Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/WxyYSgawgBVE4AvnWNk4iqUo8Us.roa
File:                     WxyYSgawgBVE4AvnWNk4iqUo8Us.roa (raw, json)
Hash identifier:          Qk2VInPzoTRbAYn/amxQj3Z47zLyGxTfrllMlWA4ZWc=
Subject key identifier:   5B:1C:98:4A:06:B0:80:15:44:E0:0B:E7:58:D9:38:8A:A5:28:F1:4B
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F626F084D28A8F3EE4C7AF8F84BCD23
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/WxyYSgawgBVE4AvnWNk4iqUo8Us.roa
Signing time:             Tue 25 Jun 2024 12:32:49 +0000
ROA not before:           Tue 25 Jun 2024 12:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397199
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:6f:08:4d:28:a8:f3:ee:4c:7a:f8:f8:4b:cd:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b1c984a06b0801544e00be758d9388aa528f14b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:34:c0:8c:0e:15:01:cf:e2:cc:23:20:ea:e8:
                    f6:ae:e6:f6:06:a2:2d:1e:fb:9e:01:6b:6e:16:cf:
                    26:67:25:c5:f0:6f:77:5d:51:4e:7c:46:3b:c2:b1:
                    fa:ab:32:4a:0a:04:69:3e:8d:43:58:d0:ef:80:2d:
                    0b:6a:3b:e3:c7:4b:8c:d9:2c:d0:8c:fb:34:d2:e6:
                    11:5a:06:30:d5:f6:3d:84:63:0a:7c:24:88:68:3e:
                    46:61:c3:b7:62:2e:cb:04:f6:38:0c:65:de:a9:ff:
                    d2:d0:c1:96:a0:0a:b3:b0:17:d3:f9:9d:b1:bb:73:
                    ab:e8:de:e6:d6:6f:a5:6d:49:25:af:dc:c1:62:99:
                    9a:6d:02:bd:5d:74:9e:8f:99:f7:56:46:5e:2a:08:
                    d7:5b:32:35:c9:27:79:52:22:0e:7a:b3:fc:13:f6:
                    43:13:e5:96:a9:8a:ee:90:2a:b5:f0:50:52:71:f2:
                    70:5a:ee:6d:00:a5:af:ee:31:e2:2e:f6:4b:66:08:
                    ab:9e:02:62:c0:07:d9:4b:10:f5:17:5f:27:25:d1:
                    14:ca:c7:0a:87:47:28:bb:3c:7b:a1:59:5a:2e:7f:
                    2a:94:9f:62:65:f8:96:f5:2c:7f:36:38:0f:75:b0:
                    1d:f6:04:2a:a8:2c:bc:40:1a:63:16:85:b7:8e:4b:
                    d9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:1C:98:4A:06:B0:80:15:44:E0:0B:E7:58:D9:38:8A:A5:28:F1:4B
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/WxyYSgawgBVE4AvnWNk4iqUo8Us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         9d:a5:29:af:9a:63:cc:de:df:e7:c9:0f:6e:9b:94:ae:26:84:
         0c:fe:b0:c9:e3:19:b6:a5:ef:4e:24:2e:34:75:58:41:c8:91:
         a0:45:57:79:d6:6e:b1:90:84:04:70:4f:9b:1b:a4:a5:9c:26:
         08:c1:c0:21:e4:0b:ea:17:88:23:f1:21:b5:0e:08:5a:06:81:
         89:9a:2f:c9:31:e0:2b:27:37:4c:14:27:93:5b:bf:92:24:75:
         78:34:af:a3:e3:29:91:18:6a:12:78:2d:db:b2:28:90:9f:00:
         a5:f9:75:8c:6f:13:ab:b0:56:31:d1:90:89:f7:14:66:22:f6:
         34:40:28:1f:38:2c:3d:15:7d:26:23:3d:86:1d:ca:45:10:c4:
         de:87:b6:66:0b:eb:96:c6:4b:7c:95:17:df:46:69:9d:4b:d3:
         9e:38:db:0e:38:26:fd:9b:94:aa:f5:c5:60:13:a9:d5:13:b4:
         c1:bb:d5:6f:02:ff:a1:d4:f6:eb:1d:5b:7f:3a:69:31:38:cb:
         ae:2b:3a:b7:17:45:ac:bb:65:32:41:e3:51:f1:77:1e:b0:90:
         1c:70:c8:d4:f4:ad:b3:bf:2c:c0:11:de:ee:39:92:f1:07:bb:
         fe:54:1c:46:a8:82:57:81:5a:96:29:1f:db:44:3e:bd:70:df:
         bf:e3:e9:78
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYm8ITSio8+5Mevj4S80jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjFjOTg0YTA2YjA4MDE1NDRlMDBiZTc1OGQ5Mzg4YWE1MjhmMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzTAjA4VAc/izCMg6uj2rub2BqIt
HvueAWtuFs8mZyXF8G93XVFOfEY7wrH6qzJKCgRpPo1DWNDvgC0Lajvjx0uM2SzQ
jPs00uYRWgYw1fY9hGMKfCSIaD5GYcO3Yi7LBPY4DGXeqf/S0MGWoAqzsBfT+Z2x
u3Or6N7m1m+lbUklr9zBYpmabQK9XXSej5n3VkZeKgjXWzI1ySd5UiIOerP8E/ZD
E+WWqYrukCq18FBScfJwWu5tAKWv7jHiLvZLZgirngJiwAfZSxD1F18nJdEUyscK
h0couzx7oVlaLn8qlJ9iZfiW9Sx/NjgPdbAd9gQqqCy8QBpjFoW3jkvZbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFscmEoGsIAVROAL51jZOIqlKPFLMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvV3h5WVNnYXdnQlZFNEF2bldOazRpcVVvOFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAnaUpr5pjzN7f58kPbpuUriaEDP6wyeMZtqXvTiQu
NHVYQciRoEVXedZusZCEBHBPmxukpZwmCMHAIeQL6heII/EhtQ4IWgaBiZovyTHg
Kyc3TBQnk1u/kiR1eDSvo+MpkRhqEngt27IokJ8Apfl1jG8Tq7BWMdGQifcUZiL2
NEAoHzgsPRV9JiM9hh3KRRDE3oe2ZgvrlsZLfJUX30ZpnUvTnjjbDjgm/ZuUqvXF
YBOp1RO0wbvVbwL/odT26x1bfzppMTjLris6txdFrLtlMkHjUfF3HrCQHHDI1PSt
s78swBHe7jmS8Qe7/lQcRqiCV4Falikf20Q+vXDfv+PpeA==
-----END CERTIFICATE-----