Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/VoCZ78fr5GkL6v-SkeFgy_G8J4A.roa
File:                     VoCZ78fr5GkL6v-SkeFgy_G8J4A.roa (raw, json)
Hash identifier:          FdJhsTTnfF8SpSomSXYaBooTXh3UWH3ScZUBGAgcEjA=
Subject key identifier:   56:80:99:EF:C7:EB:E4:69:0B:EA:FF:92:91:E1:60:CB:F1:BC:27:80
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBB7AC4E6CCFA17BDEAAA2F31F5609
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/VoCZ78fr5GkL6v-SkeFgy_G8J4A.roa
Signing time:             Wed 01 Jan 2025 17:48:29 +0000
ROA not before:           Wed 01 Jan 2025 17:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396540
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b7:ac:4e:6c:cf:a1:7b:de:aa:a2:f3:1f:56:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=568099efc7ebe4690beaff9291e160cbf1bc2780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a2:0e:b9:5d:4e:34:64:57:23:03:84:45:4e:
                    8b:e5:a0:d8:03:6b:06:10:c1:67:f3:de:e5:75:f3:
                    3e:69:a1:bc:51:38:03:03:b7:de:dc:f6:91:da:65:
                    30:b7:e3:19:98:9c:8a:e6:4a:b8:fc:c0:61:13:94:
                    7d:87:7f:cb:ea:3a:03:9b:11:f1:71:96:bc:a1:34:
                    f1:04:b2:c8:b4:ab:a4:96:e8:73:ae:92:47:75:fd:
                    ff:e3:91:2b:67:3c:8f:87:9e:ed:9f:74:b8:3e:4b:
                    ad:0a:be:27:d8:e5:77:55:39:14:54:3b:b7:a6:22:
                    ad:37:fa:19:1d:d0:f2:0f:0f:54:b4:b0:cb:d4:64:
                    d6:7b:43:ce:5b:a6:5e:6d:d9:a0:6a:20:5f:83:00:
                    3a:c1:58:81:64:9e:26:ea:ea:67:bf:1a:c0:db:3d:
                    5c:b8:31:98:55:86:96:63:55:13:0a:ef:0a:2a:15:
                    01:32:43:97:7d:2f:4d:50:13:37:79:ca:2a:c5:bd:
                    8e:b4:c5:ac:a4:b2:28:d8:ec:6c:00:f6:54:02:50:
                    b8:57:74:6c:64:b8:47:95:b0:f2:50:e3:fe:a4:2e:
                    8b:4e:fe:d6:76:db:d6:7b:35:35:d6:38:54:71:33:
                    1d:bd:e7:3f:3c:2c:27:12:22:a7:08:46:29:5a:94:
                    69:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:80:99:EF:C7:EB:E4:69:0B:EA:FF:92:91:E1:60:CB:F1:BC:27:80
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/VoCZ78fr5GkL6v-SkeFgy_G8J4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         43:1b:12:2f:d3:d9:32:a0:fd:c0:73:09:c1:2a:3c:34:a0:9a:
         e8:72:d8:a6:ff:f6:39:22:49:28:41:1a:d9:9c:03:a1:50:7d:
         d5:21:26:73:a9:72:8e:5c:f7:db:83:9f:ec:f2:a3:59:3e:51:
         4c:a5:eb:29:ed:d1:68:08:22:c8:ae:73:ac:b9:b1:8f:88:19:
         de:fb:fb:40:71:82:86:cd:7b:44:10:54:89:fc:47:1e:49:4f:
         4b:71:ae:51:09:42:51:d2:75:a9:a6:70:10:af:4e:2c:1c:a3:
         5b:f8:b8:69:d5:f1:b8:d9:cd:b9:ef:22:1d:f6:da:65:50:e9:
         a4:7a:bc:05:72:1d:79:ec:06:77:9f:b5:bf:3d:c7:9c:67:c3:
         69:2d:ea:eb:c6:62:03:4f:ef:fc:eb:45:9a:28:31:bc:ae:15:
         ca:cf:db:18:9a:8f:7f:cc:7d:ef:bd:7b:af:fb:ea:80:4f:ae:
         9a:d9:b8:d2:11:7a:c3:5e:9a:0c:94:5c:6a:8a:c9:e8:4b:93:
         ee:8c:e4:60:25:67:8c:6b:e0:48:6d:d8:d0:8b:a9:98:b6:37:
         ef:4f:2d:2c:fa:89:c4:a3:dd:57:7f:04:92:63:75:33:ea:8d:
         7d:26:16:56:0f:ca:11:b4:ea:94:a9:f5:a2:c0:72:0f:ae:61:
         f2:67:ea:8c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+7esTmzPoXveqqLzH1YJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjgwOTllZmM3ZWJlNDY5MGJlYWZmOTI5MWUxNjBjYmYxYmMyNzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6IOuV1ONGRXIwOERU6L5aDYA2sG
EMFn897ldfM+aaG8UTgDA7fe3PaR2mUwt+MZmJyK5kq4/MBhE5R9h3/L6joDmxHx
cZa8oTTxBLLItKukluhzrpJHdf3/45ErZzyPh57tn3S4PkutCr4n2OV3VTkUVDu3
piKtN/oZHdDyDw9UtLDL1GTWe0POW6ZebdmgaiBfgwA6wViBZJ4m6upnvxrA2z1c
uDGYVYaWY1UTCu8KKhUBMkOXfS9NUBM3ecoqxb2OtMWspLIo2OxsAPZUAlC4V3Rs
ZLhHlbDyUOP+pC6LTv7WdtvWezU11jhUcTMdvec/PCwnEiKnCEYpWpRpfQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFaAme/H6+RpC+r/kpHhYMvxvCeAMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvVm9DWjc4ZnI1R2tMNnYtU2tlRmd5X0c4SjRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAEMbEi/T2TKg/cBzCcEqPDSgmuhy2Kb/
9jkiSShBGtmcA6FQfdUhJnOpco5c99uDn+zyo1k+UUyl6ynt0WgIIsiuc6y5sY+I
Gd77+0BxgobNe0QQVIn8Rx5JT0txrlEJQlHSdammcBCvTiwco1v4uGnV8bjZzbnv
Ih322mVQ6aR6vAVyHXnsBneftb89x5xnw2kt6uvGYgNP7/zrRZooMbyuFcrP2xia
j3/Mfe+9e6/76oBPrprZuNIResNemgyUXGqKyehLk+6M5GAlZ4xr4Eht2NCLqZi2
N+9PLSz6icSj3Vd/BJJjdTPqjX0mFlYPyhG06pSp9aLAcg+uYfJn6ow=
-----END CERTIFICATE-----