Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Xrb8BViCv9CbsBVHh78f_ul9-VM.roa
File:                     Xrb8BViCv9CbsBVHh78f_ul9-VM.roa (raw, json)
Hash identifier:          0L7cRw+MAYvXLkMn1ARKYiqtv5QJ/nJDFC7b6EzKT94=
Subject key identifier:   5E:B6:FC:05:58:82:BF:D0:9B:B0:15:47:87:BF:1F:FE:E9:7D:F9:53
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBC04EE53CC07042A04573C25EE059
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Xrb8BViCv9CbsBVHh78f_ul9-VM.roa
Signing time:             Wed 01 Jan 2025 17:48:31 +0000
ROA not before:           Wed 01 Jan 2025 17:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396560
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c0:4e:e5:3c:c0:70:42:a0:45:73:c2:5e:e0:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5eb6fc055882bfd09bb0154787bf1ffee97df953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3d:8d:1a:89:f2:eb:32:d7:81:44:f4:99:2c:
                    0e:d9:aa:2f:2e:b6:a0:30:47:3f:66:60:66:64:59:
                    15:e8:cb:d9:40:ad:4f:43:d7:7c:da:bc:ea:0c:e2:
                    7b:75:41:94:dd:95:b5:9c:ff:c4:10:4c:36:94:67:
                    93:79:16:2b:b1:6e:6d:08:1c:fc:a1:7f:10:0c:9a:
                    35:18:0f:90:3a:8f:13:aa:53:f4:c9:2d:f6:a9:67:
                    38:3e:d4:a1:4d:0c:3d:39:ba:b4:61:ca:91:c4:27:
                    a9:64:17:07:9c:02:17:c2:a9:70:c3:dc:34:cf:01:
                    7e:d9:84:a5:d9:b5:25:be:dc:9f:9d:c4:37:e7:0f:
                    7a:5b:68:dd:33:1e:6e:9d:18:f8:2c:90:21:b1:ea:
                    64:7f:87:51:b3:0e:72:6b:a5:2f:a6:39:ad:75:08:
                    fc:e1:56:b7:f3:1d:ad:b7:69:b0:df:71:7f:d7:34:
                    07:dc:c9:8f:3d:d5:3b:2c:53:5d:05:11:3e:33:20:
                    b2:09:32:44:28:bb:43:eb:05:f5:45:52:24:56:5c:
                    4c:dc:6e:e6:04:2f:95:47:6b:c0:14:af:fe:f7:da:
                    46:1d:17:d9:00:00:ba:b7:b7:23:60:f4:96:93:a5:
                    47:fd:5e:9e:c8:9c:76:30:22:1e:da:7e:c1:30:30:
                    85:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:B6:FC:05:58:82:BF:D0:9B:B0:15:47:87:BF:1F:FE:E9:7D:F9:53
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Xrb8BViCv9CbsBVHh78f_ul9-VM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:d2:3f:64:d9:6c:a9:d4:28:2a:1a:8d:79:f0:a1:53:3a:2c:
         bb:58:79:f1:29:3c:e5:0e:3b:28:a5:a0:c3:3d:02:f1:d5:54:
         aa:03:b7:fc:98:33:b6:6c:08:08:8c:b7:0d:ad:07:9f:a8:bf:
         b7:fd:fc:44:ab:18:ce:5a:5c:e3:92:a0:d7:5a:0a:92:a6:17:
         e7:f0:59:44:69:d4:b3:dd:b0:ef:cf:a4:86:bf:34:f5:58:70:
         f5:1e:f3:12:98:ac:70:ce:a4:4d:7c:d4:a1:f5:81:7d:97:a3:
         43:6d:0c:43:3c:e8:01:c4:1e:93:7d:f3:57:18:be:fb:4e:27:
         7c:8e:24:c7:b9:23:1c:83:de:e5:7b:0f:12:92:cc:7d:76:11:
         c8:05:cf:f1:b7:c5:b3:33:73:7e:5d:e7:64:c0:e1:b6:37:3e:
         69:27:79:a9:58:79:72:bd:c1:29:36:ad:65:e7:ca:5b:fb:f2:
         c1:5e:5b:a5:e4:4d:d6:f4:8d:62:d1:d6:c7:bc:1d:ea:1e:ca:
         aa:ab:ec:e8:a9:5b:90:6e:83:a1:94:02:77:e0:0b:2a:f2:6e:
         82:89:dd:1d:61:85:8d:c6:28:6e:e2:68:0e:7e:1a:88:b5:f0:
         de:1d:88:6f:f0:bf:2e:bf:c4:92:7b:ed:21:f6:4a:8b:71:c0:
         9f:bf:f6:95
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+8BO5TzAcEKgRXPCXuBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWI2ZmMwNTU4ODJiZmQwOWJiMDE1NDc4N2JmMWZmZWU5N2RmOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1j2NGony6zLXgUT0mSwO2aovLrag
MEc/ZmBmZFkV6MvZQK1PQ9d82rzqDOJ7dUGU3ZW1nP/EEEw2lGeTeRYrsW5tCBz8
oX8QDJo1GA+QOo8TqlP0yS32qWc4PtShTQw9Obq0YcqRxCepZBcHnAIXwqlww9w0
zwF+2YSl2bUlvtyfncQ35w96W2jdMx5unRj4LJAhsepkf4dRsw5ya6UvpjmtdQj8
4Va38x2tt2mw33F/1zQH3MmPPdU7LFNdBRE+MyCyCTJEKLtD6wX1RVIkVlxM3G7m
BC+VR2vAFK/+99pGHRfZAAC6t7cjYPSWk6VH/V6eyJx2MCIe2n7BMDCFywIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF62/AVYgr/Qm7AVR4e/H/7pfflTMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWHJiOEJWaUN2OUNic0JWSGg3OGZfdWw5LVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBADvSP2TZbKnUKCoajXnwoVM6LLtYefEp
POUOOyiloMM9AvHVVKoDt/yYM7ZsCAiMtw2tB5+ov7f9/ESrGM5aXOOSoNdaCpKm
F+fwWURp1LPdsO/PpIa/NPVYcPUe8xKYrHDOpE181KH1gX2Xo0NtDEM86AHEHpN9
81cYvvtOJ3yOJMe5IxyD3uV7DxKSzH12EcgFz/G3xbMzc35d52TA4bY3PmknealY
eXK9wSk2rWXnylv78sFeW6XkTdb0jWLR1se8Heoeyqqr7OipW5Bug6GUAnfgCyry
boKJ3R1hhY3GKG7iaA5+Goi18N4diG/wvy6/xJJ77SH2SotxwJ+/9pU=
-----END CERTIFICATE-----