Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/LK-4xmaT7dCPLWiBdV2rb3Bx8EQ.roa
File:                     LK-4xmaT7dCPLWiBdV2rb3Bx8EQ.roa (raw, json)
Hash identifier:          tWiNqwXxRTEBEA3SvMCl5TlpYvuDFwIJdvyGmxYR8z8=
Subject key identifier:   2C:AF:B8:C6:66:93:ED:D0:8F:2D:68:81:75:5D:AB:6F:70:71:F0:44
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBD15D809B088D9B1ADDFEFCF2DA86
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/LK-4xmaT7dCPLWiBdV2rb3Bx8EQ.roa
Signing time:             Wed 01 Jan 2025 17:48:36 +0000
ROA not before:           Wed 01 Jan 2025 17:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396596
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:d1:5d:80:9b:08:8d:9b:1a:dd:fe:fc:f2:da:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cafb8c66693edd08f2d6881755dab6f7071f044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c1:d3:a2:14:86:08:15:7e:fb:4c:37:b0:e3:
                    e6:5d:2b:bd:55:14:4d:cd:4d:56:5b:88:c6:fa:da:
                    3a:01:b7:3c:56:9c:f5:66:ac:62:2c:49:52:d8:82:
                    80:0f:3e:32:8b:ff:a2:0c:58:3e:fe:86:3b:6f:f3:
                    32:fa:22:b6:24:f1:5e:78:60:85:58:c7:1b:dd:49:
                    6c:48:1b:34:33:3f:5a:77:91:2d:bb:52:38:c6:2f:
                    23:f7:c8:04:b9:60:0b:dc:12:6a:b5:05:73:57:0b:
                    2c:a8:9f:e9:9a:22:1e:4f:f5:69:18:dc:41:5c:7a:
                    ad:a1:bb:4c:36:97:07:30:b9:90:df:78:d3:44:ba:
                    e8:7d:b6:20:25:99:64:b2:aa:1d:05:df:19:4b:2c:
                    a2:15:d0:a3:9b:e5:87:da:bb:ed:88:65:b4:a5:75:
                    36:db:d6:aa:25:95:69:72:6b:49:ef:ad:64:28:43:
                    b7:03:99:2f:5d:f4:63:c4:31:6f:53:2f:71:01:4e:
                    51:e1:5c:95:a2:3f:da:b5:cf:ab:5f:88:5e:85:44:
                    b9:73:bb:c9:12:f6:b2:bd:5d:9e:ec:4e:c5:d8:03:
                    8c:5f:b7:b6:e0:43:92:aa:54:5c:a7:9c:18:5a:1c:
                    dd:3c:4a:a4:fc:c1:a2:76:9d:69:bc:29:64:6b:f2:
                    32:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AF:B8:C6:66:93:ED:D0:8F:2D:68:81:75:5D:AB:6F:70:71:F0:44
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/LK-4xmaT7dCPLWiBdV2rb3Bx8EQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:11:62:bb:d9:5a:8c:0b:d1:a2:a7:0b:1b:d4:a7:fe:23:b8:
         aa:e0:24:42:1e:e9:a1:0a:0e:d5:28:9e:3a:0f:d9:73:88:eb:
         58:2d:60:0d:4c:2b:ea:a4:4e:ef:c2:c0:76:3f:b4:89:65:68:
         9e:82:14:fa:ae:2c:63:a5:b3:e7:9d:d3:ca:d4:da:ed:a1:63:
         a7:b7:51:c3:7a:d7:73:68:d7:d6:b0:95:09:c9:1d:25:f7:ce:
         f1:60:1f:45:70:f7:26:71:bf:3f:2b:eb:f3:5b:2d:11:54:95:
         7c:f5:94:1e:66:d1:1f:40:47:60:48:f9:9a:6f:f2:86:6c:a7:
         15:1c:66:00:dc:27:2b:4e:61:bc:0d:7c:15:1f:3a:47:2b:5c:
         b4:41:77:23:66:37:6c:d1:48:54:b8:19:4f:63:18:7d:fc:24:
         6c:e4:36:be:ae:f0:8e:22:d6:9c:b6:4a:2e:29:ed:67:91:f2:
         3a:04:88:dd:53:ce:99:da:09:3b:89:ae:89:03:a6:61:b7:a8:
         a6:4f:61:51:20:e8:20:fd:a7:29:84:9e:92:96:87:f7:1e:a6:
         dd:ab:87:aa:53:26:3f:18:39:00:e7:a6:85:00:f9:b1:6b:6e:
         e5:0b:4e:c5:e6:5e:04:1d:4c:38:c3:4b:0f:e6:e1:a9:45:7c:
         e1:de:3f:07
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+9FdgJsIjZsa3f788tqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2FmYjhjNjY2OTNlZGQwOGYyZDY4ODE3NTVkYWI2ZjcwNzFmMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MHTohSGCBV++0w3sOPmXSu9VRRN
zU1WW4jG+to6Abc8Vpz1ZqxiLElS2IKADz4yi/+iDFg+/oY7b/My+iK2JPFeeGCF
WMcb3UlsSBs0Mz9ad5Etu1I4xi8j98gEuWAL3BJqtQVzVwssqJ/pmiIeT/VpGNxB
XHqtobtMNpcHMLmQ33jTRLrofbYgJZlksqodBd8ZSyyiFdCjm+WH2rvtiGW0pXU2
29aqJZVpcmtJ761kKEO3A5kvXfRjxDFvUy9xAU5R4VyVoj/atc+rX4hehUS5c7vJ
EvayvV2e7E7F2AOMX7e24EOSqlRcp5wYWhzdPEqk/MGidp1pvClka/IycwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCyvuMZmk+3Qjy1ogXVdq29wcfBEMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvTEstNHhtYVQ3ZENQTFdpQmRWMnJiM0J4OEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBABoRYrvZWowL0aKnCxvUp/4juKrgJEIe
6aEKDtUonjoP2XOI61gtYA1MK+qkTu/CwHY/tIllaJ6CFPquLGOls+ed08rU2u2h
Y6e3UcN613No19awlQnJHSX3zvFgH0Vw9yZxvz8r6/NbLRFUlXz1lB5m0R9AR2BI
+Zpv8oZspxUcZgDcJytOYbwNfBUfOkcrXLRBdyNmN2zRSFS4GU9jGH38JGzkNr6u
8I4i1py2Si4p7WeR8joEiN1TzpnaCTuJrokDpmG3qKZPYVEg6CD9pymEnpKWh/ce
pt2rh6pTJj8YOQDnpoUA+bFrbuULTsXmXgQdTDjDSw/m4alFfOHePwc=
-----END CERTIFICATE-----