Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/MZX7mLH5W6eCDy9EZF9P3z76Upo.roa
File:                     MZX7mLH5W6eCDy9EZF9P3z76Upo.roa (raw, json)
Hash identifier:          MhllHCTJJuzutq51l+QI/WlzrCdGMNkkrYjFGRUC6sk=
Subject key identifier:   31:95:FB:98:B1:F9:5B:A7:82:0F:2F:44:64:5F:4F:DF:3E:FA:52:9A
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBC9C7469DB33B3C3FEA80DA592969
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/MZX7mLH5W6eCDy9EZF9P3z76Upo.roa
Signing time:             Wed 01 Jan 2025 17:48:34 +0000
ROA not before:           Wed 01 Jan 2025 17:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396580
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 19:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c9:c7:46:9d:b3:3b:3c:3f:ea:80:da:59:29:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3195fb98b1f95ba7820f2f44645f4fdf3efa529a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ca:07:c7:39:9d:64:2a:6f:7d:e9:d8:5b:80:
                    89:c2:ec:db:cd:ae:bd:f6:1a:06:b4:ce:52:a4:d8:
                    35:db:7c:e0:1a:1a:2f:6d:28:19:f8:c8:7b:d8:46:
                    e4:19:a1:9c:d7:70:9e:6c:6e:6c:b8:6d:94:8d:74:
                    16:ca:a3:b7:29:7f:2a:1b:27:1f:a0:d3:6d:81:65:
                    4d:89:db:ac:48:70:67:5d:aa:b5:e0:1d:94:73:41:
                    71:37:d4:42:ab:da:22:0c:1c:f2:08:75:eb:e5:25:
                    62:d8:db:b9:79:e3:79:88:87:7e:06:02:f3:0f:61:
                    d4:1a:77:39:10:0b:1a:14:d6:e7:88:de:98:e2:76:
                    e6:55:81:9f:e7:1f:d4:1c:4a:5b:e3:6a:3a:43:b3:
                    3e:21:8b:26:18:d7:f7:83:24:da:0e:da:39:c5:6f:
                    b4:4d:dd:c5:10:5a:f3:d4:4b:1a:cc:4d:f6:33:f0:
                    8b:2d:e5:7b:f7:84:1a:23:51:84:84:3f:9e:50:e1:
                    53:6e:f8:ed:06:4d:71:a1:6d:d8:6e:a2:ca:75:34:
                    ca:bf:fb:ec:7e:05:7b:19:c4:f5:fb:be:2b:89:aa:
                    08:86:88:66:27:3a:c3:d4:43:31:d3:3a:f0:1a:c6:
                    7e:d4:99:1b:9b:be:7a:0f:53:9d:0c:a0:fc:0c:9b:
                    72:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:95:FB:98:B1:F9:5B:A7:82:0F:2F:44:64:5F:4F:DF:3E:FA:52:9A
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/MZX7mLH5W6eCDy9EZF9P3z76Upo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:c9:7f:40:25:c5:61:bd:73:78:57:50:26:28:b7:56:1c:38:
         c3:03:4b:0c:19:0f:c3:eb:10:36:61:b9:bc:f2:ce:9a:f6:03:
         dd:73:05:6e:e3:a1:f7:1a:3f:b2:b5:30:90:50:81:d1:bb:27:
         4c:fd:73:48:a0:74:19:12:54:a7:b9:a9:d5:58:42:67:83:b2:
         97:91:40:57:7e:a4:4c:6d:18:f1:97:13:48:f7:19:62:bd:4c:
         5a:99:ff:0f:23:52:30:29:65:e5:d7:82:c7:47:dc:ae:4e:c2:
         8e:6d:21:61:3d:18:0d:73:77:11:8d:11:20:31:5d:21:3f:6d:
         be:f7:12:f6:08:bb:c8:7f:80:e1:bb:30:41:2e:70:3a:e1:7c:
         fe:7b:b4:63:89:b0:ec:88:e5:ef:61:a1:ae:e7:24:92:41:47:
         e2:c6:4a:c2:f8:5c:10:97:0c:46:cb:20:cb:8f:a5:82:44:8c:
         e6:f3:55:fe:75:52:b3:b7:5e:47:ea:44:f2:d8:a9:dc:ee:e6:
         a1:c2:90:88:f5:0f:77:ac:06:bd:f6:10:34:fb:f8:7d:84:08:
         4e:c1:eb:d2:de:72:b2:a1:32:90:2c:fb:77:0c:a9:88:ea:a9:
         02:56:b0:24:7d:83:77:98:3f:2a:cb:8b:c4:a0:da:78:b0:57:
         0d:24:c5:d2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+8nHRp2zOzw/6oDaWSlpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTk1ZmI5OGIxZjk1YmE3ODIwZjJmNDQ2NDVmNGZkZjNlZmE1MjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMoHxzmdZCpvfenYW4CJwuzbza69
9hoGtM5SpNg123zgGhovbSgZ+Mh72EbkGaGc13CebG5suG2UjXQWyqO3KX8qGycf
oNNtgWVNidusSHBnXaq14B2Uc0FxN9RCq9oiDBzyCHXr5SVi2Nu5eeN5iId+BgLz
D2HUGnc5EAsaFNbniN6Y4nbmVYGf5x/UHEpb42o6Q7M+IYsmGNf3gyTaDto5xW+0
Td3FEFrz1EsazE32M/CLLeV794QaI1GEhD+eUOFTbvjtBk1xoW3YbqLKdTTKv/vs
fgV7GcT1+74riaoIhohmJzrD1EMx0zrwGsZ+1Jkbm756D1OdDKD8DJtyuwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDGV+5ix+Vungg8vRGRfT98++lKaMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvTVpYN21MSDVXNmVDRHk5RVpGOVAzejc2VXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAJvJf0AlxWG9c3hXUCYot1YcOMMDSwwZ
D8PrEDZhubzyzpr2A91zBW7jofcaP7K1MJBQgdG7J0z9c0igdBkSVKe5qdVYQmeD
speRQFd+pExtGPGXE0j3GWK9TFqZ/w8jUjApZeXXgsdH3K5Owo5tIWE9GA1zdxGN
ESAxXSE/bb73EvYIu8h/gOG7MEEucDrhfP57tGOJsOyI5e9hoa7nJJJBR+LGSsL4
XBCXDEbLIMuPpYJEjObzVf51UrO3XkfqRPLYqdzu5qHCkIj1D3esBr32EDT7+H2E
CE7B69LecrKhMpAs+3cMqYjqqQJWsCR9g3eYPyrLi8Sg2niwVw0kxdI=
-----END CERTIFICATE-----