Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/4VTs9y5F76vcJX-K3k7ve1rZlPg.roa
File:                     4VTs9y5F76vcJX-K3k7ve1rZlPg.roa (raw, json)
Hash identifier:          Wjj8a2Pp1BNCRA16+OBHbWJ046KEA/xX2Ogx+Bn6OzE=
Subject key identifier:   E1:54:EC:F7:2E:45:EF:AB:DC:25:7F:8A:DE:4E:EF:7B:5A:D9:94:F8
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBAC5300CCB7F9D1207329DD519DAD
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/4VTs9y5F76vcJX-K3k7ve1rZlPg.roa
Signing time:             Wed 01 Jan 2025 17:48:26 +0000
ROA not before:           Wed 01 Jan 2025 17:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20362
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ac:53:00:cc:b7:f9:d1:20:73:29:dd:51:9d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e154ecf72e45efabdc257f8ade4eef7b5ad994f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:16:06:3d:fd:c8:6a:4a:e3:43:b5:01:3d:9d:
                    8f:fc:46:0b:bc:3b:36:67:67:8f:d7:77:b4:07:59:
                    af:5c:6a:09:58:ae:36:ca:3c:41:a4:b3:72:50:22:
                    bf:c2:2b:1f:25:39:63:1d:c7:fc:67:ae:d9:b7:18:
                    3a:cb:07:42:49:1c:44:f5:36:7d:70:38:42:96:f3:
                    ad:7d:2d:74:3f:a9:78:06:7e:4d:4e:e8:f4:63:61:
                    8c:ae:f4:be:99:6e:35:be:27:17:a5:82:46:8a:c1:
                    6a:e3:23:6c:6f:e2:57:d3:f4:2b:aa:17:5e:6d:59:
                    03:b1:54:89:2b:ab:dd:cb:1b:be:1a:77:40:17:12:
                    7d:36:34:a4:66:5d:bd:e1:bc:d0:8e:ae:bd:21:b0:
                    8c:9f:51:6c:95:c9:6a:d6:a2:6a:cb:07:c7:c5:8e:
                    13:13:d1:42:5e:e4:22:a8:e8:75:e2:e4:76:4d:3f:
                    ad:1e:42:b7:d2:3a:a0:d7:c5:bd:aa:0b:82:fb:f6:
                    1f:b8:1a:12:02:56:df:35:f1:25:41:f0:b3:cb:e2:
                    9c:1f:01:99:f3:eb:82:a0:ff:8a:25:cb:c7:f9:1a:
                    a8:bd:c2:54:b8:b4:69:88:7a:d4:85:76:28:34:f8:
                    5a:a7:60:16:1e:b3:33:4a:c5:6a:65:3c:52:fd:db:
                    21:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:54:EC:F7:2E:45:EF:AB:DC:25:7F:8A:DE:4E:EF:7B:5A:D9:94:F8
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/4VTs9y5F76vcJX-K3k7ve1rZlPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:b0:7a:66:ed:cd:0e:8b:45:72:59:80:60:02:e3:e0:b9:d0:
         ac:bd:18:0b:04:2d:c7:bb:43:30:b9:68:8d:c9:a9:23:02:05:
         85:4f:9e:99:6d:b7:34:29:60:f6:93:fa:bb:20:26:49:56:25:
         d1:f6:b9:71:27:55:55:06:31:8b:73:a7:74:c1:0a:59:1b:47:
         a7:42:ef:c7:8e:e6:e3:c4:b8:31:a3:93:7a:8f:37:99:8f:0b:
         46:08:7b:95:03:cf:d5:57:59:79:10:99:94:c0:8b:9c:4f:ce:
         0c:78:66:3d:3a:38:05:6a:69:ca:de:65:ff:a4:a7:41:a7:ce:
         06:b8:c6:67:90:6c:c9:aa:71:84:57:9f:54:dc:36:ec:cf:54:
         93:8c:21:66:c0:3a:c1:39:ee:ba:e0:ab:ff:f7:ac:68:2b:34:
         6c:80:2d:e4:2c:9e:b5:22:2f:7d:cc:09:49:33:09:3b:c7:4a:
         82:20:85:a7:3c:42:e1:da:d8:0c:14:f8:97:0d:d9:72:b6:71:
         c4:d8:4f:30:d5:4b:2b:4b:6a:99:1a:b5:66:3d:0a:1a:11:02:
         91:ea:a2:d4:92:69:c2:2d:46:83:69:d3:c6:88:60:5f:89:5d:
         8a:74:32:40:59:29:53:80:f8:d4:ae:ee:95:a5:71:34:8a:ca:
         8f:71:cf:99
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+6xTAMy3+dEgcyndUZ2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTU0ZWNmNzJlNDVlZmFiZGMyNTdmOGFkZTRlZWY3YjVhZDk5NGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xYGPf3IakrjQ7UBPZ2P/EYLvDs2
Z2eP13e0B1mvXGoJWK42yjxBpLNyUCK/wisfJTljHcf8Z67Ztxg6ywdCSRxE9TZ9
cDhClvOtfS10P6l4Bn5NTuj0Y2GMrvS+mW41vicXpYJGisFq4yNsb+JX0/Qrqhde
bVkDsVSJK6vdyxu+GndAFxJ9NjSkZl294bzQjq69IbCMn1Fslclq1qJqywfHxY4T
E9FCXuQiqOh14uR2TT+tHkK30jqg18W9qguC+/YfuBoSAlbfNfElQfCzy+KcHwGZ
8+uCoP+KJcvH+RqovcJUuLRpiHrUhXYoNPhap2AWHrMzSsVqZTxS/dshYwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOFU7PcuRe+r3CV/it5O73ta2ZT4MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvNFZUczl5NUY3NnZjSlgtSzNrN3ZlMXJabFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAI+wembtzQ6LRXJZgGAC4+C50Ky9GAsE
Lce7QzC5aI3JqSMCBYVPnplttzQpYPaT+rsgJklWJdH2uXEnVVUGMYtzp3TBClkb
R6dC78eO5uPEuDGjk3qPN5mPC0YIe5UDz9VXWXkQmZTAi5xPzgx4Zj06OAVqacre
Zf+kp0Gnzga4xmeQbMmqcYRXn1TcNuzPVJOMIWbAOsE57rrgq//3rGgrNGyALeQs
nrUiL33MCUkzCTvHSoIghac8QuHa2AwU+JcN2XK2ccTYTzDVSytLapkatWY9ChoR
ApHqotSSacItRoNp08aIYF+JXYp0MkBZKVOA+NSu7pWlcTSKyo9xz5k=
-----END CERTIFICATE-----