Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/QhtEipdHd57gXu-tDrjTCuAuCf8.roa
File:                     QhtEipdHd57gXu-tDrjTCuAuCf8.roa (raw, json)
Hash identifier:          dYW29jw3Zdx8UlJUZs04SxHhOUCJvtRCb1AHKIxRuGM=
Subject key identifier:   42:1B:44:8A:97:47:77:9E:E0:5E:EF:AD:0E:B8:D3:0A:E0:2E:09:FF
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F623E8FF13E23CFB6327E4434743E52
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/QhtEipdHd57gXu-tDrjTCuAuCf8.roa
Signing time:             Tue 25 Jun 2024 12:32:36 +0000
ROA not before:           Tue 25 Jun 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36629
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:3e:8f:f1:3e:23:cf:b6:32:7e:44:34:74:3e:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=421b448a9747779ee05eefad0eb8d30ae02e09ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:06:b3:82:0b:26:ce:84:dd:19:8a:31:02:fd:
                    05:d9:11:dc:7e:48:8b:f7:aa:2e:98:4e:4e:c8:29:
                    a8:24:32:69:03:aa:84:cb:3c:3b:fb:2d:a8:ff:46:
                    9f:77:5f:e6:10:31:11:e0:c7:17:15:de:95:e3:00:
                    21:61:cf:03:5f:63:42:f1:d6:a8:a3:0d:c1:d2:15:
                    4c:32:e1:37:4b:13:1e:04:d2:c9:35:ac:d2:73:a7:
                    47:71:07:a5:25:9e:63:99:63:58:63:c1:34:83:69:
                    f7:90:23:df:3c:d8:0e:9b:ce:7c:c7:06:be:77:0a:
                    f5:fd:45:a5:62:0b:2c:35:4b:b3:e3:ba:29:9d:84:
                    35:dd:1e:8a:37:82:e6:34:e9:4a:06:04:22:4a:12:
                    9a:e4:c2:e4:76:f4:c8:ca:92:32:fd:72:01:29:84:
                    d5:a4:c0:29:da:a0:5e:83:a0:49:06:72:99:8c:78:
                    f5:d3:a5:87:51:bd:ee:8d:97:e3:17:01:3e:a5:ca:
                    65:e6:25:9e:16:00:2c:f7:05:79:49:b9:c5:8e:51:
                    e1:54:c2:6b:ef:0b:7b:36:4a:e3:ba:ef:6a:78:e5:
                    fe:10:d6:d6:0d:e0:eb:f9:2a:07:14:a6:6e:fd:e5:
                    15:e1:b2:6a:c2:ee:89:fe:9a:15:8c:6a:3e:2d:3a:
                    47:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:1B:44:8A:97:47:77:9E:E0:5E:EF:AD:0E:B8:D3:0A:E0:2E:09:FF
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/QhtEipdHd57gXu-tDrjTCuAuCf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         55:31:99:c6:c4:39:88:e6:f9:ae:0e:eb:18:c3:09:65:42:bd:
         88:a0:d3:c7:8c:92:b6:16:63:36:9e:f5:67:71:ae:a4:49:f7:
         0c:20:d5:93:48:b4:b6:e1:d4:cb:83:ec:50:68:da:81:83:1e:
         3a:dc:ad:0c:35:e6:a1:6c:08:51:27:5e:63:5a:88:04:e6:b7:
         c2:14:a5:6d:bf:4e:fa:b7:18:f3:03:c1:90:69:fc:b5:84:b0:
         07:f0:7e:71:39:0e:4f:c6:84:dc:f2:e4:3f:46:a6:5d:86:9a:
         fb:45:bb:4b:2c:0e:9c:de:12:79:fa:d7:36:5f:b7:f2:33:d3:
         db:01:f5:19:d1:e8:7c:d5:10:c0:b6:a7:ba:ca:c3:16:ac:5b:
         21:08:11:29:82:38:d8:e2:de:04:36:16:06:5e:c1:30:10:f7:
         2f:58:1b:77:af:ac:40:5f:4d:d5:54:3d:66:31:ed:83:72:f4:
         7a:05:b3:72:6f:eb:ec:37:9c:14:29:6b:91:80:9f:f2:f3:5a:
         71:b9:ad:0e:80:9f:e3:d4:88:47:e6:6a:d9:9a:3b:9a:cb:49:
         60:ae:d2:13:75:9f:27:7c:71:90:14:12:e7:aa:35:e2:b1:a6:
         6f:b6:06:57:50:30:e9:71:9c:ae:4f:c2:57:dc:a5:da:76:b5:
         aa:63:21:2d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYj6P8T4jz7YyfkQ0dD5SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjFiNDQ4YTk3NDc3NzllZTA1ZWVmYWQwZWI4ZDMwYWUwMmUwOWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswazggsmzoTdGYoxAv0F2RHcfkiL
96oumE5OyCmoJDJpA6qEyzw7+y2o/0afd1/mEDER4McXFd6V4wAhYc8DX2NC8dao
ow3B0hVMMuE3SxMeBNLJNazSc6dHcQelJZ5jmWNYY8E0g2n3kCPfPNgOm858xwa+
dwr1/UWlYgssNUuz47opnYQ13R6KN4LmNOlKBgQiShKa5MLkdvTIypIy/XIBKYTV
pMAp2qBeg6BJBnKZjHj106WHUb3ujZfjFwE+pcpl5iWeFgAs9wV5SbnFjlHhVMJr
7wt7Nkrjuu9qeOX+ENbWDeDr+SoHFKZu/eUV4bJqwu6J/poVjGo+LTpHNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEIbRIqXR3ee4F7vrQ640wrgLgn/MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvUWh0RWlwZEhkNTdnWHUtdERyalRDdUF1Q2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAVTGZxsQ5iOb5rg7rGMMJZUK9iKDTx4ySthZjNp71
Z3GupEn3DCDVk0i0tuHUy4PsUGjagYMeOtytDDXmoWwIUSdeY1qIBOa3whSlbb9O
+rcY8wPBkGn8tYSwB/B+cTkOT8aE3PLkP0amXYaa+0W7SywOnN4SefrXNl+38jPT
2wH1GdHofNUQwLanusrDFqxbIQgRKYI42OLeBDYWBl7BMBD3L1gbd6+sQF9N1VQ9
ZjHtg3L0egWzcm/r7DecFClrkYCf8vNacbmtDoCf49SIR+Zq2Zo7mstJYK7SE3Wf
J3xxkBQS56o14rGmb7YGV1Aw6XGcrk/CV9yl2na1qmMhLQ==
-----END CERTIFICATE-----