Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/TcdCMBb_WmhZwG-Of5WeJryOnAM.roa
File:                     TcdCMBb_WmhZwG-Of5WeJryOnAM.roa (raw, json)
Hash identifier:          /xG45zO2CBR13x7CzLys/2c0jngbUox4083xqTNGP+s=
Subject key identifier:   4D:C7:42:30:16:FF:5A:68:59:C0:6F:8E:7F:95:9E:26:BC:8E:9C:03
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F626403CA7CACAD63E08E0B683C97A2
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/TcdCMBb_WmhZwG-Of5WeJryOnAM.roa
Signing time:             Tue 25 Jun 2024 12:32:46 +0000
ROA not before:           Tue 25 Jun 2024 12:32:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396608
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:64:03:ca:7c:ac:ad:63:e0:8e:0b:68:3c:97:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dc7423016ff5a6859c06f8e7f959e26bc8e9c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ca:60:60:15:4e:f5:b2:ba:2d:6a:db:54:84:
                    0b:73:e5:b4:10:f8:2e:58:0b:cf:2c:55:18:c4:9e:
                    8b:45:33:42:a5:20:eb:21:31:4c:d3:66:b9:70:f1:
                    8a:2d:64:72:61:27:4c:3e:e8:fa:fb:0b:33:31:0a:
                    67:1a:3f:4d:f2:03:36:ce:e2:cd:3e:7c:32:19:22:
                    3a:5a:78:cd:8b:12:a5:c1:dc:50:ce:8c:9f:f7:7e:
                    85:b7:e6:07:a5:4b:cd:f2:bd:81:6c:75:ff:5b:cd:
                    6c:2f:b7:d7:c7:f4:48:6b:96:3b:55:ae:c4:be:0a:
                    87:39:40:41:eb:de:7f:9f:d5:00:63:5c:a5:f9:65:
                    aa:5e:b9:5e:cf:55:e6:92:70:e8:71:04:c0:f2:87:
                    3a:33:0c:90:6e:06:bd:ba:69:ea:30:9c:8c:7f:f0:
                    dd:5a:1d:21:e1:89:87:c1:f7:97:a3:0c:e9:fd:26:
                    18:04:67:bd:e8:55:9b:5a:6b:a7:42:a3:8e:c7:6b:
                    30:42:79:d8:b0:bc:e0:60:0d:19:1a:45:df:1e:6c:
                    ae:90:f1:05:ed:4c:57:46:2c:72:57:f4:db:84:bf:
                    95:29:ec:29:e1:8b:65:aa:7d:eb:64:7f:95:95:e3:
                    fb:c6:98:99:5b:7c:8f:7b:b1:7f:0a:82:20:ab:59:
                    15:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C7:42:30:16:FF:5A:68:59:C0:6F:8E:7F:95:9E:26:BC:8E:9C:03
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/TcdCMBb_WmhZwG-Of5WeJryOnAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         60:8c:da:90:42:11:66:60:6b:f7:cc:f9:19:b3:a9:dd:5c:54:
         4c:58:78:29:37:dd:c7:35:c1:44:87:f5:44:aa:af:d6:18:9b:
         7c:4b:38:e1:7a:57:48:69:96:b5:c3:b5:df:95:aa:ec:43:fc:
         35:b5:a4:72:dd:6a:30:46:16:cf:8f:bf:b6:26:2b:91:0e:9c:
         4e:e2:65:d1:6f:db:38:d2:99:b9:11:9f:c0:74:fa:83:c7:aa:
         cc:e9:47:38:7a:ce:a9:4f:e6:bb:aa:00:ec:7d:a8:50:2d:ee:
         6b:0d:ef:65:80:8d:b1:9f:ae:1e:32:e1:9a:f4:76:54:8b:42:
         b7:21:4a:53:a2:cc:70:4a:05:5b:42:da:a1:72:4a:2b:3d:ab:
         67:7a:08:32:b6:4c:15:b4:3e:e9:ea:a4:34:75:c5:a8:9b:31:
         8a:d9:cc:de:bb:f3:5f:e2:a4:ae:c7:b6:03:99:f5:8b:00:d8:
         ad:5c:ca:88:09:64:75:67:c2:c0:8f:b9:20:59:c0:7e:6e:2d:
         60:28:50:9f:18:68:a9:f3:9b:c4:9c:f3:33:32:f7:5f:5b:74:
         f6:21:bb:56:2a:12:66:c3:32:29:11:4a:2e:55:96:e4:79:64:
         ea:4f:ca:88:0f:b9:ff:69:b4:93:46:b1:09:03:12:d7:2c:53:
         fd:29:4d:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYmQDynysrWPgjgtoPJeiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGM3NDIzMDE2ZmY1YTY4NTljMDZmOGU3Zjk1OWUyNmJjOGU5YzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5spgYBVO9bK6LWrbVIQLc+W0EPgu
WAvPLFUYxJ6LRTNCpSDrITFM02a5cPGKLWRyYSdMPuj6+wszMQpnGj9N8gM2zuLN
PnwyGSI6WnjNixKlwdxQzoyf936Ft+YHpUvN8r2BbHX/W81sL7fXx/RIa5Y7Va7E
vgqHOUBB695/n9UAY1yl+WWqXrlez1XmknDocQTA8oc6MwyQbga9umnqMJyMf/Dd
Wh0h4YmHwfeXowzp/SYYBGe96FWbWmunQqOOx2swQnnYsLzgYA0ZGkXfHmyukPEF
7UxXRixyV/TbhL+VKewp4Ytlqn3rZH+VleP7xpiZW3yPe7F/CoIgq1kVIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE3HQjAW/1poWcBvjn+Vnia8jpwDMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvVGNkQ01CYl9XbWhad0ctT2Y1V2VKcnlPbkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAYIzakEIRZmBr98z5GbOp3VxUTFh4KTfdxzXBRIf1
RKqv1hibfEs44XpXSGmWtcO135Wq7EP8NbWkct1qMEYWz4+/tiYrkQ6cTuJl0W/b
ONKZuRGfwHT6g8eqzOlHOHrOqU/mu6oA7H2oUC3uaw3vZYCNsZ+uHjLhmvR2VItC
tyFKU6LMcEoFW0LaoXJKKz2rZ3oIMrZMFbQ+6eqkNHXFqJsxitnM3rvzX+Kkrse2
A5n1iwDYrVzKiAlkdWfCwI+5IFnAfm4tYChQnxhoqfObxJzzMzL3X1t09iG7VioS
ZsMyKRFKLlWW5Hlk6k/KiA+5/2m0k0axCQMS1yxT/SlN5A==
-----END CERTIFICATE-----