Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/eBxQvGolYHeCxk9avFbDfShpV4s.roa
File:                     eBxQvGolYHeCxk9avFbDfShpV4s.roa (raw, json)
Hash identifier:          YUIcGW7+FKPs9KHkD9hyNi+LMJB3aK9qrubOO0UdnCM=
Subject key identifier:   78:1C:50:BC:6A:25:60:77:82:C6:4F:5A:BC:56:C3:7D:28:69:57:8B
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F624CB3DA50DE5B9B1A4465EC201996
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/eBxQvGolYHeCxk9avFbDfShpV4s.roa
Signing time:             Tue 25 Jun 2024 12:32:40 +0000
ROA not before:           Tue 25 Jun 2024 12:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396559
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:4c:b3:da:50:de:5b:9b:1a:44:65:ec:20:19:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=781c50bc6a25607782c64f5abc56c37d2869578b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d6:94:fd:bb:25:d8:27:b5:a9:83:2a:d0:c9:
                    3a:d5:eb:88:c6:3f:66:82:fe:67:5e:7f:06:23:86:
                    53:ed:63:a7:86:37:bd:21:44:c9:2f:e7:8f:e6:16:
                    a8:6c:d8:a1:5c:0a:20:a0:09:0e:b5:f2:24:69:da:
                    48:94:23:81:c2:41:a4:a1:39:f6:a7:27:16:a2:f1:
                    4b:b5:b7:01:ef:0d:24:82:df:21:2f:87:8d:3a:ee:
                    ef:43:a7:06:6a:83:d5:3b:c6:8c:74:89:b1:97:b5:
                    ea:df:0d:dd:d0:9c:e6:08:86:14:97:a1:af:5e:d5:
                    a6:0f:7f:dc:3f:bd:98:ff:51:7c:09:b5:4d:1e:cc:
                    68:1e:58:e5:a0:5c:df:66:5b:5b:3e:aa:34:a6:f5:
                    bc:9e:57:cd:f9:4c:4d:a2:2e:6b:ac:18:3f:9b:92:
                    d2:5f:ca:11:a7:28:04:02:ab:2c:1f:8e:ce:ab:c6:
                    7e:b9:c7:0c:b5:34:d6:9e:79:5d:a3:33:4c:df:25:
                    63:b5:a7:08:80:a1:b5:93:8f:25:3b:ca:f3:e5:0f:
                    f9:cf:5a:95:8f:b6:8d:2d:21:8a:7c:e2:72:d3:b9:
                    84:a5:f0:f9:6a:a8:c7:bb:0c:df:ce:ac:83:3d:55:
                    c7:f7:ed:53:5c:03:27:59:4a:b6:0a:b4:61:24:a9:
                    29:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1C:50:BC:6A:25:60:77:82:C6:4F:5A:BC:56:C3:7D:28:69:57:8B
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/eBxQvGolYHeCxk9avFbDfShpV4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         67:41:92:a2:55:2f:4c:e0:3e:fc:26:7b:e5:f8:d4:9f:b3:47:
         4e:3a:ff:38:aa:66:1c:e0:93:11:84:2d:60:b7:cb:16:c0:e3:
         e7:50:ab:6d:3b:bb:f4:72:06:d5:fb:8f:f5:7f:5b:ed:ef:dc:
         35:8b:4e:29:5f:2d:01:c9:44:03:d5:c6:8a:47:cf:83:cc:c9:
         59:69:e2:10:a1:bc:b6:31:3e:1a:a8:7b:4b:53:c3:e6:34:13:
         25:75:c7:56:88:bf:82:e3:ad:dc:f5:57:a1:68:19:04:6c:b1:
         a4:93:72:89:f9:dc:81:0d:aa:29:7d:2f:bf:b5:89:f8:1e:81:
         52:c0:81:58:aa:28:66:d3:11:1a:05:9b:4a:9a:e0:b7:1f:79:
         81:d6:97:ae:46:38:4b:26:80:bf:2c:68:cd:0f:34:d1:2b:6b:
         18:3d:4b:7a:dd:2c:d4:22:b6:b7:f5:f8:fe:2b:9d:07:1b:60:
         ce:23:85:b2:57:9e:58:41:8c:f1:4b:f9:ca:26:53:b7:10:a0:
         bb:5c:13:39:ca:bd:81:f8:b3:eb:cf:32:ce:05:fa:13:d7:a8:
         92:4f:c0:42:f5:fe:89:e0:ec:81:de:92:e7:61:e7:fd:ab:24:
         0c:e3:91:c9:e0:c0:b7:e4:f1:33:9f:61:a2:ca:a9:5c:87:25:
         53:b8:8e:c9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYkyz2lDeW5saRGXsIBmWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODFjNTBiYzZhMjU2MDc3ODJjNjRmNWFiYzU2YzM3ZDI4Njk1NzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotaU/bsl2Ce1qYMq0Mk61euIxj9m
gv5nXn8GI4ZT7WOnhje9IUTJL+eP5haobNihXAogoAkOtfIkadpIlCOBwkGkoTn2
pycWovFLtbcB7w0kgt8hL4eNOu7vQ6cGaoPVO8aMdImxl7Xq3w3d0JzmCIYUl6Gv
XtWmD3/cP72Y/1F8CbVNHsxoHljloFzfZltbPqo0pvW8nlfN+UxNoi5rrBg/m5LS
X8oRpygEAqssH47Oq8Z+uccMtTTWnnldozNM3yVjtacIgKG1k48lO8rz5Q/5z1qV
j7aNLSGKfOJy07mEpfD5aqjHuwzfzqyDPVXH9+1TXAMnWUq2CrRhJKkpawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHgcULxqJWB3gsZPWrxWw30oaVeLMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvZUJ4UXZHb2xZSGVDeGs5YXZGYkRmU2hwVjRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAZ0GSolUvTOA+/CZ75fjUn7NHTjr/OKpmHOCTEYQt
YLfLFsDj51CrbTu79HIG1fuP9X9b7e/cNYtOKV8tAclEA9XGikfPg8zJWWniEKG8
tjE+Gqh7S1PD5jQTJXXHVoi/guOt3PVXoWgZBGyxpJNyifncgQ2qKX0vv7WJ+B6B
UsCBWKooZtMRGgWbSprgtx95gdaXrkY4SyaAvyxozQ800StrGD1Let0s1CK2t/X4
/iudBxtgziOFsleeWEGM8Uv5yiZTtxCgu1wTOcq9gfiz688yzgX6E9eokk/AQvX+
ieDsgd6S52Hn/askDOORyeDAt+TxM59hosqpXIclU7iOyQ==
-----END CERTIFICATE-----