Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ALJQhlCioT2kQ49rw1CElQxJF7E.roa
File:                     ALJQhlCioT2kQ49rw1CElQxJF7E.roa (raw, json)
Hash identifier:          3FPUPNkqpXkMldzZfSheAfQWjIekhk+9e6zmCYZHqyQ=
Subject key identifier:   00:B2:50:86:50:A2:A1:3D:A4:43:8F:6B:C3:50:84:95:0C:49:17:B1
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F624E6565E1B9EEF1CDE150E72B52DC
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ALJQhlCioT2kQ49rw1CElQxJF7E.roa
Signing time:             Tue 25 Jun 2024 12:32:40 +0000
ROA not before:           Tue 25 Jun 2024 12:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396562
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:4e:65:65:e1:b9:ee:f1:cd:e1:50:e7:2b:52:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00b2508650a2a13da4438f6bc35084950c4917b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:53:1c:6f:02:4f:ea:73:2d:ff:64:46:d1:8c:
                    f8:7e:81:02:e4:d2:5a:1c:1d:c7:97:21:da:f4:72:
                    01:21:0c:5e:9b:02:bd:e7:7f:b4:34:78:c9:6a:c3:
                    89:74:1a:59:3c:30:5b:df:1d:24:35:ef:07:d4:8c:
                    10:4b:ed:54:33:79:af:c0:0f:98:1e:13:6d:db:ba:
                    d8:bc:e1:e1:49:dd:88:7f:a1:4c:06:40:cb:53:3d:
                    b9:8d:a7:f2:22:71:6b:ca:fb:78:07:70:48:ab:6f:
                    dd:f4:33:e9:23:1e:45:b8:b4:e3:ec:ae:5f:49:29:
                    5e:8f:17:3f:55:25:06:eb:47:86:c8:a3:8f:54:db:
                    e5:33:bc:92:63:8b:6e:b7:8e:b2:b0:1a:98:4d:fe:
                    9e:bf:8d:d9:c9:d3:01:6a:76:1f:7a:fd:d8:4a:eb:
                    ca:d9:4f:a8:6c:de:c1:0c:fe:5f:93:b3:e7:17:ac:
                    af:1d:15:0c:46:e9:69:2e:70:fe:49:4a:5e:26:a0:
                    d2:b3:fb:f3:16:75:77:af:40:28:c0:64:cb:9a:51:
                    87:8d:5c:dc:d0:cc:15:61:ad:dc:01:5f:c0:ca:69:
                    c5:b2:04:eb:da:6a:06:97:46:1a:52:c8:97:55:5d:
                    6c:da:1c:79:0b:88:79:d2:68:f4:6e:93:bd:00:4a:
                    c9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B2:50:86:50:A2:A1:3D:A4:43:8F:6B:C3:50:84:95:0C:49:17:B1
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ALJQhlCioT2kQ49rw1CElQxJF7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         59:2f:82:1b:f9:21:e2:bd:69:c3:0e:31:64:6d:11:89:2c:c8:
         31:65:a6:cb:1a:34:60:c2:6c:3a:f9:8e:47:78:9c:bf:ad:5a:
         f9:41:fe:c0:f5:96:f9:2d:a9:ad:cd:6e:8c:d0:ea:e2:4d:86:
         2d:5e:fb:c5:b2:ca:30:cb:42:a3:48:ef:6c:eb:9c:3b:d4:0a:
         88:d6:13:7d:9b:b7:86:81:b7:3b:df:d7:5f:e4:79:ff:25:88:
         cd:94:8e:30:8c:17:4c:e1:37:ca:a0:0f:74:c8:b9:fe:a0:2f:
         5d:e8:d7:ed:09:a3:5d:14:a4:5a:8f:54:2e:10:4c:58:56:d1:
         c7:4c:6b:62:05:d6:67:d0:b4:0c:7f:4e:0b:92:67:ea:f9:db:
         83:c6:fe:1c:6b:c8:b6:6f:3d:19:d6:e6:80:12:d0:3c:e5:d7:
         56:7b:b9:81:6e:41:21:46:60:4e:c5:ec:ff:1c:cf:2f:7d:6b:
         b6:d2:00:78:83:c5:cb:5c:c0:65:0d:47:7c:92:75:8b:dc:0a:
         20:7f:49:3e:e1:52:32:56:db:37:bd:48:90:13:85:bd:0a:54:
         98:9d:e1:87:3e:f0:56:bf:2d:18:d0:f0:fa:49:7c:5a:4e:ec:
         44:4c:80:48:ef:3f:ab:55:17:6a:6b:16:19:d5:af:f2:7d:ef:
         a0:44:59:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYk5lZeG57vHN4VDnK1LcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGIyNTA4NjUwYTJhMTNkYTQ0MzhmNmJjMzUwODQ5NTBjNDkxN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71McbwJP6nMt/2RG0Yz4foEC5NJa
HB3HlyHa9HIBIQxemwK953+0NHjJasOJdBpZPDBb3x0kNe8H1IwQS+1UM3mvwA+Y
HhNt27rYvOHhSd2If6FMBkDLUz25jafyInFryvt4B3BIq2/d9DPpIx5FuLTj7K5f
SSlejxc/VSUG60eGyKOPVNvlM7ySY4tut46ysBqYTf6ev43ZydMBanYfev3YSuvK
2U+obN7BDP5fk7PnF6yvHRUMRulpLnD+SUpeJqDSs/vzFnV3r0AowGTLmlGHjVzc
0MwVYa3cAV/AymnFsgTr2moGl0YaUsiXVV1s2hx5C4h50mj0bpO9AErJoQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFACyUIZQoqE9pEOPa8NQhJUMSRexMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvQUxKUWhsQ2lvVDJrUTQ5cncxQ0VsUXhKRjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAWS+CG/kh4r1pww4xZG0RiSzIMWWmyxo0YMJsOvmO
R3icv61a+UH+wPWW+S2prc1ujNDq4k2GLV77xbLKMMtCo0jvbOucO9QKiNYTfZu3
hoG3O9/XX+R5/yWIzZSOMIwXTOE3yqAPdMi5/qAvXejX7QmjXRSkWo9ULhBMWFbR
x0xrYgXWZ9C0DH9OC5Jn6vnbg8b+HGvItm89GdbmgBLQPOXXVnu5gW5BIUZgTsXs
/xzPL31rttIAeIPFy1zAZQ1HfJJ1i9wKIH9JPuFSMlbbN71IkBOFvQpUmJ3hhz7w
Vr8tGNDw+kl8Wk7sREyASO8/q1UXamsWGdWv8n3voERZKQ==
-----END CERTIFICATE-----