Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/EYOAn1vNQ0ZC4oWxnwuv_Be2hfo.roa
File:                     EYOAn1vNQ0ZC4oWxnwuv_Be2hfo.roa (raw, json)
Hash identifier:          p7KqF5lJpSm7pnWDehrq0fNkYKb5LAzc8rv5NHyMydo=
Subject key identifier:   11:83:80:9F:5B:CD:43:46:42:E2:85:B1:9F:0B:AF:FC:17:B6:85:FA
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBC33DF06AD835F8DA048E4A7F6AE9
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/EYOAn1vNQ0ZC4oWxnwuv_Be2hfo.roa
Signing time:             Wed 01 Jan 2025 17:48:32 +0000
ROA not before:           Wed 01 Jan 2025 17:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396566
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c3:3d:f0:6a:d8:35:f8:da:04:8e:4a:7f:6a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1183809f5bcd434642e285b19f0baffc17b685fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:52:b8:80:51:1d:23:c4:75:05:89:cf:1b:eb:
                    a5:8a:0f:e6:43:da:4c:c5:a7:35:01:e4:2a:f3:69:
                    50:36:9f:14:52:89:ef:1c:71:fa:2c:b7:af:e4:80:
                    7c:25:a4:a5:3f:bf:4d:52:8a:80:8a:ff:f2:6a:b9:
                    f6:9e:48:4e:ff:97:ff:58:78:8b:45:a7:2f:c8:00:
                    4c:f5:df:94:7d:76:f3:3b:a5:a1:37:b3:6a:b4:11:
                    a9:b4:99:73:04:4b:85:a4:5b:2f:1e:10:3d:f3:14:
                    57:f5:24:66:4d:8b:29:e4:ff:6f:1a:ee:a0:d2:ec:
                    4e:ed:ef:96:8d:bf:dd:75:c0:ce:a8:af:ce:ff:0a:
                    88:ef:39:eb:2c:6f:76:4d:c9:fc:5b:3e:24:50:4a:
                    30:c0:e5:28:6f:84:67:16:86:1f:a3:6c:50:fc:bc:
                    c5:60:8d:1a:23:d7:6b:92:61:95:1c:6f:c8:37:19:
                    af:b4:90:e4:9c:ec:8f:75:e7:98:c9:40:24:59:6f:
                    8d:aa:14:10:01:67:1b:1f:02:48:2f:2f:8c:84:03:
                    a6:8d:e9:93:ae:85:7b:35:57:6e:13:13:88:bf:f3:
                    fc:de:b6:51:a4:8a:d8:31:01:14:1e:27:e9:07:00:
                    fc:b5:a1:16:2a:20:13:c7:1a:88:e9:c3:fa:ae:9c:
                    c0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:83:80:9F:5B:CD:43:46:42:E2:85:B1:9F:0B:AF:FC:17:B6:85:FA
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/EYOAn1vNQ0ZC4oWxnwuv_Be2hfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:d4:3a:6d:0e:fb:a3:89:04:1a:e0:6f:92:87:2a:07:16:98:
         32:41:ad:f6:f1:90:ca:7b:f0:20:fe:ea:8d:30:60:d3:a8:d1:
         3f:ff:35:82:d2:df:44:db:dc:1f:98:96:e0:a3:31:1e:c4:25:
         f4:6b:f7:1b:db:7e:f4:2d:2d:23:da:2b:f7:8f:ff:c9:5b:bc:
         3b:8a:e4:8c:ad:4b:88:e7:e1:e2:6d:c6:3b:57:b2:bf:39:35:
         2d:e4:30:23:04:a4:e0:ed:28:13:16:b1:be:34:d3:1c:f0:7e:
         b3:09:6e:11:94:28:db:44:4e:95:09:92:36:41:13:a6:c1:87:
         50:5c:ed:bb:74:f4:38:6f:b1:95:68:e2:df:f8:b9:90:c4:16:
         d4:f3:9c:71:35:15:f4:72:2a:23:c0:c7:d8:83:5a:56:e7:ef:
         b1:b2:aa:3a:67:f4:9c:08:97:ed:0a:27:8f:f4:0b:c7:87:20:
         27:48:5b:8f:aa:c8:d7:2d:cd:08:26:b7:4b:0c:82:56:59:da:
         f1:33:95:e0:0c:28:26:83:06:7c:54:f7:14:34:bb:f0:59:82:
         11:2c:19:57:d7:5e:9f:17:19:d0:53:b9:a6:90:4b:6b:4d:cb:
         25:01:61:8c:bc:65:58:14:16:e0:d1:aa:fb:25:d9:f0:11:05:
         d8:b1:e8:d7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+8M98GrYNfjaBI5Kf2rpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTgzODA5ZjViY2Q0MzQ2NDJlMjg1YjE5ZjBiYWZmYzE3YjY4NWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFK4gFEdI8R1BYnPG+ulig/mQ9pM
xac1AeQq82lQNp8UUonvHHH6LLev5IB8JaSlP79NUoqAiv/yarn2nkhO/5f/WHiL
RacvyABM9d+UfXbzO6WhN7NqtBGptJlzBEuFpFsvHhA98xRX9SRmTYsp5P9vGu6g
0uxO7e+Wjb/ddcDOqK/O/wqI7znrLG92Tcn8Wz4kUEowwOUob4RnFoYfo2xQ/LzF
YI0aI9drkmGVHG/INxmvtJDknOyPdeeYyUAkWW+NqhQQAWcbHwJILy+MhAOmjemT
roV7NVduExOIv/P83rZRpIrYMQEUHifpBwD8taEWKiATxxqI6cP6rpzAowIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBGDgJ9bzUNGQuKFsZ8Lr/wXtoX6MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvRVlPQW4xdk5RMFpDNG9XeG53dXZfQmUyaGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBALPUOm0O+6OJBBrgb5KHKgcWmDJBrfbx
kMp78CD+6o0wYNOo0T//NYLS30Tb3B+YluCjMR7EJfRr9xvbfvQtLSPaK/eP/8lb
vDuK5IytS4jn4eJtxjtXsr85NS3kMCMEpODtKBMWsb400xzwfrMJbhGUKNtETpUJ
kjZBE6bBh1Bc7bt09DhvsZVo4t/4uZDEFtTznHE1FfRyKiPAx9iDWlbn77Gyqjpn
9JwIl+0KJ4/0C8eHICdIW4+qyNctzQgmt0sMglZZ2vEzleAMKCaDBnxU9xQ0u/BZ
ghEsGVfXXp8XGdBTuaaQS2tNyyUBYYy8ZVgUFuDRqvsl2fARBdix6Nc=
-----END CERTIFICATE-----