Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7Zq6FstREGVYhVHhFOaWQGVmBQw.roa
File:                     7Zq6FstREGVYhVHhFOaWQGVmBQw.roa (raw, json)
Hash identifier:          H73KQaDCD4hekM9p6lQF1s28+g9gWlpfi95yFmZo2CA=
Subject key identifier:   ED:9A:BA:16:CB:51:10:65:58:85:51:E1:14:E6:96:40:65:66:05:0C
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBC082BD5E84BFFFDE1A6DF2D24738
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7Zq6FstREGVYhVHhFOaWQGVmBQw.roa
Signing time:             Wed 01 Jan 2025 17:48:31 +0000
ROA not before:           Wed 01 Jan 2025 17:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396561
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c0:82:bd:5e:84:bf:ff:de:1a:6d:f2:d2:47:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed9aba16cb511065588551e114e696406566050c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e5:d2:3c:8e:78:56:0e:72:a3:85:d7:a5:dd:
                    15:6b:4b:01:fe:a8:25:a5:46:24:d3:99:fc:28:2b:
                    39:19:e4:a4:84:25:84:00:14:1e:f4:94:17:41:69:
                    f2:64:12:aa:1b:aa:89:8d:26:ee:3f:1c:cb:e7:fb:
                    b8:63:dd:b5:ea:fd:46:08:fb:d9:fb:93:29:6c:8c:
                    76:00:f3:78:24:c6:1a:be:06:41:93:92:f6:dd:10:
                    54:90:cf:5a:8d:33:df:d9:b5:b1:35:e9:b6:09:f5:
                    3b:bc:ef:71:17:eb:f7:82:ba:be:b3:c4:09:cb:97:
                    67:f1:d9:93:76:7c:8a:5a:50:03:ef:7c:c8:9f:44:
                    eb:6f:c0:8d:d6:53:f1:c3:08:1b:6f:8b:7f:0c:64:
                    70:ff:0f:4e:3a:82:8b:c1:7a:5b:1b:a8:c1:1f:1d:
                    b8:7a:89:4b:e6:d7:f6:7b:37:a6:ad:3f:7c:85:2a:
                    d3:52:95:44:17:5e:18:bc:d6:da:41:68:b0:03:ee:
                    30:16:c5:46:a7:72:21:ea:ef:65:59:a7:6f:3d:1a:
                    45:a7:1b:e9:94:9b:3e:da:6e:03:f2:03:8b:42:d8:
                    84:c3:f5:f3:5e:68:9c:f3:26:cd:95:1d:2f:ff:2e:
                    67:88:12:37:d1:bb:69:14:cb:a7:66:5b:69:07:5d:
                    1d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9A:BA:16:CB:51:10:65:58:85:51:E1:14:E6:96:40:65:66:05:0C
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7Zq6FstREGVYhVHhFOaWQGVmBQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         31:43:f7:79:e1:85:90:1e:54:8e:fe:12:a9:af:ce:ce:c1:fc:
         0d:0b:1d:cf:71:ed:df:fb:b2:8f:5a:0c:89:90:4c:b2:eb:99:
         c6:86:c4:fb:b9:2e:86:3c:2c:97:7e:c7:0b:1d:86:f1:9a:49:
         82:4a:81:34:5c:51:50:08:84:a4:71:d6:b5:06:4c:9d:74:0e:
         18:5b:66:d1:80:ee:d4:3b:a2:23:b2:16:84:de:0d:52:4a:4c:
         41:1e:ad:8d:2b:73:95:5d:ac:a3:9f:27:ca:93:61:43:fe:dd:
         29:50:66:0b:9d:ef:58:ec:0a:26:9a:ef:f1:37:87:2f:50:23:
         87:a8:2f:32:1c:88:a4:6a:54:16:66:64:0d:d5:8d:c5:c0:44:
         af:b6:0a:67:04:dd:15:66:12:0f:e7:a0:9d:b3:62:1e:34:ac:
         4d:ff:be:47:ab:3d:61:05:59:de:e8:8c:77:76:d8:be:2c:b6:
         71:6e:34:59:ec:51:a1:f3:6a:48:10:68:0e:9e:d9:1c:62:ad:
         5a:1f:23:fd:fa:27:1c:11:8e:8e:8b:56:73:33:01:44:e4:ba:
         3b:d4:91:36:3b:0a:33:76:de:cc:b5:96:78:b2:d9:89:54:0e:
         cf:5b:7a:68:90:9d:fe:32:b7:c2:3d:e6:57:fd:e1:78:a0:69:
         d7:ee:56:9e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+8CCvV6Ev//eGm3y0kc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDlhYmExNmNiNTExMDY1NTg4NTUxZTExNGU2OTY0MDY1NjYwNTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuXSPI54Vg5yo4XXpd0Va0sB/qgl
pUYk05n8KCs5GeSkhCWEABQe9JQXQWnyZBKqG6qJjSbuPxzL5/u4Y9216v1GCPvZ
+5MpbIx2APN4JMYavgZBk5L23RBUkM9ajTPf2bWxNem2CfU7vO9xF+v3grq+s8QJ
y5dn8dmTdnyKWlAD73zIn0Trb8CN1lPxwwgbb4t/DGRw/w9OOoKLwXpbG6jBHx24
eolL5tf2ezemrT98hSrTUpVEF14YvNbaQWiwA+4wFsVGp3Ih6u9lWadvPRpFpxvp
lJs+2m4D8gOLQtiEw/XzXmic8ybNlR0v/y5niBI30btpFMunZltpB10dyQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO2auhbLURBlWIVR4RTmlkBlZgUMMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvN1pxNkZzdFJFR1ZZaFZIaEZPYVdRR1ZtQlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBADFD93nhhZAeVI7+Eqmvzs7B/A0LHc9x
7d/7so9aDImQTLLrmcaGxPu5LoY8LJd+xwsdhvGaSYJKgTRcUVAIhKRx1rUGTJ10
DhhbZtGA7tQ7oiOyFoTeDVJKTEEerY0rc5VdrKOfJ8qTYUP+3SlQZgud71jsCiaa
7/E3hy9QI4eoLzIciKRqVBZmZA3VjcXARK+2CmcE3RVmEg/noJ2zYh40rE3/vker
PWEFWd7ojHd22L4stnFuNFnsUaHzakgQaA6e2RxirVofI/36JxwRjo6LVnMzAUTk
ujvUkTY7CjN23sy1lniy2YlUDs9bemiQnf4yt8I95lf94XigadfuVp4=
-----END CERTIFICATE-----