Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/bm64IFy9jHdclziCGbdO-gBsy5g.roa
File:                     bm64IFy9jHdclziCGbdO-gBsy5g.roa (raw, json)
Hash identifier:          xjn+vnJHk4hiCLgxOhAyQnM56ZIMEzKh6tdoZhNZLOw=
Subject key identifier:   6E:6E:B8:20:5C:BD:8C:77:5C:97:38:82:19:B7:4E:FA:00:6C:CB:98
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F6256B5EBFE7069FF3F4889681438BA
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/bm64IFy9jHdclziCGbdO-gBsy5g.roa
Signing time:             Tue 25 Jun 2024 12:32:43 +0000
ROA not before:           Tue 25 Jun 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396578
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:56:b5:eb:fe:70:69:ff:3f:48:89:68:14:38:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e6eb8205cbd8c775c97388219b74efa006ccb98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:73:85:f5:26:fa:cc:ee:e4:5e:94:36:5d:bc:
                    43:34:0b:77:71:9f:c0:57:c4:6b:e4:a6:c0:0f:42:
                    3e:47:2e:72:81:b5:6e:ca:4b:0d:78:f8:f4:7a:04:
                    52:e5:62:e7:24:24:1f:21:e8:48:42:bb:b5:a0:a3:
                    83:02:08:d7:fc:20:e4:47:42:d4:5e:f7:d1:bf:5b:
                    03:40:c2:03:08:8f:1c:fb:9a:1c:36:62:cd:0c:91:
                    74:5e:12:c2:a9:5a:9e:f5:a7:07:ee:3a:c6:dd:83:
                    b4:51:06:08:1c:06:a9:cb:a7:8f:dd:09:e0:42:cc:
                    cd:a8:8c:b1:6c:3a:1d:bb:07:ed:40:61:6a:d3:75:
                    6c:e1:09:76:3c:b9:a0:bf:1c:9f:e1:14:d9:26:aa:
                    a9:ca:00:88:6a:a0:ba:38:ad:9d:a3:44:b7:fa:c6:
                    3d:87:bd:67:91:91:b0:b7:ff:bc:bd:05:b8:0e:9e:
                    23:7c:bd:5e:10:f9:30:1b:8f:5e:8d:28:12:22:fb:
                    de:62:ce:6f:8c:cf:db:91:d0:55:07:21:8a:c7:16:
                    3f:6b:de:39:fb:62:74:de:f0:fe:82:62:7a:01:d1:
                    06:08:aa:23:01:f6:48:46:61:b3:84:d5:36:c3:ac:
                    fe:6f:34:57:82:70:d5:8f:c6:58:ba:7c:28:9a:90:
                    27:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:6E:B8:20:5C:BD:8C:77:5C:97:38:82:19:B7:4E:FA:00:6C:CB:98
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/bm64IFy9jHdclziCGbdO-gBsy5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         c0:08:d9:ad:63:ba:28:e4:07:54:3e:8f:bb:3b:b0:16:50:35:
         d7:9e:19:a0:7b:61:40:54:69:8a:a9:3a:85:12:4a:dc:b2:55:
         9e:fd:6d:20:4a:af:62:b0:4d:e5:de:22:bc:79:c7:92:dd:e7:
         d1:91:a4:03:bf:c3:55:83:c3:42:0a:98:c3:68:1a:6d:5e:c5:
         ff:58:f1:99:f8:ae:9a:46:13:09:a5:04:d7:f5:26:15:60:14:
         57:10:86:52:a2:7d:9c:ca:b8:0d:31:f1:f4:a6:72:91:d5:3e:
         9d:77:74:ff:71:18:a3:70:22:ae:2e:a5:20:18:bd:c9:c9:f5:
         5c:df:ae:70:3d:fd:eb:af:7e:93:25:ae:91:e9:05:3f:85:f5:
         b2:56:7c:98:d7:59:78:2e:5b:58:e5:44:36:3c:35:59:24:93:
         51:f7:d5:44:ec:4e:4c:cc:76:0f:5d:21:f0:d1:51:05:2c:a2:
         6b:a8:4e:d1:7f:01:7e:ef:6f:d0:a2:a6:ed:23:05:62:77:21:
         65:f3:e3:fd:5c:a8:a3:4e:2a:c2:db:90:cc:98:93:22:52:59:
         ae:8a:45:06:c8:18:c4:1e:69:99:16:a8:72:57:58:07:4a:24:
         66:8c:51:df:88:e1:a6:aa:bb:a5:d2:49:4f:e7:47:25:7f:c6:
         ed:9f:75:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYla16/5waf8/SIloFDi6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTZlYjgyMDVjYmQ4Yzc3NWM5NzM4ODIxOWI3NGVmYTAwNmNjYjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3OF9Sb6zO7kXpQ2XbxDNAt3cZ/A
V8Rr5KbAD0I+Ry5ygbVuyksNePj0egRS5WLnJCQfIehIQru1oKODAgjX/CDkR0LU
XvfRv1sDQMIDCI8c+5ocNmLNDJF0XhLCqVqe9acH7jrG3YO0UQYIHAapy6eP3Qng
QszNqIyxbDoduwftQGFq03Vs4Ql2PLmgvxyf4RTZJqqpygCIaqC6OK2do0S3+sY9
h71nkZGwt/+8vQW4Dp4jfL1eEPkwG49ejSgSIvveYs5vjM/bkdBVByGKxxY/a945
+2J03vD+gmJ6AdEGCKojAfZIRmGzhNU2w6z+bzRXgnDVj8ZYunwompAnzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG5uuCBcvYx3XJc4ghm3TvoAbMuYMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvYm02NElGeTlqSGRjbHppQ0diZE8tZ0JzeTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAwAjZrWO6KOQHVD6PuzuwFlA1154ZoHthQFRpiqk6
hRJK3LJVnv1tIEqvYrBN5d4ivHnHkt3n0ZGkA7/DVYPDQgqYw2gabV7F/1jxmfiu
mkYTCaUE1/UmFWAUVxCGUqJ9nMq4DTHx9KZykdU+nXd0/3EYo3Airi6lIBi9ycn1
XN+ucD39669+kyWukekFP4X1slZ8mNdZeC5bWOVENjw1WSSTUffVROxOTMx2D10h
8NFRBSyia6hO0X8Bfu9v0KKm7SMFYnchZfPj/Vyoo04qwtuQzJiTIlJZropFBsgY
xB5pmRaocldYB0okZoxR34jhpqq7pdJJT+dHJX/G7Z91Lw==
-----END CERTIFICATE-----