Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/P4oKcSSWvu3e2IM-T9WwileZQBM.roa
File:                     P4oKcSSWvu3e2IM-T9WwileZQBM.roa (raw, json)
Hash identifier:          JWaHtWn95QVg+NU81WT6GnDlEoAGjJxon4UaPotb3Bw=
Subject key identifier:   3F:8A:0A:71:24:96:BE:ED:DE:D8:83:3E:4F:D5:B0:8A:57:99:40:13
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F62444E116AE89E912BDADC3A1100B6
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/P4oKcSSWvu3e2IM-T9WwileZQBM.roa
Signing time:             Tue 25 Jun 2024 12:32:38 +0000
ROA not before:           Tue 25 Jun 2024 12:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396541
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:44:4e:11:6a:e8:9e:91:2b:da:dc:3a:11:00:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f8a0a712496beedded8833e4fd5b08a57994013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:37:dc:d5:d5:8b:b1:65:49:09:93:2e:7e:9b:
                    29:94:16:80:ad:c9:b1:74:8f:ac:4a:3c:3a:59:d8:
                    2b:c3:7d:6b:d7:fa:81:ce:d0:e5:31:52:2d:79:a3:
                    44:d8:70:5c:94:60:fa:6a:9c:f5:15:ac:05:04:61:
                    27:8d:8f:7f:ac:35:59:d3:cb:8d:dd:93:6e:75:ff:
                    4b:62:fa:3e:8c:d3:1b:a2:72:5b:0f:ad:c9:9c:6e:
                    ad:6f:60:e8:8f:57:ac:e9:f5:07:84:16:2a:d9:a1:
                    d9:11:0f:22:c1:fa:6d:1d:e9:f4:66:44:1d:ac:0f:
                    f0:83:1c:40:76:e3:4a:b7:61:36:d7:2c:b9:2d:c5:
                    6a:18:d9:40:a4:ed:b3:70:a2:17:3b:1f:9d:dc:d5:
                    bd:33:e8:53:19:ef:8f:fe:86:e2:47:02:b1:b1:3f:
                    f6:33:4a:17:e8:ce:20:38:e0:be:83:d9:63:56:75:
                    85:e7:bb:6e:19:50:28:5d:27:2b:4b:ca:67:d1:84:
                    a2:79:5c:b5:89:28:43:5e:13:c9:44:d9:1f:cf:64:
                    8a:90:0b:35:b3:ec:46:5d:5c:f9:68:97:40:f9:fc:
                    08:42:21:fc:d8:68:44:9c:92:64:40:a7:c4:9c:e7:
                    28:fe:80:c4:8f:21:8c:ca:c5:54:58:c7:ff:fe:39:
                    4d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8A:0A:71:24:96:BE:ED:DE:D8:83:3E:4F:D5:B0:8A:57:99:40:13
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/P4oKcSSWvu3e2IM-T9WwileZQBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         81:7e:30:d3:8e:fb:4a:3a:2f:7b:0e:af:92:e1:d3:30:6f:c2:
         f4:18:f3:ff:6f:08:7f:2e:b6:44:c0:d0:ee:e1:a0:bf:4c:37:
         ad:1b:bf:1d:c7:59:cd:e6:aa:27:74:b7:d8:ca:31:03:f2:08:
         07:10:5a:e3:2c:b5:5e:95:25:91:e4:d8:9c:f7:a5:64:d6:66:
         0b:6b:dc:12:14:1f:63:38:5b:5e:2c:a6:a8:c9:cf:89:05:37:
         5b:36:ab:b8:e3:69:e8:71:15:9e:cf:e4:b0:0c:f2:8d:dc:a4:
         04:ae:e8:33:88:74:91:6f:96:81:f4:97:6b:a7:a3:73:5e:ab:
         07:ea:42:05:68:9e:d5:eb:c5:21:b3:2a:67:00:cd:c9:10:7f:
         de:56:1e:49:ee:19:43:ba:6d:59:57:c0:8b:30:43:ce:53:9c:
         88:15:be:b5:d8:b7:ab:44:30:dc:ea:80:27:57:4e:f8:96:54:
         e0:ae:f3:ce:6f:8e:51:55:a5:0a:0f:99:2f:4e:a8:a0:d3:97:
         5b:b9:da:20:79:85:05:3c:72:9c:c2:c1:7e:ef:69:d6:95:87:
         f0:7f:57:32:ac:69:c2:0c:a5:2c:b4:7b:40:0e:eb:9a:00:19:
         c9:de:69:e5:c3:f7:93:a7:9a:6f:d6:08:66:75:2c:1b:0d:9e:
         2c:65:28:50
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYkROEWronpEr2tw6EQC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhhMGE3MTI0OTZiZWVkZGVkODgzM2U0ZmQ1YjA4YTU3OTk0MDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDfc1dWLsWVJCZMufpsplBaArcmx
dI+sSjw6Wdgrw31r1/qBztDlMVIteaNE2HBclGD6apz1FawFBGEnjY9/rDVZ08uN
3ZNudf9LYvo+jNMbonJbD63JnG6tb2Doj1es6fUHhBYq2aHZEQ8iwfptHen0ZkQd
rA/wgxxAduNKt2E21yy5LcVqGNlApO2zcKIXOx+d3NW9M+hTGe+P/obiRwKxsT/2
M0oX6M4gOOC+g9ljVnWF57tuGVAoXScrS8pn0YSieVy1iShDXhPJRNkfz2SKkAs1
s+xGXVz5aJdA+fwIQiH82GhEnJJkQKfEnOco/oDEjyGMysVUWMf//jlNeQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD+KCnEklr7t3tiDPk/VsIpXmUATMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvUDRvS2NTU1d2dTNlMklNLVQ5V3dpbGVaUUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAgX4w0477Sjovew6vkuHTMG/C9Bjz/28Ify62RMDQ
7uGgv0w3rRu/HcdZzeaqJ3S32MoxA/IIBxBa4yy1XpUlkeTYnPelZNZmC2vcEhQf
YzhbXiymqMnPiQU3WzaruONp6HEVns/ksAzyjdykBK7oM4h0kW+WgfSXa6ejc16r
B+pCBWie1evFIbMqZwDNyRB/3lYeSe4ZQ7ptWVfAizBDzlOciBW+tdi3q0Qw3OqA
J1dO+JZU4K7zzm+OUVWlCg+ZL06ooNOXW7naIHmFBTxynMLBfu9p1pWH8H9XMqxp
wgylLLR7QA7rmgAZyd5p5cP3k6eab9YIZnUsGw2eLGUoUA==
-----END CERTIFICATE-----