Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3kpUH7RqDuzNyejI1WyHlmO3P_k.roa
File:                     3kpUH7RqDuzNyejI1WyHlmO3P_k.roa (raw, json)
Hash identifier:          cCKFwuvXn/blx3+2FZy3W2owfULsSUHnG3faNu5XcHY=
Subject key identifier:   DE:4A:54:1F:B4:6A:0E:EC:CD:C9:E8:C8:D5:6C:87:96:63:B7:3F:F9
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F623F19A17FDA00A93C4834061E6DAC
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3kpUH7RqDuzNyejI1WyHlmO3P_k.roa
Signing time:             Tue 25 Jun 2024 12:32:37 +0000
ROA not before:           Tue 25 Jun 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36630
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:3f:19:a1:7f:da:00:a9:3c:48:34:06:1e:6d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de4a541fb46a0eeccdc9e8c8d56c879663b73ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e2:fe:68:31:e6:2c:ee:d3:e6:cb:13:e7:64:
                    24:47:37:78:de:83:05:5b:dd:d3:ba:58:52:5a:b7:
                    e5:cd:b9:77:a1:86:6b:fd:d0:fa:73:55:72:3f:23:
                    70:44:0a:25:0e:d7:d0:29:64:5a:af:60:67:76:37:
                    be:5e:ba:ac:31:be:8b:ec:b1:a4:ce:92:eb:a4:cc:
                    71:d2:3f:62:07:8a:d9:f6:3d:f7:a8:ed:b8:3e:74:
                    5a:02:72:4c:ba:61:4a:53:d6:90:19:75:57:f9:6c:
                    fb:61:b4:cd:01:6d:c7:de:37:2f:9c:30:5b:4a:e3:
                    6e:1d:34:61:52:7b:58:c9:69:fd:02:45:c0:4c:32:
                    1d:fe:b8:f4:e9:3d:40:a1:45:bf:70:b1:8d:74:15:
                    d3:92:05:5c:d4:e1:80:ed:9d:e5:76:49:ff:2b:bb:
                    f7:e2:fa:27:47:c8:1c:c5:65:a7:5b:ec:96:eb:2d:
                    72:c2:4c:1f:d5:16:47:4a:57:a9:3a:55:5f:6e:23:
                    ec:bd:e7:c8:3b:03:a4:6e:12:60:ea:a1:40:10:fc:
                    dc:ac:0d:89:08:19:bb:4d:ea:62:0e:89:01:6d:ec:
                    19:74:7d:ce:de:37:59:79:96:4d:a8:29:3d:f9:d6:
                    09:a0:14:0a:9b:2f:98:53:8b:5c:50:fc:a8:bf:a0:
                    19:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4A:54:1F:B4:6A:0E:EC:CD:C9:E8:C8:D5:6C:87:96:63:B7:3F:F9
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3kpUH7RqDuzNyejI1WyHlmO3P_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         58:bd:61:80:d8:95:d2:3d:a2:53:7c:55:f9:25:e4:62:9d:e1:
         d1:db:df:d2:fc:d1:f1:91:1a:8f:41:a3:9d:e6:8d:fb:86:1c:
         34:5a:7e:a1:d3:18:a4:2d:bb:60:ea:06:20:2e:0b:dc:19:47:
         cd:c0:2d:dd:c2:6c:f7:e5:18:3f:f3:2b:85:57:80:ea:84:31:
         fe:98:5b:b4:82:92:db:4d:b2:fb:32:76:ce:b9:44:99:47:8c:
         5a:11:ea:90:11:16:08:bd:68:2f:f8:bf:3c:a5:9e:b5:06:85:
         9a:15:4a:25:e7:74:64:74:9a:81:ad:9d:35:f3:45:50:b6:d7:
         3e:e7:7c:27:d7:e3:6b:e1:32:28:94:aa:8d:42:c0:45:af:9b:
         e3:d4:7e:d6:f1:b1:2a:3f:25:f2:34:bf:08:1a:43:0c:6d:0f:
         22:48:6d:dd:97:71:c6:78:3e:c6:59:10:7f:13:4d:73:5e:00:
         cc:c2:1f:07:b0:9b:0e:29:d7:97:f6:b4:53:32:99:59:48:02:
         ef:2f:57:c7:25:6f:c2:e8:a7:26:bb:46:b6:84:da:f4:02:17:
         4b:66:e9:a2:5c:2f:9e:e4:68:0f:b4:37:96:51:f4:ff:3f:c1:
         a9:dd:be:e8:93:0b:79:10:88:3d:f9:35:0b:39:f7:4f:5c:a3:
         bb:eb:4c:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYj8ZoX/aAKk8SDQGHm2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRhNTQxZmI0NmEwZWVjY2RjOWU4YzhkNTZjODc5NjYzYjczZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OL+aDHmLO7T5ssT52QkRzd43oMF
W93TulhSWrflzbl3oYZr/dD6c1VyPyNwRAolDtfQKWRar2Bndje+XrqsMb6L7LGk
zpLrpMxx0j9iB4rZ9j33qO24PnRaAnJMumFKU9aQGXVX+Wz7YbTNAW3H3jcvnDBb
SuNuHTRhUntYyWn9AkXATDId/rj06T1AoUW/cLGNdBXTkgVc1OGA7Z3ldkn/K7v3
4vonR8gcxWWnW+yW6y1ywkwf1RZHSlepOlVfbiPsvefIOwOkbhJg6qFAEPzcrA2J
CBm7TepiDokBbewZdH3O3jdZeZZNqCk9+dYJoBQKmy+YU4tcUPyov6AZQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN5KVB+0ag7szcnoyNVsh5Zjtz/5MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvM2twVUg3UnFEdXpOeWVqSTFXeUhsbU8zUF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAWL1hgNiV0j2iU3xV+SXkYp3h0dvf0vzR8ZEaj0Gj
neaN+4YcNFp+odMYpC27YOoGIC4L3BlHzcAt3cJs9+UYP/MrhVeA6oQx/phbtIKS
202y+zJ2zrlEmUeMWhHqkBEWCL1oL/i/PKWetQaFmhVKJed0ZHSaga2dNfNFULbX
Pud8J9fja+EyKJSqjULARa+b49R+1vGxKj8l8jS/CBpDDG0PIkht3Zdxxng+xlkQ
fxNNc14AzMIfB7CbDinXl/a0UzKZWUgC7y9XxyVvwuinJrtGtoTa9AIXS2bpolwv
nuRoD7Q3llH0/z/Bqd2+6JMLeRCIPfk1Czn3T1yju+tM8w==
-----END CERTIFICATE-----