Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/4sb2A0LkFX16irc84KlcQcj-5rU.roa
File:                     4sb2A0LkFX16irc84KlcQcj-5rU.roa (raw, json)
Hash identifier:          FbJsqlI/DJasdSIZCQJp11r0R5QXD3pixoj3FmJn3CA=
Subject key identifier:   E2:C6:F6:03:42:E4:15:7D:7A:8A:B7:3C:E0:A9:5C:41:C8:FE:E6:B5
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F623E46380B3868E4D1DC923F62FD72
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/4sb2A0LkFX16irc84KlcQcj-5rU.roa
Signing time:             Tue 25 Jun 2024 12:32:36 +0000
ROA not before:           Tue 25 Jun 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36628
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:3e:46:38:0b:38:68:e4:d1:dc:92:3f:62:fd:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2c6f60342e4157d7a8ab73ce0a95c41c8fee6b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:82:81:16:58:69:5d:d0:e4:a3:2d:2b:1d:93:
                    f3:39:fd:bc:39:28:e8:40:df:27:1b:51:c1:c9:2a:
                    f0:4c:e5:c4:78:cc:fa:89:31:e5:94:b3:0b:f3:6c:
                    da:c2:26:c3:fc:23:f4:73:80:e7:1a:e5:af:56:5e:
                    e9:36:02:07:7f:02:0f:61:e5:5a:8c:a3:48:c0:f1:
                    5f:72:61:5f:f9:0f:a7:75:40:19:6b:e0:d0:80:23:
                    cf:77:ff:3a:63:8e:4d:48:26:4c:43:d1:42:7c:cf:
                    c1:1c:8e:2f:28:9c:9e:91:5d:8a:c2:32:9e:71:3d:
                    96:0d:a8:f3:29:e5:58:59:0f:6b:2e:40:a9:99:a3:
                    73:b4:59:22:70:97:50:86:d9:28:c4:61:f4:a3:a8:
                    87:e0:53:53:cf:2f:1b:f0:74:b3:8c:33:b0:fa:0a:
                    65:f1:73:c3:39:f1:ee:2d:97:12:f9:d3:ac:b1:eb:
                    c2:96:54:7c:48:e9:aa:24:79:4c:27:6e:93:02:00:
                    a5:4d:18:9e:fc:03:b8:e7:44:67:96:6c:44:fe:d3:
                    e7:a7:81:a5:13:3b:f8:f9:99:d6:fb:ca:50:28:86:
                    ba:2d:16:bf:0b:54:d6:bd:b7:32:d9:1c:67:4c:38:
                    87:b1:9e:ae:c3:1a:9a:48:ec:5d:8d:13:f7:ff:aa:
                    29:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C6:F6:03:42:E4:15:7D:7A:8A:B7:3C:E0:A9:5C:41:C8:FE:E6:B5
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/4sb2A0LkFX16irc84KlcQcj-5rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         b1:72:dc:15:7a:7c:f4:4d:6b:dc:eb:c0:ed:7d:21:51:25:d2:
         8c:a9:3e:53:87:14:b9:ec:59:f5:76:b7:a3:3f:b9:33:84:aa:
         fa:05:a1:ee:43:59:50:47:c8:c0:93:e8:61:c2:a6:ac:4f:34:
         99:de:bf:53:65:1a:1b:bd:a9:67:73:f1:54:2c:43:c8:66:17:
         a6:7d:56:70:e5:b1:5f:41:6e:59:69:7d:3a:7b:a2:ea:b6:c8:
         16:b5:e5:45:0d:87:80:4e:dc:7a:30:54:e2:1b:d8:c4:71:4d:
         c9:36:2e:d3:65:a2:eb:1f:86:a3:e8:a0:21:50:1e:2f:76:ad:
         63:82:a4:e8:ee:e2:ce:3e:8c:9c:31:23:50:b9:4d:9e:27:28:
         45:5d:fb:52:e6:c3:f1:97:7e:74:99:89:fd:bf:1f:1f:c8:a6:
         f0:7b:fa:d6:1f:66:33:4e:3c:3f:35:29:79:2d:ef:49:62:96:
         d0:54:84:b1:d5:c7:77:7c:70:04:cf:62:a5:49:a5:00:61:bc:
         6b:30:15:8e:9f:95:2a:d2:fa:17:d5:a3:10:79:5e:80:8c:c6:
         42:80:97:a3:b1:97:af:4a:8d:b0:c1:8e:94:7e:8b:91:16:87:
         cc:5c:0c:ec:f2:75:ed:c2:66:bb:c5:7d:35:80:25:6d:62:66:
         07:eb:84:d4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYj5GOAs4aOTR3JI/Yv1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM2ZjYwMzQyZTQxNTdkN2E4YWI3M2NlMGE5NWM0MWM4ZmVlNmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oKBFlhpXdDkoy0rHZPzOf28OSjo
QN8nG1HBySrwTOXEeMz6iTHllLML82zawibD/CP0c4DnGuWvVl7pNgIHfwIPYeVa
jKNIwPFfcmFf+Q+ndUAZa+DQgCPPd/86Y45NSCZMQ9FCfM/BHI4vKJyekV2KwjKe
cT2WDajzKeVYWQ9rLkCpmaNztFkicJdQhtkoxGH0o6iH4FNTzy8b8HSzjDOw+gpl
8XPDOfHuLZcS+dOssevCllR8SOmqJHlMJ26TAgClTRie/AO450RnlmxE/tPnp4Gl
Ezv4+ZnW+8pQKIa6LRa/C1TWvbcy2RxnTDiHsZ6uwxqaSOxdjRP3/6opnwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOLG9gNC5BV9eoq3POCpXEHI/ua1MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvNHNiMkEwTGtGWDE2aXJjODRLbGNRY2otNXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAsXLcFXp89E1r3OvA7X0hUSXSjKk+U4cUuexZ9Xa3
oz+5M4Sq+gWh7kNZUEfIwJPoYcKmrE80md6/U2UaG72pZ3PxVCxDyGYXpn1WcOWx
X0FuWWl9Onui6rbIFrXlRQ2HgE7cejBU4hvYxHFNyTYu02Wi6x+Go+igIVAeL3at
Y4Kk6O7izj6MnDEjULlNnicoRV37UubD8Zd+dJmJ/b8fH8im8Hv61h9mM048PzUp
eS3vSWKW0FSEsdXHd3xwBM9ipUmlAGG8azAVjp+VKtL6F9WjEHlegIzGQoCXo7GX
r0qNsMGOlH6LkRaHzFwM7PJ17cJmu8V9NYAlbWJmB+uE1A==
-----END CERTIFICATE-----