Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7UNuRSy7SpKvlnXBACOe7sJloyg.roa
File:                     7UNuRSy7SpKvlnXBACOe7sJloyg.roa (raw, json)
Hash identifier:          WvFlQzZEGQCpnJ6muH37ZYX7vQFPJjXUpKJOpaDXdaM=
Subject key identifier:   ED:43:6E:45:2C:BB:4A:92:AF:96:75:C1:00:23:9E:EE:C2:65:A3:28
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBB0B102179478EC310EC25CA48B9A
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7UNuRSy7SpKvlnXBACOe7sJloyg.roa
Signing time:             Wed 01 Jan 2025 17:48:27 +0000
ROA not before:           Wed 01 Jan 2025 17:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36619
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b0:b1:02:17:94:78:ec:31:0e:c2:5c:a4:8b:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed436e452cbb4a92af9675c100239eeec265a328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:62:8e:af:cf:9c:3d:c5:25:fa:40:69:22:6e:
                    48:74:b6:56:30:c2:87:9c:00:07:67:a1:8c:f3:ea:
                    56:d4:16:62:5a:df:01:4f:79:48:cf:7c:a7:a8:86:
                    01:cc:90:b5:10:4a:74:97:98:a8:00:2c:9a:90:dd:
                    02:9a:9f:18:1c:bb:1f:aa:f7:9d:15:34:7b:96:17:
                    ea:b2:c6:8c:a1:fa:07:0a:c8:77:32:e3:a8:8e:2e:
                    60:2c:2c:7e:8a:17:df:18:5e:a5:ce:38:03:74:bf:
                    9d:79:ea:dc:46:76:84:bf:b2:76:aa:e7:32:c8:51:
                    d4:96:4e:85:6c:51:79:19:ca:0d:1c:30:c2:a4:7f:
                    9b:a7:22:59:00:b5:bb:5a:0a:03:a0:e8:74:69:4c:
                    2f:53:50:57:dc:f2:5f:a4:8e:0e:b1:65:a9:8c:33:
                    79:ba:0d:27:54:76:5d:45:73:2b:3c:76:1d:ff:28:
                    32:6f:76:fd:5b:c0:38:e6:8f:ef:5e:31:da:e2:69:
                    d0:88:5f:3c:54:af:fe:e6:d7:a7:ce:ba:72:ea:6e:
                    34:02:a0:77:15:6b:6a:03:aa:db:40:52:74:93:11:
                    7f:ba:4e:34:d1:5f:e3:a6:d6:57:02:19:84:9a:e4:
                    e3:ba:5e:c0:e0:80:cb:63:02:ce:99:2f:30:83:79:
                    c6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:43:6E:45:2C:BB:4A:92:AF:96:75:C1:00:23:9E:EE:C2:65:A3:28
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7UNuRSy7SpKvlnXBACOe7sJloyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         51:8c:97:f9:2b:9a:0a:1e:41:21:17:dd:12:e5:38:2a:a0:04:
         8e:dd:d0:3e:20:61:6e:c0:15:bc:a4:d7:0b:f0:d8:86:d0:18:
         12:c3:b2:10:60:7e:b7:32:d8:6e:d2:89:d6:a9:20:35:75:78:
         bc:08:5f:5e:7f:cc:24:11:d4:78:9d:a7:88:ed:93:3d:cc:f2:
         dd:89:d1:5f:db:31:b6:00:26:3f:b0:a4:2a:29:5e:75:8d:f0:
         23:9e:62:cf:55:b3:cd:d8:86:bf:bf:9d:f2:7a:41:7d:79:c8:
         49:ea:2a:cd:fc:bb:d4:5d:34:77:98:d1:c1:19:1a:06:ab:39:
         9b:3e:25:11:fe:11:91:fc:66:c3:d9:6b:8c:25:b0:6e:df:58:
         b5:a6:52:de:dd:1f:7d:19:5b:4d:36:cc:1a:a5:75:ee:b7:76:
         0c:ce:c5:71:7c:76:da:1b:e8:1d:ce:bd:dc:78:55:75:74:9e:
         dc:cb:bf:c9:49:1c:31:1e:d3:28:68:e6:5b:58:b4:25:b8:72:
         62:07:37:b6:6d:38:0a:ea:e5:dc:29:bf:bd:6c:d5:82:e3:56:
         66:cd:c6:d0:ac:9e:1a:ce:19:0a:a6:72:08:a0:87:00:1c:82:
         a0:49:0d:36:ba:74:ea:94:16:e1:9d:5e:a0:58:70:b7:25:b9:
         77:42:4c:0f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+7CxAheUeOwxDsJcpIuaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQzNmU0NTJjYmI0YTkyYWY5Njc1YzEwMDIzOWVlZWMyNjVhMzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmKOr8+cPcUl+kBpIm5IdLZWMMKH
nAAHZ6GM8+pW1BZiWt8BT3lIz3ynqIYBzJC1EEp0l5ioACyakN0Cmp8YHLsfqved
FTR7lhfqssaMofoHCsh3MuOoji5gLCx+ihffGF6lzjgDdL+deercRnaEv7J2qucy
yFHUlk6FbFF5GcoNHDDCpH+bpyJZALW7WgoDoOh0aUwvU1BX3PJfpI4OsWWpjDN5
ug0nVHZdRXMrPHYd/ygyb3b9W8A45o/vXjHa4mnQiF88VK/+5tenzrpy6m40AqB3
FWtqA6rbQFJ0kxF/uk400V/jptZXAhmEmuTjul7A4IDLYwLOmS8wg3nGNQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO1DbkUsu0qSr5Z1wQAjnu7CZaMoMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvN1VOdVJTeTdTcEt2bG5YQkFDT2U3c0psb3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAFGMl/krmgoeQSEX3RLlOCqgBI7d0D4g
YW7AFbyk1wvw2IbQGBLDshBgfrcy2G7SidapIDV1eLwIX15/zCQR1Hidp4jtkz3M
8t2J0V/bMbYAJj+wpCopXnWN8COeYs9Vs83Yhr+/nfJ6QX15yEnqKs38u9RdNHeY
0cEZGgarOZs+JRH+EZH8ZsPZa4wlsG7fWLWmUt7dH30ZW002zBqlde63dgzOxXF8
dtob6B3Ovdx4VXV0ntzLv8lJHDEe0yho5ltYtCW4cmIHN7ZtOArq5dwpv71s1YLj
VmbNxtCsnhrOGQqmcgighwAcgqBJDTa6dOqUFuGdXqBYcLcluXdCTA8=
-----END CERTIFICATE-----