Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/M2NG9zx-aSEpY_fH-L3jt7yUcjE.roa
File:                     M2NG9zx-aSEpY_fH-L3jt7yUcjE.roa (raw, json)
Hash identifier:          S0fVTKNVYBjKLjjQCijGztVqJyzffukpmqXp5Rf/YGo=
Subject key identifier:   33:63:46:F7:3C:7E:69:21:29:63:F7:C7:F8:BD:E3:B7:BC:94:72:31
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F623A01E86D1C3318A287E5BA6F1219
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/M2NG9zx-aSEpY_fH-L3jt7yUcjE.roa
Signing time:             Tue 25 Jun 2024 12:32:35 +0000
ROA not before:           Tue 25 Jun 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36618
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:3a:01:e8:6d:1c:33:18:a2:87:e5:ba:6f:12:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=336346f73c7e69212963f7c7f8bde3b7bc947231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:49:99:d8:95:e5:9a:37:99:99:69:e1:07:e1:
                    28:f4:20:a9:2c:3d:b9:e5:25:f1:04:b1:3e:dd:11:
                    37:b6:a1:af:1f:c4:82:70:2f:0b:29:16:f0:89:ac:
                    91:88:53:c4:4b:b0:04:51:10:c8:b1:7e:1d:bb:e6:
                    4b:f1:e6:73:a3:3d:76:47:09:66:d0:18:a3:49:d9:
                    29:a4:a3:26:3d:f7:a5:e2:f5:fc:19:11:1a:c9:c3:
                    87:53:72:56:30:dc:c9:a8:ea:f9:33:74:b7:39:68:
                    41:23:05:8b:c6:81:9a:5c:10:2f:b4:c7:98:63:e1:
                    e1:49:ba:8d:16:36:10:a5:55:0e:32:69:c3:d0:da:
                    c6:25:d7:9a:91:0c:b8:b3:04:6a:f5:9b:67:6f:c6:
                    4d:4d:bd:b9:13:5e:66:25:4d:84:b3:6b:00:5e:70:
                    41:08:34:8c:2d:07:77:78:da:b7:b2:05:68:35:9b:
                    a4:5b:67:6b:3e:b3:87:35:bc:3c:47:2c:6f:88:23:
                    eb:ae:3b:ba:9d:bf:da:f4:d1:de:48:19:d1:ea:9e:
                    cf:87:c5:33:86:fc:71:1f:db:16:f0:89:c0:31:62:
                    3b:ae:96:be:60:18:a2:c6:8f:19:44:a3:4b:5f:39:
                    78:06:8f:6e:89:ca:78:16:4d:47:39:43:41:44:2f:
                    e0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:63:46:F7:3C:7E:69:21:29:63:F7:C7:F8:BD:E3:B7:BC:94:72:31
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/M2NG9zx-aSEpY_fH-L3jt7yUcjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         81:fd:6a:80:7b:ad:89:9d:a2:1e:52:ea:8a:33:ce:8e:6a:23:
         39:5d:00:7d:b0:94:b8:1a:f1:8e:dd:a6:03:7f:54:dc:33:a3:
         8e:48:db:14:69:5f:33:b7:12:b2:21:e9:14:09:5f:b8:95:a0:
         f9:27:ff:b9:61:1f:3c:89:72:e1:31:59:c2:d3:3b:72:ed:72:
         42:dc:da:cf:67:da:4e:99:7f:fa:66:a7:e4:f7:dc:92:93:62:
         de:87:a4:d4:ec:f0:f1:77:91:bd:70:9c:4f:d0:fc:48:c7:6e:
         60:f3:da:29:d8:61:ee:83:07:86:33:a4:04:a5:14:a1:1b:d5:
         0d:ac:af:84:2a:29:33:03:58:91:fa:04:74:a9:b3:54:49:3a:
         1f:28:fe:c7:58:b8:60:d2:6d:0c:09:a4:1d:1a:f1:6f:c6:ce:
         07:1e:98:b5:d5:95:58:2e:2b:8d:09:3d:b9:c4:cf:17:b0:20:
         03:9a:38:51:60:6f:6c:fe:a6:5d:d3:a1:7f:47:bc:c6:0e:b6:
         9e:d0:5f:9c:8e:27:bc:3b:4c:7e:36:0f:f8:08:bc:7a:92:94:
         e2:d4:f0:4a:7f:61:4e:cc:e1:5d:94:d8:66:c5:25:e8:e6:24:
         21:e9:78:21:f6:36:41:4e:0d:c7:93:c0:94:a6:44:9c:55:7c:
         96:51:4a:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYjoB6G0cMxiih+W6bxIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYzNDZmNzNjN2U2OTIxMjk2M2Y3YzdmOGJkZTNiN2JjOTQ3MjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9EmZ2JXlmjeZmWnhB+Eo9CCpLD25
5SXxBLE+3RE3tqGvH8SCcC8LKRbwiayRiFPES7AEURDIsX4du+ZL8eZzoz12Rwlm
0BijSdkppKMmPfel4vX8GREaycOHU3JWMNzJqOr5M3S3OWhBIwWLxoGaXBAvtMeY
Y+HhSbqNFjYQpVUOMmnD0NrGJdeakQy4swRq9Ztnb8ZNTb25E15mJU2Es2sAXnBB
CDSMLQd3eNq3sgVoNZukW2drPrOHNbw8RyxviCPrrju6nb/a9NHeSBnR6p7Ph8Uz
hvxxH9sW8InAMWI7rpa+YBiixo8ZRKNLXzl4Bo9uicp4Fk1HOUNBRC/gOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDNjRvc8fmkhKWP3x/i947e8lHIxMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvTTJORzl6eC1hU0VwWV9mSC1MM2p0N3lVY2pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAgf1qgHutiZ2iHlLqijPOjmojOV0AfbCUuBrxjt2m
A39U3DOjjkjbFGlfM7cSsiHpFAlfuJWg+Sf/uWEfPIly4TFZwtM7cu1yQtzaz2fa
Tpl/+man5PfckpNi3oek1Ozw8XeRvXCcT9D8SMduYPPaKdhh7oMHhjOkBKUUoRvV
DayvhCopMwNYkfoEdKmzVEk6Hyj+x1i4YNJtDAmkHRrxb8bOBx6YtdWVWC4rjQk9
ucTPF7AgA5o4UWBvbP6mXdOhf0e8xg62ntBfnI4nvDtMfjYP+Ai8epKU4tTwSn9h
TszhXZTYZsUl6OYkIel4IfY2QU4Nx5PAlKZEnFV8llFKJQ==
-----END CERTIFICATE-----