRUcHRMMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmEvYmM5MmU2LWM4ZWUtNDhmMC1hZTdmLTM2Y2NiNWEwNjE5
NS8xL3REZ0xtNHdIQkZmdFZMeEYwUzNkMGtUZ2JWSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDgMFAVETwx4D
BQC5ZAA1MA0GCSqGSIb3DQEBCwUAA4IBAQB8Hg7lP9Yayzj5oQ9ZzuSA7NFzMeRE
ACBonm/Q0W3LkQUEHwZ2Z7FA4hHb4f62VzUvYvHrjSojXsw7DOlLGr7nQqkSMz/H
Llsq9nVJ0KIEWdsUQQPw9KXQ/P33N6hooC0Ces8ozlea74/Qlat9zFp9lFzDomZ4
UMcuAssZVgwoHa8goiHPeqFCmfUeVLLmu9gdpzTOt1SzbD+i8ENGvCYWcxS4wKLy
oVh0x22X42YxhJK9LChrrl0J0fa46bi26WcC2inCgFV7w1DsqV2QPu6ReSy+GFhK
gT/i4LO37GmbiPxbwY40SNAsVVSoBT/4FjGK7hg/pqKJAjqnwAUlsfXA
-----END CERTIFICATE-----