Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XuNWKEjoRA2D-dZA8KA1WyuLBXY.roa
File:                     XuNWKEjoRA2D-dZA8KA1WyuLBXY.roa (raw, json)
Hash identifier:          z5WWoYIOhFHjkshNxQKaMXgHmD+tdndFosqFMWveocA=
Subject key identifier:   5E:E3:56:28:48:E8:44:0D:83:F9:D6:40:F0:A0:35:5B:2B:8B:05:76
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F6262125FFB833674386BCB783EA248
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XuNWKEjoRA2D-dZA8KA1WyuLBXY.roa
Signing time:             Tue 25 Jun 2024 12:32:45 +0000
ROA not before:           Tue 25 Jun 2024 12:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396602
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:62:12:5f:fb:83:36:74:38:6b:cb:78:3e:a2:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ee3562848e8440d83f9d640f0a0355b2b8b0576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:31:6d:c0:2a:8f:64:64:a4:ed:36:50:72:45:
                    35:43:5f:c5:a8:fa:97:4b:c2:21:c7:58:6d:b4:5a:
                    f0:d0:53:3d:bb:e0:a5:b7:9c:0b:93:9b:19:4b:ca:
                    45:30:64:1f:39:d5:64:45:b4:66:e2:3e:da:33:cf:
                    49:38:0a:67:4b:39:07:e1:66:93:ee:d8:20:3d:87:
                    eb:d6:8f:87:a6:22:11:b6:80:01:45:60:40:28:a6:
                    d3:f1:a1:48:47:89:0b:61:19:40:c2:a9:01:1d:05:
                    a5:38:92:aa:f5:fc:68:6c:33:a9:7e:00:6d:95:74:
                    30:cd:dd:fa:d3:07:d1:ff:c9:7a:38:b7:d7:d6:f3:
                    e4:d0:1c:0a:49:a6:78:92:8f:69:4b:e3:50:3f:ad:
                    8c:4f:9e:59:2c:c0:11:23:0e:65:35:bd:cc:17:83:
                    5c:77:54:c9:be:48:63:fa:be:cb:68:e2:75:e9:3a:
                    76:18:b9:be:2a:0a:59:94:39:e6:71:48:c5:c7:4d:
                    81:3d:f0:7b:c6:a3:d1:9e:e2:20:7f:87:fe:72:82:
                    fc:7d:f8:ad:65:3d:e7:62:b8:ab:bd:90:fa:93:5d:
                    d6:44:8f:1a:c5:5f:18:47:6c:f3:a7:bb:72:51:75:
                    56:5d:b8:11:1a:44:c4:e9:9d:ff:1b:fa:0a:7e:31:
                    ef:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E3:56:28:48:E8:44:0D:83:F9:D6:40:F0:A0:35:5B:2B:8B:05:76
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XuNWKEjoRA2D-dZA8KA1WyuLBXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         56:2c:ff:8e:f5:27:6f:ad:c2:13:8a:d7:1b:9d:d9:0a:1b:a5:
         8b:28:5c:78:f4:f3:90:a2:c1:98:3c:f3:95:f8:d3:26:66:42:
         b1:96:97:ea:60:00:71:6a:13:2a:70:6e:4f:9b:37:ed:7f:4d:
         aa:98:2c:e8:ac:c2:db:64:97:0e:de:2e:a1:59:5c:a3:15:cf:
         20:9b:33:56:08:85:97:50:7e:01:0e:c3:77:2a:52:69:db:66:
         b2:f5:00:61:f7:30:2f:3a:ca:67:39:ec:1c:f6:76:13:1f:05:
         ef:62:2e:6b:eb:41:3f:91:86:7d:4f:08:94:ab:aa:15:4a:7f:
         33:5f:15:7c:b4:a0:a0:24:9d:5c:d5:da:a9:30:fe:7d:65:ce:
         45:2b:c3:69:58:7b:25:ba:c7:f9:8b:21:7f:6a:c7:ba:09:c0:
         0b:6d:1a:02:03:23:f7:01:2f:52:d1:69:c9:4c:d2:f5:68:61:
         43:4c:81:5e:d9:fa:8b:a4:c8:79:21:1c:83:b1:16:af:30:42:
         17:f7:87:9b:95:fc:5b:f7:80:2f:75:0c:78:bb:bc:71:80:34:
         1c:f1:ef:5e:da:7d:b8:66:36:5e:88:ea:6e:0d:df:14:90:70:
         c5:b2:c7:40:9a:79:52:a4:c7:5a:0f:88:14:83:4f:eb:ad:c3:
         13:fb:20:d3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYmISX/uDNnQ4a8t4PqJIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWUzNTYyODQ4ZTg0NDBkODNmOWQ2NDBmMGEwMzU1YjJiOGIwNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTFtwCqPZGSk7TZQckU1Q1/FqPqX
S8Ihx1httFrw0FM9u+Clt5wLk5sZS8pFMGQfOdVkRbRm4j7aM89JOApnSzkH4WaT
7tggPYfr1o+HpiIRtoABRWBAKKbT8aFIR4kLYRlAwqkBHQWlOJKq9fxobDOpfgBt
lXQwzd360wfR/8l6OLfX1vPk0BwKSaZ4ko9pS+NQP62MT55ZLMARIw5lNb3MF4Nc
d1TJvkhj+r7LaOJ16Tp2GLm+KgpZlDnmcUjFx02BPfB7xqPRnuIgf4f+coL8ffit
ZT3nYrirvZD6k13WRI8axV8YR2zzp7tyUXVWXbgRGkTE6Z3/G/oKfjHvCQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF7jVihI6EQNg/nWQPCgNVsriwV2MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWHVOV0tFam9SQTJELWRaQThLQTFXeXVMQlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAViz/jvUnb63CE4rXG53ZChuliyhcePTzkKLBmDzz
lfjTJmZCsZaX6mAAcWoTKnBuT5s37X9Nqpgs6KzC22SXDt4uoVlcoxXPIJszVgiF
l1B+AQ7DdypSadtmsvUAYfcwLzrKZznsHPZ2Ex8F72Iua+tBP5GGfU8IlKuqFUp/
M18VfLSgoCSdXNXaqTD+fWXORSvDaVh7JbrH+Yshf2rHugnAC20aAgMj9wEvUtFp
yUzS9WhhQ0yBXtn6i6TIeSEcg7EWrzBCF/eHm5X8W/eAL3UMeLu8cYA0HPHvXtp9
uGY2Xojqbg3fFJBwxbLHQJp5UqTHWg+IFINP663DE/sg0w==
-----END CERTIFICATE-----