Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1LDcb54EatJu-V6yxKWsSJdR7b8.roa
File:                     1LDcb54EatJu-V6yxKWsSJdR7b8.roa (raw, json)
Hash identifier:          zRAmAuNZon1aqTdoKnPjJKtKke904vgKtupSg65/LQA=
Subject key identifier:   D4:B0:DC:6F:9E:04:6A:D2:6E:F9:5E:B2:C4:A5:AC:48:97:51:ED:BF
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F6246B03ECEEB6D95C4A14504994052
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1LDcb54EatJu-V6yxKWsSJdR7b8.roa
Signing time:             Tue 25 Jun 2024 12:32:39 +0000
ROA not before:           Tue 25 Jun 2024 12:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396549
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:46:b0:3e:ce:eb:6d:95:c4:a1:45:04:99:40:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4b0dc6f9e046ad26ef95eb2c4a5ac489751edbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a2:68:bf:e8:94:fc:ed:9c:85:a9:92:66:18:
                    5a:7f:31:01:8a:48:ad:61:f1:2a:85:6e:06:a5:13:
                    20:bb:14:fd:74:47:a4:82:51:c0:59:19:e9:47:60:
                    bc:59:ad:87:0f:e2:42:62:2a:57:d1:7a:17:3f:9e:
                    e7:e5:f0:88:34:3e:e2:48:b8:d7:97:0c:b3:9d:1e:
                    75:2e:8d:0d:9a:14:7f:c3:ab:ba:ca:5a:9e:f5:4f:
                    e8:29:63:09:91:85:86:7d:06:a3:5b:67:fe:db:e8:
                    4c:0a:c9:d1:a3:17:1c:d5:de:65:81:a9:06:cd:6f:
                    06:ed:6e:d4:ae:a7:77:ba:9c:79:fe:90:79:25:b3:
                    df:ee:47:16:d9:f4:ce:e6:84:9b:ca:1f:ec:a7:93:
                    c9:73:bd:f5:5a:f0:97:66:dd:b6:67:63:ec:91:a9:
                    88:fd:fe:3e:1a:60:19:c3:0d:23:29:95:37:85:10:
                    6f:8c:14:92:32:5a:28:df:03:f6:63:d4:2d:17:9a:
                    7a:48:2a:ed:28:82:30:ce:82:04:e8:a3:6f:4b:cf:
                    81:2a:80:76:0a:09:6d:77:bb:87:75:0d:b7:0c:2e:
                    27:75:06:7e:c0:f9:cd:ab:b0:e6:48:e4:ce:ec:8a:
                    d3:03:ae:c5:bd:c9:af:a9:30:2e:c7:37:4e:c9:d6:
                    f6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B0:DC:6F:9E:04:6A:D2:6E:F9:5E:B2:C4:A5:AC:48:97:51:ED:BF
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1LDcb54EatJu-V6yxKWsSJdR7b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         bb:80:e9:e9:8c:78:a0:be:40:bc:16:da:41:11:5d:2c:2c:6c:
         7e:26:c5:bb:86:2c:29:79:40:10:f0:93:c8:b3:2c:ac:d2:47:
         1c:4c:4b:91:8c:0d:2d:a5:b7:f7:75:9f:04:46:7b:8f:24:57:
         48:86:05:d7:0f:4c:f8:57:85:87:97:03:c8:0c:1e:2f:82:2a:
         2e:d4:30:3a:e3:5f:c9:70:5c:ed:ed:ba:a4:ef:ac:ae:d1:ee:
         c1:58:12:0a:8d:27:7f:2d:51:df:cd:0a:77:0b:82:75:8c:52:
         6b:cf:17:45:57:d9:62:b8:63:aa:46:03:99:fd:b6:a6:8f:cd:
         50:ae:3b:55:10:7e:bf:fe:3c:63:75:62:1a:7e:11:25:d4:5b:
         e0:b0:8f:12:cf:39:c3:c1:a7:20:42:3e:39:24:af:c0:40:a8:
         45:fb:cc:43:1d:cb:9a:19:9b:36:ad:56:b2:1d:56:ce:3f:ab:
         11:47:e1:58:3b:e1:09:ac:5a:3c:16:52:91:52:81:35:ea:3a:
         8c:c0:3b:38:05:d6:b0:72:da:a2:7e:75:aa:c3:44:a1:7b:6c:
         2f:8b:80:28:38:b6:c4:52:a7:ec:a1:44:e8:57:75:2d:60:39:
         3a:1f:08:fc:e5:01:06:83:dc:6a:08:a3:04:19:71:57:b5:15:
         82:b6:cc:6b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYkawPs7rbZXEoUUEmUBSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGIwZGM2ZjllMDQ2YWQyNmVmOTVlYjJjNGE1YWM0ODk3NTFlZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6Jov+iU/O2chamSZhhafzEBikit
YfEqhW4GpRMguxT9dEekglHAWRnpR2C8Wa2HD+JCYipX0XoXP57n5fCIND7iSLjX
lwyznR51Lo0NmhR/w6u6ylqe9U/oKWMJkYWGfQajW2f+2+hMCsnRoxcc1d5lgakG
zW8G7W7Urqd3upx5/pB5JbPf7kcW2fTO5oSbyh/sp5PJc731WvCXZt22Z2PskamI
/f4+GmAZww0jKZU3hRBvjBSSMloo3wP2Y9QtF5p6SCrtKIIwzoIE6KNvS8+BKoB2
Cgltd7uHdQ23DC4ndQZ+wPnNq7DmSOTO7IrTA67FvcmvqTAuxzdOydb27QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNSw3G+eBGrSbvlessSlrEiXUe2/MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMUxEY2I1NEVhdEp1LVY2eXhLV3NTSmRSN2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAu4Dp6Yx4oL5AvBbaQRFdLCxsfibFu4YsKXlAEPCT
yLMsrNJHHExLkYwNLaW393WfBEZ7jyRXSIYF1w9M+FeFh5cDyAweL4IqLtQwOuNf
yXBc7e26pO+srtHuwVgSCo0nfy1R380KdwuCdYxSa88XRVfZYrhjqkYDmf22po/N
UK47VRB+v/48Y3ViGn4RJdRb4LCPEs85w8GnIEI+OSSvwECoRfvMQx3LmhmbNq1W
sh1Wzj+rEUfhWDvhCaxaPBZSkVKBNeo6jMA7OAXWsHLaon51qsNEoXtsL4uAKDi2
xFKn7KFE6Fd1LWA5Oh8I/OUBBoPcagijBBlxV7UVgrbMaw==
-----END CERTIFICATE-----