Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/cIbCGFhkthZMGrTNLkhCcCKmj5s.roa
File:                     cIbCGFhkthZMGrTNLkhCcCKmj5s.roa (raw, json)
Hash identifier:          0lQK9x1r33oL0saGjh6UAdNr4hmkSKLlO3+BKfh5m+M=
Subject key identifier:   70:86:C2:18:58:64:B6:16:4C:1A:B4:CD:2E:48:42:70:22:A6:8F:9B
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBE13E81AA7D755434A9842D3EE9A9
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/cIbCGFhkthZMGrTNLkhCcCKmj5s.roa
Signing time:             Wed 01 Jan 2025 17:48:40 +0000
ROA not before:           Wed 01 Jan 2025 17:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397206
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e1:3e:81:aa:7d:75:54:34:a9:84:2d:3e:e9:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7086c2185864b6164c1ab4cd2e48427022a68f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:08:7d:87:aa:07:0f:8a:db:27:d6:44:98:6a:
                    87:0c:41:76:19:d3:15:b0:3e:8e:b0:46:a6:05:7a:
                    db:13:51:f8:6f:9f:f1:a2:e4:95:21:80:81:a9:6a:
                    68:58:11:43:80:64:b7:84:0d:19:25:70:a0:b7:1c:
                    80:6c:f4:00:12:f7:9f:e5:b6:4d:c1:08:0e:ac:06:
                    76:09:a2:42:45:2a:49:52:14:99:a4:af:4f:31:5d:
                    85:4a:9b:6c:67:b7:58:81:5d:7d:b0:08:d5:9d:f8:
                    46:a6:46:52:fd:5e:0e:0b:f4:a7:14:a8:02:4d:9b:
                    9a:6a:3b:6b:4d:eb:69:02:81:f3:3c:bc:13:22:d0:
                    e1:13:d6:4e:50:da:75:fa:7a:8f:63:d6:1d:c6:f5:
                    a6:3b:36:a7:09:94:5b:c3:1d:92:fc:e7:33:c4:d1:
                    75:7b:82:4c:df:15:87:92:5f:81:a6:58:92:1a:9c:
                    df:0b:5b:f0:ed:45:6e:9a:1b:24:77:b0:c3:9b:d5:
                    c8:be:01:4a:87:6c:aa:aa:d6:da:d8:7c:40:7d:17:
                    d0:af:c6:ed:b1:4e:19:2c:e7:e1:59:72:58:e0:c2:
                    23:f4:a6:a8:18:0b:ea:f3:5d:f9:04:9c:70:be:42:
                    d2:39:85:f2:06:25:0e:03:d9:81:55:98:42:6d:d1:
                    50:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:86:C2:18:58:64:B6:16:4C:1A:B4:CD:2E:48:42:70:22:A6:8F:9B
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/cIbCGFhkthZMGrTNLkhCcCKmj5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         11:4a:87:59:5f:2b:41:fb:9b:b6:51:19:21:2a:11:28:97:87:
         a0:56:ac:d1:56:8e:a0:36:9d:fd:ab:49:d4:46:d2:5f:c9:be:
         b5:bd:4f:54:13:20:ab:df:56:fa:6f:7c:2b:ba:14:d6:6e:8e:
         94:92:1c:7e:81:f0:df:32:3e:8f:1a:12:ee:01:47:5d:e0:80:
         9b:90:33:45:7a:f7:2d:7c:0f:e8:4f:8a:f9:3c:73:66:6c:1a:
         66:e9:c5:3a:98:03:a5:de:b7:dc:1b:69:9a:39:90:83:46:28:
         54:53:e5:7d:4d:13:1f:c9:61:58:0f:e2:1a:04:79:87:d6:d7:
         6f:d6:e2:8f:c0:ee:87:be:3d:9d:e6:86:18:e2:17:29:46:38:
         29:ab:bb:5c:3e:8f:57:0b:3e:c2:fa:8f:8c:aa:60:c7:75:d1:
         b7:cc:db:48:3f:cd:05:cb:da:c2:5e:a9:1c:d3:fe:a3:5e:d1:
         74:a9:5b:3a:8c:ce:ed:36:cc:72:09:ae:36:cb:2d:81:5d:54:
         7a:31:72:fb:b6:38:12:c6:82:ca:6f:47:b7:8d:3a:5a:ef:04:
         7c:e9:dc:62:b8:19:ec:be:70:b5:2e:c6:cf:f2:cf:16:63:57:
         88:7f:b5:af:24:6c:b4:93:bf:74:cf:82:fc:e9:1e:65:0d:1a:
         ab:4f:80:56
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi++E+gap9dVQ0qYQtPumpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg2YzIxODU4NjRiNjE2NGMxYWI0Y2QyZTQ4NDI3MDIyYTY4ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwh9h6oHD4rbJ9ZEmGqHDEF2GdMV
sD6OsEamBXrbE1H4b5/xouSVIYCBqWpoWBFDgGS3hA0ZJXCgtxyAbPQAEvef5bZN
wQgOrAZ2CaJCRSpJUhSZpK9PMV2FSptsZ7dYgV19sAjVnfhGpkZS/V4OC/SnFKgC
TZuaajtrTetpAoHzPLwTItDhE9ZOUNp1+nqPY9YdxvWmOzanCZRbwx2S/OczxNF1
e4JM3xWHkl+BpliSGpzfC1vw7UVumhskd7DDm9XIvgFKh2yqqtba2HxAfRfQr8bt
sU4ZLOfhWXJY4MIj9KaoGAvq8135BJxwvkLSOYXyBiUOA9mBVZhCbdFQxwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHCGwhhYZLYWTBq0zS5IQnAipo+bMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvY0liQ0dGaGt0aFpNR3JUTkxraENjQ0ttajVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBABFKh1lfK0H7m7ZRGSEqESiXh6BWrNFW
jqA2nf2rSdRG0l/JvrW9T1QTIKvfVvpvfCu6FNZujpSSHH6B8N8yPo8aEu4BR13g
gJuQM0V69y18D+hPivk8c2ZsGmbpxTqYA6Xet9wbaZo5kINGKFRT5X1NEx/JYVgP
4hoEeYfW12/W4o/A7oe+PZ3mhhjiFylGOCmru1w+j1cLPsL6j4yqYMd10bfM20g/
zQXL2sJeqRzT/qNe0XSpWzqMzu02zHIJrjbLLYFdVHoxcvu2OBLGgspvR7eNOlrv
BHzp3GK4Gey+cLUuxs/yzxZjV4h/ta8kbLSTv3TPgvzpHmUNGqtPgFY=
-----END CERTIFICATE-----