Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/9q38s8X82NbyUWgxLFpB4ktoCV0.roa
File:                     9q38s8X82NbyUWgxLFpB4ktoCV0.roa (raw, json)
Hash identifier:          bTAvkBNqKrTLUEFcoZwrn8WH4MP6NmrLRYCxFOj3Rgc=
Subject key identifier:   F6:AD:FC:B3:C5:FC:D8:D6:F2:51:68:31:2C:5A:41:E2:4B:68:09:5D
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F623AB4174474A4E0ECAB1C4766AB80
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/9q38s8X82NbyUWgxLFpB4ktoCV0.roa
Signing time:             Tue 25 Jun 2024 12:32:35 +0000
ROA not before:           Tue 25 Jun 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36620
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:3a:b4:17:44:74:a4:e0:ec:ab:1c:47:66:ab:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6adfcb3c5fcd8d6f25168312c5a41e24b68095d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:18:6d:6a:ba:5d:44:e6:f2:5f:45:a4:b6:be:
                    08:66:2b:c5:56:1f:54:25:b2:68:9c:76:9a:78:ff:
                    5d:70:b2:22:e8:49:bf:0f:4d:ea:89:02:4a:3b:b4:
                    9b:c6:b2:1d:95:32:68:3f:35:0f:71:d5:cd:bf:fe:
                    ff:67:95:63:a3:df:e4:2d:36:ee:7a:d9:a9:0a:65:
                    2a:dd:e6:8c:4a:9e:22:b9:7a:fb:6c:00:97:7a:d4:
                    23:7f:f3:47:79:b7:56:ff:45:84:92:98:0e:b1:5c:
                    aa:89:4b:d9:8c:ab:0b:32:ca:53:d7:e0:d4:ad:c6:
                    01:61:90:e5:6b:f7:1a:70:15:40:0d:75:14:7b:9d:
                    09:8e:ef:62:ad:f5:90:94:34:53:fa:b2:57:61:40:
                    24:55:7c:0b:75:01:b6:b3:31:27:0d:c9:55:22:ad:
                    58:0b:d0:7d:16:e2:c6:d9:f9:e0:03:a2:26:2a:00:
                    75:42:28:03:a2:c0:a8:57:e0:1a:2e:d1:82:f8:6c:
                    23:d8:b2:19:02:e6:93:86:01:72:59:cc:09:9a:4c:
                    26:dc:31:99:48:bc:95:70:15:ec:72:77:5a:81:75:
                    21:72:33:29:1e:c8:be:48:39:07:0d:f2:a2:ab:a5:
                    5d:b5:8c:9e:8d:21:92:5e:79:95:68:f5:ff:a0:c3:
                    7a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:AD:FC:B3:C5:FC:D8:D6:F2:51:68:31:2C:5A:41:E2:4B:68:09:5D
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/9q38s8X82NbyUWgxLFpB4ktoCV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         87:7e:b1:a4:91:e4:d4:b0:bc:83:d6:cb:6a:d8:63:02:f1:85:
         75:54:bd:af:e2:3b:81:59:40:5a:a1:cd:8b:ea:4f:36:1e:e2:
         ba:5e:31:f3:d3:1a:14:a0:2a:d7:4c:b1:41:9e:50:4a:d5:25:
         82:51:85:70:ed:b2:76:7d:3e:3e:82:29:b7:74:25:e1:21:03:
         6d:1e:ea:13:6a:38:22:c2:c1:36:b2:c5:b7:81:19:7c:1e:e6:
         68:fc:85:43:5d:63:b3:e9:e2:60:ba:bf:98:fa:e5:25:0d:95:
         43:ac:49:1f:fa:a0:c3:a9:65:47:1f:46:0b:a3:45:47:f1:df:
         87:c5:d2:5a:c5:51:22:1e:07:f6:d6:e7:11:d9:d5:a3:e1:ef:
         81:f9:c8:82:f8:de:46:07:45:e3:ac:30:ba:22:7c:38:0d:e9:
         81:29:99:38:54:da:78:6f:6b:a3:5c:74:4a:e4:7f:c6:b2:1d:
         fc:67:a2:f0:27:d3:60:f2:0e:9d:08:ad:25:11:74:5a:92:5d:
         97:a0:ec:03:30:26:91:6e:91:9c:17:df:4a:68:2b:3b:3a:c5:
         20:b4:1f:fe:58:a4:3c:41:08:e6:02:2b:79:e8:19:91:31:12:
         d1:3e:5e:8c:fe:87:d0:d1:41:7b:1f:4f:84:f7:4a:f7:35:b3:
         87:d4:7f:19
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYjq0F0R0pODsqxxHZquAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmFkZmNiM2M1ZmNkOGQ2ZjI1MTY4MzEyYzVhNDFlMjRiNjgwOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhhtarpdRObyX0Wktr4IZivFVh9U
JbJonHaaeP9dcLIi6Em/D03qiQJKO7SbxrIdlTJoPzUPcdXNv/7/Z5Vjo9/kLTbu
etmpCmUq3eaMSp4iuXr7bACXetQjf/NHebdW/0WEkpgOsVyqiUvZjKsLMspT1+DU
rcYBYZDla/cacBVADXUUe50Jju9irfWQlDRT+rJXYUAkVXwLdQG2szEnDclVIq1Y
C9B9FuLG2fngA6ImKgB1QigDosCoV+AaLtGC+Gwj2LIZAuaThgFyWcwJmkwm3DGZ
SLyVcBXscndagXUhcjMpHsi+SDkHDfKiq6VdtYyejSGSXnmVaPX/oMN6/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPat/LPF/NjW8lFoMSxaQeJLaAldMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvOXEzOHM4WDgyTmJ5VVdneExGcEI0a3RvQ1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAh36xpJHk1LC8g9bLathjAvGFdVS9r+I7gVlAWqHN
i+pPNh7iul4x89MaFKAq10yxQZ5QStUlglGFcO2ydn0+PoIpt3Ql4SEDbR7qE2o4
IsLBNrLFt4EZfB7maPyFQ11js+niYLq/mPrlJQ2VQ6xJH/qgw6llRx9GC6NFR/Hf
h8XSWsVRIh4H9tbnEdnVo+HvgfnIgvjeRgdF46wwuiJ8OA3pgSmZOFTaeG9ro1x0
SuR/xrId/Gei8CfTYPIOnQitJRF0WpJdl6DsAzAmkW6RnBffSmgrOzrFILQf/lik
PEEI5gIreegZkTES0T5ejP6H0NFBex9PhPdK9zWzh9R/GQ==
-----END CERTIFICATE-----