Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZGI491SFVkmzO9ZvY1muL1aOJ3s.roa
File:                     ZGI491SFVkmzO9ZvY1muL1aOJ3s.roa (raw, json)
Hash identifier:          +r4AhARpGG9QesUTecsrgHEvZsh/tYDCy3Dw7a9Y/v4=
Subject key identifier:   64:62:38:F7:54:85:56:49:B3:3B:D6:6F:63:59:AE:2F:56:8E:27:7B
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBCA87026AEDDBE8773EE7EA81247A
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZGI491SFVkmzO9ZvY1muL1aOJ3s.roa
Signing time:             Wed 01 Jan 2025 17:48:34 +0000
ROA not before:           Wed 01 Jan 2025 17:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396581
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ca:87:02:6a:ed:db:e8:77:3e:e7:ea:81:24:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=646238f754855649b33bd66f6359ae2f568e277b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:80:f2:42:2f:e5:58:2d:75:02:80:26:24:49:
                    d2:a9:15:a3:e1:f0:79:39:b0:e6:7e:39:a2:85:55:
                    e2:1b:ad:d8:c9:7c:a4:37:b7:31:80:23:42:cd:59:
                    53:bd:40:75:dd:b8:c1:e3:86:e6:e4:d9:51:0b:db:
                    a4:91:6e:6a:42:3e:58:30:6c:ed:ca:a6:f6:68:35:
                    60:d2:b6:c0:ac:f3:d3:fc:c2:ee:48:52:67:d7:96:
                    94:a8:9c:4a:92:1f:84:d4:9b:de:3c:dd:e2:7d:84:
                    6f:19:a4:56:05:da:7d:61:1e:ed:e5:2e:dc:73:93:
                    23:53:d4:5c:e1:02:d2:d0:f4:ba:f9:e8:d4:b3:72:
                    ba:99:70:41:df:cf:c4:08:56:f5:6f:e5:47:43:62:
                    be:a0:e9:dc:91:af:be:b6:1a:f9:e0:1d:ba:e9:c8:
                    f4:b3:50:65:70:9d:28:bb:0b:b3:06:d9:8f:67:9b:
                    c0:3e:10:08:32:15:f4:b0:59:3f:e7:96:be:0a:40:
                    b3:3d:53:d5:19:f1:2f:be:10:dd:c2:8a:e3:56:cc:
                    3f:1f:76:ed:e9:3f:2a:74:6f:4c:f8:b4:a7:62:00:
                    4c:a6:04:dc:ef:bb:39:e9:b4:9f:0d:00:8a:26:a1:
                    64:31:29:5f:eb:5e:98:70:94:f6:e2:38:20:08:81:
                    9d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:62:38:F7:54:85:56:49:B3:3B:D6:6F:63:59:AE:2F:56:8E:27:7B
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZGI491SFVkmzO9ZvY1muL1aOJ3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         96:8a:e9:8f:02:2d:97:2e:23:72:5d:14:92:00:30:55:9e:93:
         c2:4e:54:50:23:ae:31:7c:75:da:3b:a7:16:b6:34:cb:6f:85:
         dc:a4:c8:68:5d:b9:c2:a7:71:6d:aa:55:6f:41:7e:0a:c0:00:
         31:ab:80:8c:ee:60:51:1d:07:8f:87:ee:12:d1:df:c1:91:a5:
         b4:9a:9d:c0:a2:9b:7e:02:ae:ac:bf:ad:a3:f8:57:9d:53:24:
         92:13:5a:79:d8:4e:ee:d3:fd:79:ea:fa:70:e0:04:75:dc:4a:
         b3:79:60:b1:bc:3a:c4:cd:83:0d:47:af:68:cb:e2:77:65:19:
         b1:ca:b7:38:a2:1e:aa:a7:99:ad:e0:0e:7e:28:72:25:40:c6:
         a2:4e:ee:37:36:f2:32:14:e6:82:6a:0a:35:aa:ec:cf:7f:b0:
         fc:1d:18:72:a8:4b:43:f5:8b:96:0a:a6:d1:02:4a:56:29:85:
         7a:05:ca:1f:c8:3b:c3:6f:78:2a:d4:91:2c:9e:43:8d:68:c2:
         ab:b5:82:23:26:eb:78:2b:0f:75:88:0b:9d:b2:0b:02:a9:27:
         d2:9c:0c:0e:9c:18:5a:46:a7:d7:a9:c4:e4:1d:97:43:23:bf:
         3c:7c:f4:6f:31:65:47:ce:18:78:fd:fa:30:f0:87:08:f4:d2:
         65:8e:59:19
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+8qHAmrt2+h3PufqgSR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDYyMzhmNzU0ODU1NjQ5YjMzYmQ2NmY2MzU5YWUyZjU2OGUyNzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloDyQi/lWC11AoAmJEnSqRWj4fB5
ObDmfjmihVXiG63YyXykN7cxgCNCzVlTvUB13bjB44bm5NlRC9ukkW5qQj5YMGzt
yqb2aDVg0rbArPPT/MLuSFJn15aUqJxKkh+E1JvePN3ifYRvGaRWBdp9YR7t5S7c
c5MjU9Rc4QLS0PS6+ejUs3K6mXBB38/ECFb1b+VHQ2K+oOncka++thr54B266cj0
s1BlcJ0ouwuzBtmPZ5vAPhAIMhX0sFk/55a+CkCzPVPVGfEvvhDdworjVsw/H3bt
6T8qdG9M+LSnYgBMpgTc77s56bSfDQCKJqFkMSlf616YcJT24jggCIGdIQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGRiOPdUhVZJszvWb2NZri9Wjid7MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWkdJNDkxU0ZWa216TzladlkxbXVMMWFPSjNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAJaK6Y8CLZcuI3JdFJIAMFWek8JOVFAj
rjF8ddo7pxa2NMtvhdykyGhducKncW2qVW9BfgrAADGrgIzuYFEdB4+H7hLR38GR
pbSancCim34Crqy/raP4V51TJJITWnnYTu7T/Xnq+nDgBHXcSrN5YLG8OsTNgw1H
r2jL4ndlGbHKtziiHqqnma3gDn4ociVAxqJO7jc28jIU5oJqCjWq7M9/sPwdGHKo
S0P1i5YKptECSlYphXoFyh/IO8NveCrUkSyeQ41owqu1giMm63grD3WIC52yCwKp
J9KcDA6cGFpGp9epxOQdl0Mjvzx89G8xZUfOGHj9+jDwhwj00mWOWRk=
-----END CERTIFICATE-----