Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/S-D4ZJ0q1ptr0hK7mEiX4nlXYFE.roa
File:                     S-D4ZJ0q1ptr0hK7mEiX4nlXYFE.roa (raw, json)
Hash identifier:          88R3tYwBMwfExjNO5+9RPkO3S3JcMc6EzapMiGy1JLI=
Subject key identifier:   4B:E0:F8:64:9D:2A:D6:9B:6B:D2:12:BB:98:48:97:E2:79:57:60:51
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F625E97CAE490BE496DFC12ACDDFC34
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/S-D4ZJ0q1ptr0hK7mEiX4nlXYFE.roa
Signing time:             Tue 25 Jun 2024 12:32:45 +0000
ROA not before:           Tue 25 Jun 2024 12:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396593
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:5e:97:ca:e4:90:be:49:6d:fc:12:ac:dd:fc:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4be0f8649d2ad69b6bd212bb984897e279576051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ff:46:a3:96:03:55:b7:1f:53:e7:23:bc:19:
                    52:48:e2:f3:0f:02:67:7c:f9:1f:67:3b:fc:96:95:
                    5d:fb:4c:b5:c3:9b:57:bd:54:c4:c4:08:12:a6:e0:
                    b4:d2:ca:21:7e:e8:aa:d7:ea:e6:57:02:d1:63:79:
                    53:31:b3:f5:db:5e:8b:c3:20:d2:69:fc:51:2d:b2:
                    a1:d4:90:2b:81:3f:c2:c7:a8:bd:30:cb:eb:ba:59:
                    77:eb:61:81:b0:11:83:68:72:36:d7:c0:e2:38:ad:
                    f4:d5:b2:b3:3c:51:49:43:8b:5e:92:19:65:73:ae:
                    a2:be:ac:0e:09:ef:a3:b3:63:1f:0c:1a:4c:10:07:
                    1c:a4:81:73:e7:aa:90:74:59:b6:c7:14:79:90:60:
                    24:7d:73:19:d3:a8:a4:a4:55:83:af:b7:d4:b8:a2:
                    bd:5a:a7:94:5d:8b:d7:8e:c2:71:89:33:4e:c9:0a:
                    b9:15:96:16:4f:cd:e4:e8:b7:eb:c3:06:52:2d:98:
                    2f:8f:19:e6:3b:dd:63:30:32:f3:68:88:1d:39:73:
                    0c:a1:07:3b:5a:4f:6c:74:44:23:d0:e5:fc:66:29:
                    f7:e8:03:cb:71:e5:67:b7:15:ae:dd:2e:ea:be:f0:
                    c9:16:d3:d3:ca:93:d5:60:fe:df:5b:21:07:eb:a6:
                    3c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E0:F8:64:9D:2A:D6:9B:6B:D2:12:BB:98:48:97:E2:79:57:60:51
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/S-D4ZJ0q1ptr0hK7mEiX4nlXYFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         86:25:d4:71:76:37:30:b3:fe:4c:12:8a:ca:1c:6f:06:74:b7:
         8a:ac:fe:72:f1:bc:ae:1a:d1:17:ec:ba:db:9e:6f:65:0f:69:
         b8:3a:c0:74:50:6e:50:33:50:4a:55:fe:df:1c:91:d3:45:62:
         14:79:ac:a0:19:57:75:43:c2:03:8e:10:84:55:c0:d9:31:ac:
         37:70:21:44:10:bf:e6:7f:df:d3:1e:29:9c:6f:39:09:48:86:
         a1:ca:d7:1b:ce:76:0c:c6:cf:d2:30:37:ec:95:d5:a2:89:b8:
         7b:30:25:d2:6b:ec:b5:32:bb:04:d1:91:a0:42:ce:52:d4:1b:
         f8:ab:c8:ae:23:55:83:4a:9a:ca:b9:b5:4a:d1:88:23:0d:a5:
         c9:2a:39:eb:74:75:b5:d3:63:71:12:25:09:2c:1b:77:de:37:
         de:8e:ae:a7:3c:f9:bb:b6:3b:c1:a9:5f:b6:b4:c2:c5:53:da:
         cc:64:7b:5e:3e:e5:0c:c7:e7:45:bb:07:b5:2f:c7:dd:d8:36:
         ce:ea:64:83:24:4b:26:ce:8a:4b:27:bf:18:fe:b9:25:9c:6b:
         d7:23:5a:bd:47:36:d6:94:41:db:5a:3e:6d:78:de:ae:91:dd:
         85:fc:0a:4c:ad:74:49:5d:4e:6f:a0:d5:48:92:16:d3:03:4b:
         06:91:1e:91
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYl6XyuSQvklt/BKs3fw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmUwZjg2NDlkMmFkNjliNmJkMjEyYmI5ODQ4OTdlMjc5NTc2MDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP9Go5YDVbcfU+cjvBlSSOLzDwJn
fPkfZzv8lpVd+0y1w5tXvVTExAgSpuC00sohfuiq1+rmVwLRY3lTMbP1216LwyDS
afxRLbKh1JArgT/Cx6i9MMvrull362GBsBGDaHI218DiOK301bKzPFFJQ4tekhll
c66ivqwOCe+js2MfDBpMEAccpIFz56qQdFm2xxR5kGAkfXMZ06ikpFWDr7fUuKK9
WqeUXYvXjsJxiTNOyQq5FZYWT83k6LfrwwZSLZgvjxnmO91jMDLzaIgdOXMMoQc7
Wk9sdEQj0OX8Zin36APLceVntxWu3S7qvvDJFtPTypPVYP7fWyEH66Y8KQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEvg+GSdKtaba9ISu5hIl+J5V2BRMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvUy1ENFpKMHExcHRyMGhLN21FaVg0bmxYWUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAhiXUcXY3MLP+TBKKyhxvBnS3iqz+cvG8rhrRF+y6
255vZQ9puDrAdFBuUDNQSlX+3xyR00ViFHmsoBlXdUPCA44QhFXA2TGsN3AhRBC/
5n/f0x4pnG85CUiGocrXG852DMbP0jA37JXVoom4ezAl0mvstTK7BNGRoELOUtQb
+KvIriNVg0qayrm1StGIIw2lySo563R1tdNjcRIlCSwbd9433o6upzz5u7Y7walf
trTCxVPazGR7Xj7lDMfnRbsHtS/H3dg2zupkgyRLJs6KSye/GP65JZxr1yNavUc2
1pRB21o+bXjerpHdhfwKTK10SV1Ob6DVSJIW0wNLBpEekQ==
-----END CERTIFICATE-----