Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3DYQqmRz9J_hHOQ8PDwtp1p9HRw.roa
File:                     3DYQqmRz9J_hHOQ8PDwtp1p9HRw.roa (raw, json)
Hash identifier:          SOHR9g8kzw7pX6dua7up+LNItFn0lgNdB8HWtXnWH7o=
Subject key identifier:   DC:36:10:AA:64:73:F4:9F:E1:1C:E4:3C:3C:3C:2D:A7:5A:7D:1D:1C
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F627317744812096183BA8E06C2FBE8
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3DYQqmRz9J_hHOQ8PDwtp1p9HRw.roa
Signing time:             Tue 25 Jun 2024 12:32:50 +0000
ROA not before:           Tue 25 Jun 2024 12:32:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397206
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:73:17:74:48:12:09:61:83:ba:8e:06:c2:fb:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc3610aa6473f49fe11ce43c3c3c2da75a7d1d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4a:fa:bd:4f:ee:2d:9c:70:f5:9e:43:80:e3:
                    db:17:17:d5:14:a1:ba:86:29:7a:ca:5c:07:1d:70:
                    a5:18:75:92:31:30:05:f5:5d:3a:db:cc:29:27:73:
                    28:62:43:a3:24:e6:3c:28:26:b2:84:15:54:78:dc:
                    70:ed:0f:de:87:5a:09:90:41:e5:76:1a:65:48:ab:
                    ad:e3:cb:87:54:64:2c:75:4d:b1:d8:d1:b1:29:ea:
                    26:15:c5:89:23:da:17:87:34:b3:47:b9:f0:34:52:
                    12:84:ac:97:bf:3e:19:41:05:8b:7a:66:04:b9:87:
                    a4:15:59:7e:94:af:02:32:a0:3a:74:00:24:20:bf:
                    b7:1c:25:e3:be:2c:de:6c:1f:be:7a:e9:d1:39:4e:
                    b1:6d:48:84:2d:c4:ee:a4:b0:29:e6:52:5c:31:de:
                    97:f1:4d:b4:bc:60:30:4b:2c:70:01:b9:e6:2f:0b:
                    43:47:c8:2c:d7:79:ab:fa:6a:02:9d:87:97:22:67:
                    97:eb:6e:4a:d0:b4:3f:16:3a:8b:6f:d8:be:51:38:
                    93:1f:19:e4:9e:b1:da:c7:da:ba:72:a8:4e:e7:5d:
                    1a:7f:0d:e9:ad:30:6b:ab:90:b7:88:8c:76:96:4a:
                    cf:8d:7d:21:ab:87:7e:6d:88:bd:63:fd:3f:5a:a5:
                    f5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:36:10:AA:64:73:F4:9F:E1:1C:E4:3C:3C:3C:2D:A7:5A:7D:1D:1C
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3DYQqmRz9J_hHOQ8PDwtp1p9HRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         c4:39:bf:1d:eb:32:27:fb:c3:40:46:c3:9c:98:b7:02:26:bc:
         bd:2e:47:e7:57:03:e7:0d:1f:b3:6c:f0:2d:1e:42:de:e0:45:
         b7:cc:0b:10:75:11:22:52:53:96:35:69:a2:b9:c5:da:22:61:
         64:62:81:11:36:a5:c6:bb:4b:46:83:ab:54:11:15:3c:09:37:
         f1:72:38:64:e9:51:14:50:3d:86:55:80:d1:8c:92:7a:85:ca:
         ca:7c:72:68:06:5b:00:87:be:a5:31:08:f9:22:87:50:ff:1c:
         32:37:49:6a:79:36:bc:ae:69:02:46:aa:ab:d1:dd:3b:79:41:
         72:4d:5c:30:27:bb:a1:17:22:83:24:68:b4:2d:ff:61:de:af:
         86:41:e5:9f:9c:00:9f:9d:4c:dc:80:43:4a:dc:c7:3d:65:17:
         f7:48:cc:60:fc:72:81:46:7f:7b:81:02:f3:3f:73:36:cf:2c:
         2b:ad:28:02:78:47:3d:d2:8b:7f:2c:d3:72:ff:36:11:42:0e:
         06:70:db:6c:95:42:47:2b:2e:24:ae:f6:7c:03:2b:3d:22:50:
         f8:e7:0f:31:cd:c6:8e:81:80:83:31:b2:84:e1:31:ba:49:d7:
         77:4e:d3:d4:b5:5e:14:e0:ec:13:0e:76:b6:56:04:a9:d3:e8:
         86:e9:40:4c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYnMXdEgSCWGDuo4GwvvoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM2MTBhYTY0NzNmNDlmZTExY2U0M2MzYzNjMmRhNzVhN2QxZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEr6vU/uLZxw9Z5DgOPbFxfVFKG6
hil6ylwHHXClGHWSMTAF9V0628wpJ3MoYkOjJOY8KCayhBVUeNxw7Q/eh1oJkEHl
dhplSKut48uHVGQsdU2x2NGxKeomFcWJI9oXhzSzR7nwNFIShKyXvz4ZQQWLemYE
uYekFVl+lK8CMqA6dAAkIL+3HCXjvizebB++eunROU6xbUiELcTupLAp5lJcMd6X
8U20vGAwSyxwAbnmLwtDR8gs13mr+moCnYeXImeX625K0LQ/FjqLb9i+UTiTHxnk
nrHax9q6cqhO510afw3prTBrq5C3iIx2lkrPjX0hq4d+bYi9Y/0/WqX1wQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNw2EKpkc/Sf4RzkPDw8LadafR0cMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvM0RZUXFtUno5Sl9oSE9ROFBEd3RwMXA5SFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAxDm/HesyJ/vDQEbDnJi3Aia8vS5H51cD5w0fs2zw
LR5C3uBFt8wLEHURIlJTljVpornF2iJhZGKBETalxrtLRoOrVBEVPAk38XI4ZOlR
FFA9hlWA0YySeoXKynxyaAZbAIe+pTEI+SKHUP8cMjdJank2vK5pAkaqq9HdO3lB
ck1cMCe7oRcigyRotC3/Yd6vhkHln5wAn51M3IBDStzHPWUX90jMYPxygUZ/e4EC
8z9zNs8sK60oAnhHPdKLfyzTcv82EUIOBnDbbJVCRysuJK72fAMrPSJQ+OcPMc3G
joGAgzGyhOExuknXd07T1LVeFODsEw52tlYEqdPohulATA==
-----END CERTIFICATE-----