Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/856BwOTgY54zgyEapXLfZQYOlm4.roa
File:                     856BwOTgY54zgyEapXLfZQYOlm4.roa (raw, json)
Hash identifier:          NnEm3l0uBkNW6uXPrys3Dj8OBkN87JWuxeFrc7/ahtQ=
Subject key identifier:   F3:9E:81:C0:E4:E0:63:9E:33:83:21:1A:A5:72:DF:65:06:0E:96:6E
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F62525C94D62E1ECF19DF9F3D4956D4
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/856BwOTgY54zgyEapXLfZQYOlm4.roa
Signing time:             Tue 25 Jun 2024 12:32:41 +0000
ROA not before:           Tue 25 Jun 2024 12:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396571
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:52:5c:94:d6:2e:1e:cf:19:df:9f:3d:49:56:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f39e81c0e4e0639e3383211aa572df65060e966e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d3:60:5b:bc:35:71:ea:48:ab:92:8a:86:9d:
                    18:8f:58:43:67:34:93:4a:c7:92:2e:c2:eb:22:e6:
                    b1:a8:58:42:e8:92:22:e8:c6:a6:5d:cd:fb:64:4f:
                    0d:b3:b5:b1:87:c5:1d:cd:b2:36:22:1d:f3:33:f7:
                    e0:81:99:e6:6b:0c:15:b5:52:de:1b:6d:36:35:09:
                    b7:a1:2c:cb:b2:2f:b3:ee:61:80:51:4a:37:3e:80:
                    bb:5c:82:c1:69:c0:b1:b9:9c:01:0f:63:e4:59:68:
                    ad:43:3c:f0:e1:d2:22:7c:38:08:de:d4:2c:49:b9:
                    2e:b8:06:a5:cd:66:b6:6b:26:e7:12:bd:39:43:02:
                    5f:73:fc:85:69:14:57:4d:1a:58:5e:c0:3f:34:de:
                    52:d7:e7:b9:7c:f6:4c:48:26:e0:85:5a:97:aa:bc:
                    bf:ee:3f:68:ee:bf:40:cd:e6:95:39:13:75:10:cf:
                    09:1a:d8:8b:8a:09:ba:47:33:90:e1:51:90:30:24:
                    e9:60:04:20:08:8d:6a:84:77:fe:89:54:06:c5:5c:
                    a1:da:b3:6b:f2:39:4f:b6:d7:cd:1f:4f:99:ac:6e:
                    cd:c7:24:16:f3:8d:e0:c7:57:04:cf:fd:b8:5e:8e:
                    81:aa:d6:05:c4:64:5e:13:7d:66:ec:99:55:eb:25:
                    d1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:9E:81:C0:E4:E0:63:9E:33:83:21:1A:A5:72:DF:65:06:0E:96:6E
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/856BwOTgY54zgyEapXLfZQYOlm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         b3:32:6e:82:13:17:6e:77:95:43:db:56:71:46:73:07:11:28:
         bb:1a:af:73:24:57:7c:f7:d7:8b:49:59:80:26:80:fe:ae:c0:
         f7:44:86:23:00:3e:7e:19:06:c6:08:68:4b:de:cf:dd:eb:54:
         07:58:a4:99:2b:0c:71:ce:16:f8:1b:2b:de:0d:aa:14:b8:f3:
         a1:bd:b4:cf:f2:8e:85:ac:cb:e2:22:fc:ba:0c:cb:a4:ea:74:
         2c:8a:d4:e3:96:e8:2b:77:20:02:db:c6:e6:08:6b:5f:d9:6e:
         f6:b2:a7:79:60:ee:36:1c:f8:13:10:1f:9f:32:7d:ef:6d:17:
         d0:24:21:ba:82:57:e3:d3:87:d9:62:a8:ed:bb:64:6e:24:5f:
         50:e7:4a:3d:57:72:4d:3b:7e:ce:7a:38:73:83:94:86:e3:5c:
         ea:2d:bc:a4:82:9a:86:36:56:5a:5b:c0:71:13:ca:0a:cc:7d:
         bb:10:71:c8:75:2d:6e:66:59:3a:cc:7b:53:a9:6d:23:3e:c5:
         15:24:85:9b:f6:d6:33:74:d1:2f:ad:40:53:8f:4e:60:64:fe:
         1a:83:0f:df:fe:f1:93:e2:66:cd:ae:07:d0:d7:09:c1:a5:29:
         32:31:62:f0:05:3e:bb:11:f2:6e:66:12:1e:72:d8:e7:1d:77:
         b5:a1:d9:3e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYlJclNYuHs8Z3589SVbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzllODFjMGU0ZTA2MzllMzM4MzIxMWFhNTcyZGY2NTA2MGU5NjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNNgW7w1cepIq5KKhp0Yj1hDZzST
SseSLsLrIuaxqFhC6JIi6MamXc37ZE8Ns7Wxh8UdzbI2Ih3zM/fggZnmawwVtVLe
G202NQm3oSzLsi+z7mGAUUo3PoC7XILBacCxuZwBD2PkWWitQzzw4dIifDgI3tQs
SbkuuAalzWa2aybnEr05QwJfc/yFaRRXTRpYXsA/NN5S1+e5fPZMSCbghVqXqry/
7j9o7r9AzeaVORN1EM8JGtiLigm6RzOQ4VGQMCTpYAQgCI1qhHf+iVQGxVyh2rNr
8jlPttfNH0+ZrG7NxyQW843gx1cEz/24Xo6BqtYFxGReE31m7JlV6yXRYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPOegcDk4GOeM4MhGqVy32UGDpZuMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvODU2QndPVGdZNTR6Z3lFYXBYTGZaUVlPbG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAszJughMXbneVQ9tWcUZzBxEouxqvcyRXfPfXi0lZ
gCaA/q7A90SGIwA+fhkGxghoS97P3etUB1ikmSsMcc4W+Bsr3g2qFLjzob20z/KO
hazL4iL8ugzLpOp0LIrU45boK3cgAtvG5ghrX9lu9rKneWDuNhz4ExAfnzJ9720X
0CQhuoJX49OH2WKo7btkbiRfUOdKPVdyTTt+zno4c4OUhuNc6i28pIKahjZWWlvA
cRPKCsx9uxBxyHUtbmZZOsx7U6ltIz7FFSSFm/bWM3TRL61AU49OYGT+GoMP3/7x
k+Jmza4H0NcJwaUpMjFi8AU+uxHybmYSHnLY5x13taHZPg==
-----END CERTIFICATE-----