Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/e5ba3u4RCBaY445WXUZC7FaAbZI.roa
File:                     e5ba3u4RCBaY445WXUZC7FaAbZI.roa (raw, json)
Hash identifier:          6CL0LH4h7XWNr3RkGj6Y5a3ZLkwzASddTYXEBe1VKow=
Subject key identifier:   7B:96:DA:DE:EE:11:08:16:98:E3:8E:56:5D:46:42:EC:56:80:6D:92
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F626CB8D2A7A4B34F3BEB2EA4EC3805
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/e5ba3u4RCBaY445WXUZC7FaAbZI.roa
Signing time:             Tue 25 Jun 2024 12:32:48 +0000
ROA not before:           Tue 25 Jun 2024 12:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397195
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:6c:b8:d2:a7:a4:b3:4f:3b:eb:2e:a4:ec:38:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b96dadeee11081698e38e565d4642ec56806d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e7:a9:0b:58:6a:82:13:20:07:ad:b7:f2:67:
                    1c:cb:8a:74:42:24:f7:ab:13:ac:2a:8f:0b:4d:af:
                    75:20:d9:13:f0:52:b7:a3:4c:cc:38:6c:c6:cd:d3:
                    b8:e9:d9:65:f2:a9:cf:ad:20:25:96:4f:93:af:b1:
                    db:62:d7:82:cd:3c:0d:1b:ac:d6:84:67:be:66:c2:
                    cf:b8:83:86:97:ea:52:d5:83:ed:43:51:ee:f9:09:
                    a2:f3:2a:75:bc:b0:d9:4e:1f:f0:ff:b2:a9:b2:bc:
                    c7:2d:27:cf:a4:e7:d9:55:be:1d:6b:1f:de:c2:54:
                    9a:1a:67:dd:0b:f3:d2:3a:72:ea:2f:ff:3c:56:a9:
                    d7:f3:f3:28:53:0b:c4:74:9e:3c:83:0b:c4:be:7b:
                    48:b5:59:bb:86:43:8f:50:5a:82:5b:a8:f9:b8:3c:
                    ff:8f:5a:31:04:98:8e:05:e3:d8:7b:3b:85:06:00:
                    89:0b:fa:2d:66:13:ce:c6:46:71:6d:4c:07:b4:5c:
                    68:d1:4f:c5:c8:50:80:ee:14:82:ce:83:73:ce:bf:
                    95:2a:8d:39:8b:61:c7:e2:99:b8:62:c0:7e:fc:17:
                    9e:d4:41:98:d2:16:a6:71:57:b6:98:95:b4:ab:b5:
                    e6:3a:03:96:6d:f2:a2:c9:14:1b:42:54:66:8a:94:
                    e6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:96:DA:DE:EE:11:08:16:98:E3:8E:56:5D:46:42:EC:56:80:6D:92
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/e5ba3u4RCBaY445WXUZC7FaAbZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         9e:18:1d:e9:bf:e5:eb:88:de:b5:46:46:d1:10:e2:55:6e:7c:
         02:fd:90:8d:56:09:b8:c1:df:7e:53:d4:2c:14:6f:bd:bb:a1:
         71:77:01:48:e1:dd:84:07:72:32:77:a2:c3:9c:65:62:12:54:
         be:09:2c:7d:f3:5e:91:c4:5d:dc:bf:19:6b:87:34:27:a0:3d:
         2c:4b:7f:1a:5e:06:cb:68:e7:e3:e3:61:99:6c:f1:69:0f:3a:
         45:0e:fd:19:02:17:64:0c:89:ef:23:7a:20:f8:1a:e7:a6:93:
         50:e0:57:d4:f1:8e:b1:83:1f:25:25:51:65:50:6a:e3:a0:c1:
         ab:ce:f2:01:b3:e9:ce:ae:1f:67:87:bc:e6:b3:d9:1a:39:e8:
         53:b1:92:d2:cd:2f:e4:b8:a7:2e:3e:34:67:b6:ee:e0:f7:0c:
         81:a6:ab:9e:67:fc:b5:59:20:f9:e7:24:05:1e:df:92:35:62:
         51:8d:bb:9b:32:e5:f7:6a:66:10:0e:e7:ec:40:76:0e:54:56:
         44:9b:25:96:c1:1f:4c:7b:87:2c:5b:7e:95:f2:df:86:a2:fb:
         99:85:22:32:8f:9d:5f:bc:bf:40:92:18:14:48:5a:22:86:f5:
         fb:52:04:cc:c7:48:ac:5d:5d:fc:e6:2c:98:af:19:18:7b:44:
         47:d3:6d:40
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYmy40qeks0876y6k7DgFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjk2ZGFkZWVlMTEwODE2OThlMzhlNTY1ZDQ2NDJlYzU2ODA2ZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+epC1hqghMgB6238mccy4p0QiT3
qxOsKo8LTa91INkT8FK3o0zMOGzGzdO46dll8qnPrSAllk+Tr7HbYteCzTwNG6zW
hGe+ZsLPuIOGl+pS1YPtQ1Hu+Qmi8yp1vLDZTh/w/7KpsrzHLSfPpOfZVb4dax/e
wlSaGmfdC/PSOnLqL/88VqnX8/MoUwvEdJ48gwvEvntItVm7hkOPUFqCW6j5uDz/
j1oxBJiOBePYezuFBgCJC/otZhPOxkZxbUwHtFxo0U/FyFCA7hSCzoNzzr+VKo05
i2HH4pm4YsB+/Bee1EGY0hamcVe2mJW0q7XmOgOWbfKiyRQbQlRmipTmqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHuW2t7uEQgWmOOOVl1GQuxWgG2SMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvZTViYTN1NFJDQmFZNDQ1V1hVWkM3RmFBYlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAnhgd6b/l64jetUZG0RDiVW58Av2QjVYJuMHfflPU
LBRvvbuhcXcBSOHdhAdyMneiw5xlYhJUvgksffNekcRd3L8Za4c0J6A9LEt/Gl4G
y2jn4+NhmWzxaQ86RQ79GQIXZAyJ7yN6IPga56aTUOBX1PGOsYMfJSVRZVBq46DB
q87yAbPpzq4fZ4e85rPZGjnoU7GS0s0v5LinLj40Z7bu4PcMgaarnmf8tVkg+eck
BR7fkjViUY27mzLl92pmEA7n7EB2DlRWRJsllsEfTHuHLFt+lfLfhqL7mYUiMo+d
X7y/QJIYFEhaIob1+1IEzMdIrF1d/OYsmK8ZGHtER9NtQA==
-----END CERTIFICATE-----