Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KEBnFhCLwvXz14RPkiL3X-YEVKY.roa
File:                     KEBnFhCLwvXz14RPkiL3X-YEVKY.roa (raw, json)
Hash identifier:          5nSKyQYwF+2K+t2nifZSMjZ8siphFsl9QG8+RX6KFx8=
Subject key identifier:   28:40:67:16:10:8B:C2:F5:F3:D7:84:4F:92:22:F7:5F:E6:04:54:A6
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBAC0AEFB74E84A3AD2EE2AA97EC4B
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KEBnFhCLwvXz14RPkiL3X-YEVKY.roa
Signing time:             Wed 01 Jan 2025 17:48:26 +0000
ROA not before:           Wed 01 Jan 2025 17:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20172
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ac:0a:ef:b7:4e:84:a3:ad:2e:e2:aa:97:ec:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28406716108bc2f5f3d7844f9222f75fe60454a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c9:e1:96:32:7c:f4:ce:4f:2b:b1:79:1f:77:
                    13:c1:3c:de:fb:52:dc:20:17:d0:c1:b3:a9:8b:68:
                    9f:3c:2e:0e:7a:41:56:09:2c:98:13:41:eb:3e:2b:
                    00:6e:ae:72:a5:30:77:65:51:f1:43:d2:e0:30:54:
                    ac:8d:d5:f6:c3:b8:74:c0:8f:9c:d5:98:49:b2:9e:
                    d8:a5:84:8b:0e:cb:6c:08:51:4a:95:6e:f0:e5:63:
                    01:fc:ea:eb:1c:9a:fd:7c:86:ce:d3:86:9b:02:02:
                    d7:27:00:54:ad:ef:97:9b:47:d4:d8:f9:e7:fd:c5:
                    02:2a:86:54:85:4d:6e:92:e8:d4:3b:15:ab:6b:8a:
                    20:70:73:67:05:e8:e0:8a:09:00:1c:e9:3c:fc:44:
                    3e:2d:00:87:44:2b:90:c7:fe:24:11:df:f6:93:16:
                    cb:c2:2c:2d:21:13:8f:7d:de:dc:57:50:22:a9:85:
                    d1:6a:d4:d4:42:2b:e3:23:09:8f:27:99:33:44:59:
                    c8:e9:96:c5:8f:02:d3:3d:68:2c:41:4c:f3:e9:02:
                    58:41:9b:92:fa:4a:3b:a3:e2:24:b1:ae:7c:59:e7:
                    a5:65:b3:cf:4f:0f:82:d5:68:97:75:7b:1f:17:4e:
                    aa:f4:90:6d:3a:24:79:98:9f:bb:d5:8e:2d:a8:72:
                    53:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:40:67:16:10:8B:C2:F5:F3:D7:84:4F:92:22:F7:5F:E6:04:54:A6
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KEBnFhCLwvXz14RPkiL3X-YEVKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:1e:7a:5b:dc:75:45:99:53:e3:7b:66:4b:0a:1c:87:df:25:
         c2:33:75:32:2a:2c:5b:5b:ee:12:f8:dd:a8:06:5b:09:99:11:
         dc:cc:02:50:ef:af:0c:d9:75:2c:9a:1f:40:59:a8:3d:33:97:
         c2:a0:cf:5e:01:c8:c9:f1:a8:d0:fa:ec:de:3c:26:86:b1:52:
         09:12:38:a7:1b:50:94:4d:1c:e0:f4:11:27:00:95:10:68:ff:
         23:56:97:17:85:dc:ac:ed:33:13:b8:d2:3f:d2:80:dd:8c:b1:
         a4:04:f6:18:cc:59:1b:29:5d:25:e1:a6:31:8f:e0:b4:75:3d:
         e2:d4:90:d9:97:f6:0a:a1:27:4e:1b:66:0a:dc:70:02:ac:01:
         ce:e5:98:80:31:c7:ae:dc:70:92:5f:79:1d:25:6e:cf:bc:1d:
         07:38:32:92:d2:16:bf:ce:19:cf:b2:d3:44:df:88:74:9b:1d:
         7c:d0:92:c5:bf:f6:f6:dd:43:44:e9:15:24:30:23:af:bc:0e:
         94:24:cb:19:98:60:7e:c3:9e:e3:bd:80:bb:5d:99:bd:cd:aa:
         d5:7d:9d:85:15:c0:eb:9e:55:04:05:e3:e3:2c:3f:98:59:a2:
         5d:05:8d:bd:5e:85:07:8a:c7:a3:a5:47:86:07:63:fc:45:ad:
         3a:1a:bb:37
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+6wK77dOhKOtLuKql+xLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODQwNjcxNjEwOGJjMmY1ZjNkNzg0NGY5MjIyZjc1ZmU2MDQ1NGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8nhljJ89M5PK7F5H3cTwTze+1Lc
IBfQwbOpi2ifPC4OekFWCSyYE0HrPisAbq5ypTB3ZVHxQ9LgMFSsjdX2w7h0wI+c
1ZhJsp7YpYSLDstsCFFKlW7w5WMB/OrrHJr9fIbO04abAgLXJwBUre+Xm0fU2Pnn
/cUCKoZUhU1ukujUOxWra4ogcHNnBejgigkAHOk8/EQ+LQCHRCuQx/4kEd/2kxbL
wiwtIROPfd7cV1AiqYXRatTUQivjIwmPJ5kzRFnI6ZbFjwLTPWgsQUzz6QJYQZuS
+ko7o+Iksa58WeelZbPPTw+C1WiXdXsfF06q9JBtOiR5mJ+71Y4tqHJT6wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFChAZxYQi8L189eET5Ii91/mBFSmMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvS0VCbkZoQ0x3dlh6MTRSUGtpTDNYLVlFVktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAA8eelvcdUWZU+N7ZksKHIffJcIzdTIq
LFtb7hL43agGWwmZEdzMAlDvrwzZdSyaH0BZqD0zl8Kgz14ByMnxqND67N48Joax
UgkSOKcbUJRNHOD0EScAlRBo/yNWlxeF3KztMxO40j/SgN2MsaQE9hjMWRspXSXh
pjGP4LR1PeLUkNmX9gqhJ04bZgrccAKsAc7lmIAxx67ccJJfeR0lbs+8HQc4MpLS
Fr/OGc+y00TfiHSbHXzQksW/9vbdQ0TpFSQwI6+8DpQkyxmYYH7DnuO9gLtdmb3N
qtV9nYUVwOueVQQF4+MsP5hZol0Fjb1ehQeKx6OlR4YHY/xFrToauzc=
-----END CERTIFICATE-----