Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/5IFexsb95z1GxD5yEf3Ivj6pp-k.roa
File:                     5IFexsb95z1GxD5yEf3Ivj6pp-k.roa (raw, json)
Hash identifier:          u2MNWj9Pz935M+nfPdJeuf26auyKW9S6C8gCyUYh0rI=
Subject key identifier:   E4:81:5E:C6:C6:FD:E7:3D:46:C4:3E:72:11:FD:C8:BE:3E:A9:A7:E9
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F625043B744243DCC801C9D84492E21
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/5IFexsb95z1GxD5yEf3Ivj6pp-k.roa
Signing time:             Tue 25 Jun 2024 12:32:41 +0000
ROA not before:           Tue 25 Jun 2024 12:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396567
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:50:43:b7:44:24:3d:cc:80:1c:9d:84:49:2e:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4815ec6c6fde73d46c43e7211fdc8be3ea9a7e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:76:70:90:dc:a0:03:8c:be:62:93:c4:44:ce:
                    78:bc:e9:bf:ea:a5:a2:ba:b4:fe:88:01:d0:3d:96:
                    91:95:a2:d3:af:a8:bc:b7:d1:5a:84:2b:b6:5a:f6:
                    76:7d:1e:de:e0:8b:02:6c:56:47:f3:3a:23:b1:0d:
                    68:27:c7:79:76:a7:6d:2f:3c:cc:40:1d:1d:a5:ab:
                    46:e2:5f:70:05:8f:95:17:b7:0f:49:30:8a:62:1e:
                    a2:2e:b6:72:93:14:a6:25:31:a2:d5:dc:e9:59:ca:
                    53:a9:7d:4e:81:3c:70:52:dd:fa:02:b3:61:a7:5e:
                    72:4c:c8:79:e2:ac:fa:eb:19:cd:9f:d9:c6:42:60:
                    b5:5d:68:b5:f3:65:98:6b:f0:ff:c5:42:d0:e5:f5:
                    bf:af:4f:8d:e3:3b:36:e1:de:03:e8:e1:b4:e2:5e:
                    26:31:21:f6:5b:e6:ff:b6:61:97:67:b6:89:74:bf:
                    fd:48:54:2a:60:3c:7b:23:24:83:5c:36:3a:0e:0a:
                    af:d4:af:c0:9e:34:28:98:89:11:cd:8d:d5:ed:44:
                    0c:af:3c:9c:9a:c2:9f:6e:0a:15:34:ae:34:93:0a:
                    13:f2:dd:73:68:42:8d:34:d0:06:1c:e7:b1:4e:5b:
                    c6:e5:b9:4f:50:74:1e:b3:9e:67:f0:1e:63:ba:8e:
                    8d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:81:5E:C6:C6:FD:E7:3D:46:C4:3E:72:11:FD:C8:BE:3E:A9:A7:E9
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/5IFexsb95z1GxD5yEf3Ivj6pp-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         8a:36:64:f3:5a:f8:ba:fb:d1:02:c2:25:74:3a:fc:9f:a2:32:
         f8:b2:60:61:b6:6d:b3:32:c7:46:80:2a:8d:55:ce:2b:0f:7b:
         74:69:90:1f:03:62:d4:b5:94:44:11:a4:09:13:cc:a2:1c:f9:
         d8:ee:f7:5d:7d:11:5f:e3:dc:06:06:88:e5:1d:81:d4:b2:9b:
         55:52:ac:46:44:e6:61:73:ab:8e:76:a0:02:59:04:61:fe:13:
         1f:65:4a:20:f2:81:ec:0e:65:cf:69:63:f9:bf:1d:fb:3d:0e:
         50:9c:71:c9:c2:6b:17:71:3d:4b:55:0f:14:c4:e6:fa:cc:60:
         bc:de:70:5d:d7:46:e7:59:e2:b2:86:60:a6:4e:1c:eb:85:bf:
         4c:b2:e2:8c:d3:c2:5d:3f:f4:03:a6:56:30:b0:c0:4f:03:de:
         49:1c:ed:3c:b4:7b:5b:b8:b6:d4:f6:32:f4:14:12:0d:1f:6d:
         a2:00:ec:1e:62:48:60:bb:e5:93:48:03:e8:7e:0c:52:64:b5:
         10:72:db:6d:af:37:bd:1f:5e:60:6b:c8:5e:43:0b:af:1e:54:
         90:02:54:5e:ba:03:b5:aa:0f:89:48:d5:29:de:90:dd:73:1e:
         46:44:39:cb:9b:10:5c:c9:8e:f7:dc:ce:bb:fb:03:3f:a3:28:
         4e:7b:fd:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYlBDt0QkPcyAHJ2ESS4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDgxNWVjNmM2ZmRlNzNkNDZjNDNlNzIxMWZkYzhiZTNlYTlhN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHZwkNygA4y+YpPERM54vOm/6qWi
urT+iAHQPZaRlaLTr6i8t9FahCu2WvZ2fR7e4IsCbFZH8zojsQ1oJ8d5dqdtLzzM
QB0dpatG4l9wBY+VF7cPSTCKYh6iLrZykxSmJTGi1dzpWcpTqX1OgTxwUt36ArNh
p15yTMh54qz66xnNn9nGQmC1XWi182WYa/D/xULQ5fW/r0+N4zs24d4D6OG04l4m
MSH2W+b/tmGXZ7aJdL/9SFQqYDx7IySDXDY6Dgqv1K/AnjQomIkRzY3V7UQMrzyc
msKfbgoVNK40kwoT8t1zaEKNNNAGHOexTlvG5blPUHQes55n8B5juo6N7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOSBXsbG/ec9RsQ+chH9yL4+qafpMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvNUlGZXhzYjk1ejFHeEQ1eUVmM0l2ajZwcC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAijZk81r4uvvRAsIldDr8n6Iy+LJgYbZtszLHRoAq
jVXOKw97dGmQHwNi1LWURBGkCRPMohz52O73XX0RX+PcBgaI5R2B1LKbVVKsRkTm
YXOrjnagAlkEYf4TH2VKIPKB7A5lz2lj+b8d+z0OUJxxycJrF3E9S1UPFMTm+sxg
vN5wXddG51nisoZgpk4c64W/TLLijNPCXT/0A6ZWMLDATwPeSRztPLR7W7i21PYy
9BQSDR9togDsHmJIYLvlk0gD6H4MUmS1EHLbba83vR9eYGvIXkMLrx5UkAJUXroD
taoPiUjVKd6Q3XMeRkQ5y5sQXMmO99zOu/sDP6MoTnv9KQ==
-----END CERTIFICATE-----