Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/2cxDOPG-7cGSCYOkl8LAVbQ-9XM.roa
File:                     2cxDOPG-7cGSCYOkl8LAVbQ-9XM.roa (raw, json)
Hash identifier:          IOtOec/oAeSEmhO65b4jWUo2ZRrKgsJXadn/S1A0bjs=
Subject key identifier:   D9:CC:43:38:F1:BE:ED:C1:92:09:83:A4:97:C2:C0:55:B4:3E:F5:73
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F62565ECCFF48864AD9970AFE1597DA
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/2cxDOPG-7cGSCYOkl8LAVbQ-9XM.roa
Signing time:             Tue 25 Jun 2024 12:32:42 +0000
ROA not before:           Tue 25 Jun 2024 12:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396577
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:56:5e:cc:ff:48:86:4a:d9:97:0a:fe:15:97:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9cc4338f1beedc1920983a497c2c055b43ef573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3c:32:0f:6a:24:34:43:a9:42:63:be:91:e4:
                    99:5f:db:3d:ad:df:90:c0:8d:1c:42:69:0b:84:6c:
                    57:9e:50:26:c9:d7:64:30:eb:00:27:85:9a:77:e0:
                    b2:40:8b:29:1d:7f:d2:50:b1:28:4b:0b:d2:36:1e:
                    45:e3:c5:98:2d:41:f0:ad:ba:2d:3f:e8:06:67:eb:
                    74:89:16:f3:0c:58:72:87:f3:7e:fa:0e:1a:86:88:
                    10:75:53:51:1f:86:d9:ca:f5:17:6b:53:cc:71:c8:
                    d0:d6:bc:b5:82:f9:31:8d:ca:f8:dc:c5:c2:4d:49:
                    82:1f:90:fd:29:07:72:70:b3:f0:b6:8d:13:7f:2e:
                    ac:4c:27:f5:fe:37:6a:f3:0f:08:a6:fc:44:b4:dd:
                    d9:73:7d:f6:4d:3c:aa:b1:5d:7c:dd:d6:6c:56:5f:
                    9f:a2:db:f0:d5:ea:bf:a5:66:82:5d:f7:80:68:6e:
                    0b:f9:f1:2d:fa:0d:88:a9:ef:92:8d:d1:cc:de:79:
                    2f:c5:0f:52:2c:8b:36:a6:77:38:26:f1:96:04:0d:
                    80:13:a0:92:b0:20:cb:0c:58:63:89:1c:7d:71:a7:
                    c1:de:5f:ad:a1:5d:ff:cc:ad:06:25:49:ed:83:74:
                    87:d9:66:45:ef:d7:bc:f7:39:4b:43:55:5a:0b:e4:
                    cd:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:CC:43:38:F1:BE:ED:C1:92:09:83:A4:97:C2:C0:55:B4:3E:F5:73
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/2cxDOPG-7cGSCYOkl8LAVbQ-9XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         7a:8d:58:0a:4e:ac:1c:12:45:3e:57:10:f6:25:40:e3:71:f5:
         79:39:fd:a3:89:8f:39:fa:a0:1f:4b:57:94:13:c4:0c:80:33:
         06:37:9d:43:b7:76:af:24:da:3f:07:f9:ed:d4:4e:95:ad:06:
         41:b4:d7:a1:6a:23:c6:97:37:b8:64:aa:95:4e:b0:13:74:2c:
         57:e1:67:b0:c8:e4:a7:e1:02:1f:09:2f:d5:a8:2a:2c:f8:e6:
         3e:f3:9b:94:b9:1a:a8:6b:1a:f2:60:f7:64:9f:12:05:f8:95:
         22:36:52:5f:22:55:9c:ba:72:19:2d:99:fd:4a:d5:b9:d7:7d:
         bb:18:68:ac:8c:2a:d2:c5:e3:bb:59:ed:c7:9f:f3:8d:dd:81:
         c7:ab:85:fb:0b:b5:ce:e9:32:bc:29:a8:10:63:21:c6:cc:1f:
         11:8b:90:da:7b:16:42:e7:0b:34:9d:0f:21:be:8b:a8:d6:f6:
         0b:2c:29:d6:f6:60:f8:33:52:06:fb:6c:fa:61:94:e9:3d:b0:
         19:82:31:11:26:a6:b1:a6:81:7f:a2:d1:c0:6c:83:09:90:c3:
         e9:f7:7a:46:11:9f:f5:42:29:2b:99:f6:85:96:21:c3:cf:8b:
         33:31:39:6c:e2:22:88:aa:2a:26:aa:08:d9:d5:f0:5d:54:fb:
         7c:b6:85:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYlZezP9IhkrZlwr+FZfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWNjNDMzOGYxYmVlZGMxOTIwOTgzYTQ5N2MyYzA1NWI0M2VmNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDwyD2okNEOpQmO+keSZX9s9rd+Q
wI0cQmkLhGxXnlAmyddkMOsAJ4Wad+CyQIspHX/SULEoSwvSNh5F48WYLUHwrbot
P+gGZ+t0iRbzDFhyh/N++g4ahogQdVNRH4bZyvUXa1PMccjQ1ry1gvkxjcr43MXC
TUmCH5D9KQdycLPwto0Tfy6sTCf1/jdq8w8IpvxEtN3Zc332TTyqsV183dZsVl+f
otvw1eq/pWaCXfeAaG4L+fEt+g2Iqe+SjdHM3nkvxQ9SLIs2pnc4JvGWBA2AE6CS
sCDLDFhjiRx9cafB3l+toV3/zK0GJUntg3SH2WZF79e89zlLQ1VaC+TNdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNnMQzjxvu3BkgmDpJfCwFW0PvVzMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMmN4RE9QRy03Y0dTQ1lPa2w4TEFWYlEtOVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAeo1YCk6sHBJFPlcQ9iVA43H1eTn9o4mPOfqgH0tX
lBPEDIAzBjedQ7d2ryTaPwf57dROla0GQbTXoWojxpc3uGSqlU6wE3QsV+FnsMjk
p+ECHwkv1agqLPjmPvOblLkaqGsa8mD3ZJ8SBfiVIjZSXyJVnLpyGS2Z/UrVudd9
uxhorIwq0sXju1ntx5/zjd2Bx6uF+wu1zukyvCmoEGMhxswfEYuQ2nsWQucLNJ0P
Ib6LqNb2Cywp1vZg+DNSBvts+mGU6T2wGYIxESamsaaBf6LRwGyDCZDD6fd6RhGf
9UIpK5n2hZYhw8+LMzE5bOIiiKoqJqoI2dXwXVT7fLaFaQ==
-----END CERTIFICATE-----