Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1KwihlGfEH5EPpUgCurSYA-g-lM.roa
File:                     1KwihlGfEH5EPpUgCurSYA-g-lM.roa (raw, json)
Hash identifier:          h3IQt2nPL0qmKJIAza1oJf1AwfKF+YBUMLTdmbXdSN8=
Subject key identifier:   D4:AC:22:86:51:9F:10:7E:44:3E:95:20:0A:EA:D2:60:0F:A0:FA:53
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBC560C69591B1776563C26BD50C31
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1KwihlGfEH5EPpUgCurSYA-g-lM.roa
Signing time:             Wed 01 Jan 2025 17:48:32 +0000
ROA not before:           Wed 01 Jan 2025 17:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396570
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c5:60:c6:95:91:b1:77:65:63:c2:6b:d5:0c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4ac2286519f107e443e95200aead2600fa0fa53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:53:26:6d:f2:0d:5d:bd:16:0a:25:7f:f8:20:
                    36:be:dc:c3:ac:2d:2a:ea:ce:7f:a1:fd:60:ae:c5:
                    ab:61:2f:88:22:3c:e1:25:44:4a:ad:68:43:ac:c9:
                    9b:ee:f7:87:8f:01:60:48:6d:b1:16:71:5b:31:8d:
                    46:22:f8:8f:a9:d3:81:fc:13:be:78:40:73:75:38:
                    5a:89:95:75:1b:2b:24:b1:8e:1a:73:11:0f:2f:17:
                    68:d9:99:e0:86:a4:a6:7a:8b:fa:a5:4d:6f:c2:5c:
                    46:9d:7a:5e:9d:87:90:e8:95:6c:62:77:b9:d5:d3:
                    8f:04:9e:88:76:fa:7c:8b:75:2c:cc:6e:df:5a:db:
                    25:38:ce:3e:35:66:4c:c6:ac:5d:11:75:c3:c5:4a:
                    10:57:16:f4:39:6c:27:52:29:99:28:29:61:6d:d4:
                    a3:d5:b8:b1:5d:02:fe:39:a4:dd:3a:ff:1a:2f:cb:
                    56:13:b0:b0:ff:28:05:1d:06:09:76:e8:f6:f1:6a:
                    bf:92:fe:84:7a:26:e9:2e:87:7c:0d:b6:bd:ab:a1:
                    b3:14:6c:94:24:00:9c:fa:be:25:38:f6:77:00:2c:
                    19:9d:d4:2c:34:7f:69:73:b0:e1:a3:ec:15:82:c0:
                    42:d4:4d:59:8a:5b:98:19:dd:27:1d:23:62:b6:f7:
                    de:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:AC:22:86:51:9F:10:7E:44:3E:95:20:0A:EA:D2:60:0F:A0:FA:53
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1KwihlGfEH5EPpUgCurSYA-g-lM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         72:84:d4:9c:3a:cd:fa:ac:a8:bf:ff:21:2e:f6:77:9d:a7:c8:
         1d:1e:d2:eb:af:16:ea:30:ac:36:f4:54:46:3e:6c:7b:80:5c:
         3c:68:e2:70:65:c3:6f:d5:eb:1c:2a:c8:be:53:05:d2:d6:1d:
         50:55:24:64:dd:b9:b7:24:3a:5e:6c:88:f7:58:10:2a:35:3e:
         57:5c:8d:df:f6:5c:57:f1:8d:de:03:47:5e:ba:8f:1f:11:2b:
         c2:59:b2:c4:56:5d:27:9c:86:7e:4d:63:26:24:64:49:70:69:
         56:7d:f8:7c:0b:96:4e:83:44:c4:f2:08:14:bb:d2:b1:c9:f2:
         b8:83:1a:12:9c:c4:54:12:cc:40:c2:bd:b1:b2:71:31:03:e8:
         70:20:e1:61:53:05:05:f9:37:cd:bf:2f:2d:94:2d:e1:8e:83:
         e1:17:7a:f7:18:87:f2:26:ce:12:2d:cc:c0:3a:6b:23:e9:45:
         2c:09:92:8f:63:f0:c1:5c:8b:76:f8:23:3e:47:91:50:bf:95:
         42:fc:77:31:bb:fa:1b:8e:0d:f7:37:cb:5e:a5:d0:29:d6:9b:
         e5:1c:7a:92:c4:df:14:e9:01:7c:fa:42:13:ea:8f:f5:4f:ad:
         be:b1:fb:04:cd:84:f7:0b:bb:5e:b3:88:37:60:9c:f5:f8:67:
         36:e8:24:52
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+8VgxpWRsXdlY8Jr1QwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGFjMjI4NjUxOWYxMDdlNDQzZTk1MjAwYWVhZDI2MDBmYTBmYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlMmbfINXb0WCiV/+CA2vtzDrC0q
6s5/of1grsWrYS+IIjzhJURKrWhDrMmb7veHjwFgSG2xFnFbMY1GIviPqdOB/BO+
eEBzdThaiZV1GysksY4acxEPLxdo2ZnghqSmeov6pU1vwlxGnXpenYeQ6JVsYne5
1dOPBJ6Idvp8i3UszG7fWtslOM4+NWZMxqxdEXXDxUoQVxb0OWwnUimZKClhbdSj
1bixXQL+OaTdOv8aL8tWE7Cw/ygFHQYJduj28Wq/kv6EeibpLod8Dba9q6GzFGyU
JACc+r4lOPZ3ACwZndQsNH9pc7Dho+wVgsBC1E1ZiluYGd0nHSNitvfeoQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNSsIoZRnxB+RD6VIArq0mAPoPpTMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMUt3aWhsR2ZFSDVFUHBVZ0N1clNZQS1nLWxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAHKE1Jw6zfqsqL//IS72d52nyB0e0uuv
FuowrDb0VEY+bHuAXDxo4nBlw2/V6xwqyL5TBdLWHVBVJGTdubckOl5siPdYECo1
Pldcjd/2XFfxjd4DR166jx8RK8JZssRWXSechn5NYyYkZElwaVZ9+HwLlk6DRMTy
CBS70rHJ8riDGhKcxFQSzEDCvbGycTED6HAg4WFTBQX5N82/Ly2ULeGOg+EXevcY
h/ImzhItzMA6ayPpRSwJko9j8MFci3b4Iz5HkVC/lUL8dzG7+huODfc3y16l0CnW
m+UcepLE3xTpAXz6QhPqj/VPrb6x+wTNhPcLu16ziDdgnPX4ZzboJFI=
-----END CERTIFICATE-----