Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/YSkDdoTb_XVCYULpOhElJMgQWWE.roa
File:                     YSkDdoTb_XVCYULpOhElJMgQWWE.roa (raw, json)
Hash identifier:          gWmCLxj64CHvaf140nTcRT9138+HLUH92FIk8ivfIpc=
Subject key identifier:   61:29:03:76:84:DB:FD:75:42:61:42:E9:3A:11:25:24:C8:10:59:61
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBDF3692B7A0CCBA4B6E0B6509EB6E
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/YSkDdoTb_XVCYULpOhElJMgQWWE.roa
Signing time:             Wed 01 Jan 2025 17:48:39 +0000
ROA not before:           Wed 01 Jan 2025 17:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397201
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:df:36:92:b7:a0:cc:ba:4b:6e:0b:65:09:eb:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6129037684dbfd75426142e93a112524c8105961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:27:09:43:48:29:f2:28:bf:f4:9e:4b:a5:13:
                    86:e2:fa:c3:69:02:ca:d7:eb:88:36:a5:02:77:a7:
                    40:b6:c6:5b:06:1c:ce:dd:f8:40:2d:ce:06:68:8f:
                    01:99:f4:93:da:75:ad:de:2d:95:62:f0:59:84:a4:
                    7b:21:e9:29:3d:be:cf:b1:ea:a5:e3:93:65:50:6c:
                    44:4b:8c:79:06:98:10:de:03:16:06:ba:2d:1c:33:
                    f6:fd:29:2b:6b:c6:31:6a:3e:e7:cf:e7:19:38:f9:
                    5a:57:48:bf:d0:84:be:48:97:82:cc:22:2c:76:37:
                    be:f0:f2:d3:46:36:b0:dd:b9:38:e4:7e:d7:cd:b4:
                    97:ca:45:da:a6:0b:c5:6e:59:51:3a:83:36:58:be:
                    97:27:31:c1:90:f0:ed:a8:ac:67:f6:eb:1b:79:4b:
                    dd:e7:45:cb:ca:5a:da:fa:81:2c:95:0f:fd:50:a6:
                    49:3a:92:97:46:d0:55:b9:ae:f6:d4:5e:c1:bb:23:
                    53:f3:e4:9c:f4:da:c9:b8:7f:79:66:ba:5e:aa:29:
                    a0:3d:97:25:aa:cf:2f:aa:62:3e:4d:d2:58:54:63:
                    6f:b2:f8:f6:dd:15:5d:69:f9:d0:3e:f9:cc:5c:2f:
                    1f:7f:d4:82:e1:21:00:af:2c:10:f3:30:99:66:42:
                    d5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:29:03:76:84:DB:FD:75:42:61:42:E9:3A:11:25:24:C8:10:59:61
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/YSkDdoTb_XVCYULpOhElJMgQWWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         49:4b:19:ed:43:a3:96:0e:e1:a5:31:a2:8f:08:00:db:09:90:
         c6:d1:94:3a:1d:2c:4b:69:13:74:39:3f:d2:ad:1d:35:d4:f7:
         14:ae:cc:f5:ea:19:94:4d:99:af:36:21:f7:2f:5a:1c:bb:51:
         31:f3:7a:b4:96:9b:74:3d:71:a2:29:7a:6c:00:ae:71:f9:d6:
         91:23:bc:bd:08:5d:cb:ab:b4:10:f4:fc:1c:3a:21:7b:37:3a:
         f2:02:5b:06:e2:5f:b2:4a:8f:ea:19:40:8c:19:25:7a:17:2c:
         92:27:ca:19:ba:7d:4d:a9:64:3d:20:f3:81:4d:6e:41:24:03:
         8b:3a:1f:ff:12:e2:3f:f5:2e:f9:91:a0:9b:59:f2:3f:10:86:
         ac:b3:be:be:bf:08:29:54:ed:39:ce:5d:fb:e8:8d:fe:05:1a:
         0c:f3:86:5e:e2:40:95:e3:46:87:28:d4:f6:68:00:05:18:2c:
         f9:f5:f8:29:8d:36:9f:59:94:23:4c:f8:58:3f:e2:4e:f6:dd:
         e4:60:2b:32:45:38:c8:71:9e:39:ae:e8:3d:53:06:f9:7a:28:
         37:b3:ee:e0:68:8e:c6:63:2e:c2:a3:56:31:fb:18:19:27:1e:
         e3:43:98:b6:8f:a8:7e:a0:33:91:26:31:c1:54:5d:f4:6f:14:
         c7:0d:f0:8e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+982kregzLpLbgtlCetuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTI5MDM3Njg0ZGJmZDc1NDI2MTQyZTkzYTExMjUyNGM4MTA1OTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuicJQ0gp8ii/9J5LpROG4vrDaQLK
1+uINqUCd6dAtsZbBhzO3fhALc4GaI8BmfST2nWt3i2VYvBZhKR7IekpPb7Pseql
45NlUGxES4x5BpgQ3gMWBrotHDP2/Skra8Yxaj7nz+cZOPlaV0i/0IS+SJeCzCIs
dje+8PLTRjaw3bk45H7XzbSXykXapgvFbllROoM2WL6XJzHBkPDtqKxn9usbeUvd
50XLylra+oEslQ/9UKZJOpKXRtBVua721F7BuyNT8+Sc9NrJuH95ZrpeqimgPZcl
qs8vqmI+TdJYVGNvsvj23RVdafnQPvnMXC8ff9SC4SEArywQ8zCZZkLVKwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGEpA3aE2/11QmFC6ToRJSTIEFlhMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWVNrRGRvVGJfWFZDWVVMcE9oRWxKTWdRV1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAElLGe1Do5YO4aUxoo8IANsJkMbRlDod
LEtpE3Q5P9KtHTXU9xSuzPXqGZRNma82IfcvWhy7UTHzerSWm3Q9caIpemwArnH5
1pEjvL0IXcurtBD0/Bw6IXs3OvICWwbiX7JKj+oZQIwZJXoXLJInyhm6fU2pZD0g
84FNbkEkA4s6H/8S4j/1LvmRoJtZ8j8Qhqyzvr6/CClU7TnOXfvojf4FGgzzhl7i
QJXjRoco1PZoAAUYLPn1+CmNNp9ZlCNM+Fg/4k723eRgKzJFOMhxnjmu6D1TBvl6
KDez7uBojsZjLsKjVjH7GBknHuNDmLaPqH6gM5EmMcFUXfRvFMcN8I4=
-----END CERTIFICATE-----