Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/HBDRhM4X_lL00H0gbew_eh6xyyM.roa
File:                     HBDRhM4X_lL00H0gbew_eh6xyyM.roa (raw, json)
Hash identifier:          rPFX5YiY6GglAkGX3KXOQoycxd2XEWdZD6W5j2846VU=
Subject key identifier:   1C:10:D1:84:CE:17:FE:52:F4:D0:7D:20:6D:EC:3F:7A:1E:B1:CB:23
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F623488AEFAFFA1975AC2BCC451836C
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/HBDRhM4X_lL00H0gbew_eh6xyyM.roa
Signing time:             Tue 25 Jun 2024 12:32:34 +0000
ROA not before:           Tue 25 Jun 2024 12:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10515
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:34:88:ae:fa:ff:a1:97:5a:c2:bc:c4:51:83:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c10d184ce17fe52f4d07d206dec3f7a1eb1cb23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6c:e4:01:0a:e6:d4:84:eb:c0:72:7f:8b:e7:
                    9f:52:bc:90:ef:40:31:a3:1a:5c:c9:72:6b:eb:8b:
                    a5:e8:26:72:9f:86:1d:c3:11:27:2e:4a:f9:9d:66:
                    18:f1:9a:87:22:48:ec:f1:c6:05:ea:e6:29:54:cc:
                    33:5b:8f:e9:6b:aa:48:6f:b0:ad:03:48:0c:d5:cb:
                    9e:06:25:f2:8d:27:1b:1f:9e:47:b3:b6:ae:16:d5:
                    b7:06:28:f4:7a:f7:e6:55:a7:0b:fc:ea:da:c7:f3:
                    62:39:35:be:17:83:a2:46:47:7e:65:eb:74:3d:48:
                    53:c1:29:1d:5e:55:79:42:20:be:3c:49:eb:e1:ec:
                    75:73:d1:c0:e5:28:cb:bd:66:a8:1f:3a:2b:ed:b1:
                    80:10:3f:53:2f:d4:d6:f2:75:a0:ef:d0:1d:33:7a:
                    e9:d2:3d:88:b0:a9:1c:15:1a:8f:96:a3:b4:bf:27:
                    8c:b2:bb:da:81:9a:92:41:35:43:76:59:c2:4f:6e:
                    a3:3e:cf:c1:f0:b7:d2:c8:f1:99:c2:08:90:f8:2d:
                    36:be:76:18:0b:68:fc:47:dd:7f:dd:82:7c:5f:d7:
                    96:cf:bf:5d:2a:88:d4:fa:36:17:76:2c:fd:4c:ec:
                    6d:d2:30:e7:0d:d0:ff:3d:b6:36:bd:af:5f:57:09:
                    1f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:10:D1:84:CE:17:FE:52:F4:D0:7D:20:6D:EC:3F:7A:1E:B1:CB:23
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/HBDRhM4X_lL00H0gbew_eh6xyyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         3d:a0:05:66:25:37:82:cc:38:d4:30:1b:aa:03:9e:e6:cf:e7:
         06:1f:64:5f:63:ef:8e:82:dc:a5:e9:46:e2:5e:c3:30:fa:91:
         5f:b2:28:99:1a:1e:6a:31:80:87:b8:21:8d:31:9a:50:77:89:
         eb:b6:a1:c4:ee:db:2e:8c:a8:cc:b6:b1:c6:b2:e7:c7:b3:bc:
         8d:f6:d7:0c:26:56:e1:2e:ed:aa:1e:a4:70:48:9d:c6:34:31:
         8c:51:62:25:df:b8:69:07:c1:39:27:63:74:67:2c:fd:ce:d4:
         40:45:81:f7:ff:38:b5:82:ee:5b:98:79:76:de:9e:bb:51:33:
         72:1e:10:52:67:52:8b:3f:4f:76:b0:ed:d3:28:22:6d:87:92:
         f8:b1:c9:71:23:b2:a7:c6:0d:5e:cb:a4:f5:7c:2f:f5:df:69:
         92:de:3d:1e:04:a2:40:9a:94:94:7f:15:31:6a:eb:d9:b9:fc:
         06:ad:d1:31:97:99:a7:37:5f:02:e9:b2:0e:c0:5a:88:e0:25:
         f7:26:12:ff:d4:f4:d4:cf:99:98:e1:65:55:f0:79:8d:ae:76:
         58:bc:be:70:f9:ec:10:77:c4:49:c0:f0:ca:db:7c:56:37:32:
         31:9a:38:6f:33:db:3f:81:cb:29:29:de:3d:4a:b1:1a:ba:c4:
         82:3a:63:19
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYjSIrvr/oZdawrzEUYNsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzEwZDE4NGNlMTdmZTUyZjRkMDdkMjA2ZGVjM2Y3YTFlYjFjYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2zkAQrm1ITrwHJ/i+efUryQ70Ax
oxpcyXJr64ul6CZyn4YdwxEnLkr5nWYY8ZqHIkjs8cYF6uYpVMwzW4/pa6pIb7Ct
A0gM1cueBiXyjScbH55Hs7auFtW3Bij0evfmVacL/Orax/NiOTW+F4OiRkd+Zet0
PUhTwSkdXlV5QiC+PEnr4ex1c9HA5SjLvWaoHzor7bGAED9TL9TW8nWg79AdM3rp
0j2IsKkcFRqPlqO0vyeMsrvagZqSQTVDdlnCT26jPs/B8LfSyPGZwgiQ+C02vnYY
C2j8R91/3YJ8X9eWz79dKojU+jYXdiz9TOxt0jDnDdD/PbY2va9fVwkfxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBwQ0YTOF/5S9NB9IG3sP3oescsjMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvSEJEUmhNNFhfbEwwMEgwZ2Jld19laDZ4eXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAPaAFZiU3gsw41DAbqgOe5s/nBh9kX2PvjoLcpelG
4l7DMPqRX7IomRoeajGAh7ghjTGaUHeJ67ahxO7bLoyozLaxxrLnx7O8jfbXDCZW
4S7tqh6kcEidxjQxjFFiJd+4aQfBOSdjdGcs/c7UQEWB9/84tYLuW5h5dt6eu1Ez
ch4QUmdSiz9PdrDt0ygibYeS+LHJcSOyp8YNXsuk9Xwv9d9pkt49HgSiQJqUlH8V
MWrr2bn8Bq3RMZeZpzdfAumyDsBaiOAl9yYS/9T01M+ZmOFlVfB5ja52WLy+cPns
EHfEScDwytt8VjcyMZo4bzPbP4HLKSnePUqxGrrEgjpjGQ==
-----END CERTIFICATE-----