Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/A2RjIyzwz6jZP0PGwlKJ9AoNdpk.roa
File:                     A2RjIyzwz6jZP0PGwlKJ9AoNdpk.roa (raw, json)
Hash identifier:          fD7fnZBtbwG8Oxn0yQK/xwAJ/LPxqvPb6WqIJOYNdbI=
Subject key identifier:   03:64:63:23:2C:F0:CF:A8:D9:3F:43:C6:C2:52:89:F4:0A:0D:76:99
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F623BA711153B9F8E567F1B28CA05A1
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/A2RjIyzwz6jZP0PGwlKJ9AoNdpk.roa
Signing time:             Tue 25 Jun 2024 12:32:36 +0000
ROA not before:           Tue 25 Jun 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36622
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:3b:a7:11:15:3b:9f:8e:56:7f:1b:28:ca:05:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=036463232cf0cfa8d93f43c6c25289f40a0d7699
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:09:ec:b1:52:4e:35:51:a3:aa:09:c4:0e:01:
                    89:40:4c:2f:02:d0:23:36:25:56:24:e8:7e:be:87:
                    a0:5d:ff:d0:67:5d:d2:df:77:f2:2b:56:13:42:77:
                    4d:dc:02:e9:be:33:1b:d4:f0:1e:fb:56:c9:0e:52:
                    14:38:81:e3:ce:27:42:57:67:ca:de:53:12:16:61:
                    db:39:d7:db:77:0c:c9:16:88:5b:70:c7:a0:3b:a1:
                    c4:28:be:79:2a:bb:21:55:e1:94:ec:a1:d4:d3:68:
                    0a:0a:da:81:4d:de:88:42:74:a4:6e:e8:31:32:13:
                    3e:71:d4:14:5d:48:48:90:dc:e8:ad:82:5d:99:6d:
                    f2:01:13:19:bb:b7:2f:4a:36:e6:07:9f:50:42:35:
                    b5:18:d1:2d:b2:7d:44:91:40:9c:59:1f:63:e5:47:
                    75:70:f5:0c:22:3a:0e:d8:e2:26:5a:13:4a:af:3f:
                    09:b3:cf:dc:58:24:07:c2:6e:99:2b:b2:55:01:6d:
                    45:de:03:82:20:a8:8d:ee:5e:e0:e7:e4:51:d0:a8:
                    ac:95:52:a2:f4:d0:c8:62:6d:34:18:cf:87:6b:0b:
                    36:ef:94:dd:3b:3d:a6:93:12:4a:0d:cf:3a:9b:da:
                    e5:1e:c0:d3:57:3f:79:85:84:7d:5b:25:da:fb:51:
                    7c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:64:63:23:2C:F0:CF:A8:D9:3F:43:C6:C2:52:89:F4:0A:0D:76:99
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/A2RjIyzwz6jZP0PGwlKJ9AoNdpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         36:ca:d0:47:7c:d2:f4:da:d4:0b:03:51:28:b8:d7:e9:9f:9f:
         18:4b:83:16:7f:23:88:e9:6a:3a:3f:97:a6:9f:26:55:db:bb:
         d9:03:bc:30:28:43:08:fd:17:26:69:ad:f6:7a:ba:b9:02:c7:
         70:74:11:c7:dc:42:91:3a:da:28:9e:e7:b3:16:eb:df:50:7e:
         f1:24:c7:7e:12:64:5a:06:4f:59:f0:ce:78:4a:42:b3:3b:5c:
         79:fb:40:fb:bd:07:7e:70:2a:d1:16:d7:39:87:6c:fc:b6:5f:
         07:03:a3:20:3d:34:ab:49:32:8f:e4:c2:ef:17:9a:78:1d:fa:
         32:52:8a:20:c0:70:88:23:b4:ad:23:9c:b4:f5:fe:3e:a5:e5:
         e7:34:f9:6d:ec:bd:69:68:01:68:18:2d:07:72:07:70:12:87:
         ed:90:cb:87:3c:b6:02:6e:c2:3c:be:5c:b7:64:30:e4:83:13:
         50:0e:ed:24:7a:7d:f1:10:b2:42:97:54:f7:83:3f:2d:60:41:
         78:47:5e:5d:b8:ce:0d:4f:ff:fa:a1:45:c9:82:43:48:09:08:
         47:e5:ed:ba:72:f2:2b:e9:85:b9:58:7e:a1:bf:33:44:c8:f8:
         1a:11:0a:da:7d:28:0a:32:65:77:d2:a3:69:aa:ae:c7:38:32:
         c3:51:21:3e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYjunERU7n45WfxsoygWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzY0NjMyMzJjZjBjZmE4ZDkzZjQzYzZjMjUyODlmNDBhMGQ3Njk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAnssVJONVGjqgnEDgGJQEwvAtAj
NiVWJOh+voegXf/QZ13S33fyK1YTQndN3ALpvjMb1PAe+1bJDlIUOIHjzidCV2fK
3lMSFmHbOdfbdwzJFohbcMegO6HEKL55KrshVeGU7KHU02gKCtqBTd6IQnSkbugx
MhM+cdQUXUhIkNzorYJdmW3yARMZu7cvSjbmB59QQjW1GNEtsn1EkUCcWR9j5Ud1
cPUMIjoO2OImWhNKrz8Js8/cWCQHwm6ZK7JVAW1F3gOCIKiN7l7g5+RR0KislVKi
9NDIYm00GM+Haws275TdOz2mkxJKDc86m9rlHsDTVz95hYR9WyXa+1F8BQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFANkYyMs8M+o2T9DxsJSifQKDXaZMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvQTJSakl5end6NmpaUDBQR3dsS0o5QW9OZHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEANsrQR3zS9NrUCwNRKLjX6Z+fGEuDFn8jiOlqOj+X
pp8mVdu72QO8MChDCP0XJmmt9nq6uQLHcHQRx9xCkTraKJ7nsxbr31B+8STHfhJk
WgZPWfDOeEpCsztceftA+70HfnAq0RbXOYds/LZfBwOjID00q0kyj+TC7xeaeB36
MlKKIMBwiCO0rSOctPX+PqXl5zT5bey9aWgBaBgtB3IHcBKH7ZDLhzy2Am7CPL5c
t2Qw5IMTUA7tJHp98RCyQpdU94M/LWBBeEdeXbjODU//+qFFyYJDSAkIR+XtunLy
K+mFuVh+ob8zRMj4GhEK2n0oCjJld9Kjaaquxzgyw1EhPg==
-----END CERTIFICATE-----