Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/gN9vQA_zoj8Xgn32G9nprvrtjiY.roa
File:                     gN9vQA_zoj8Xgn32G9nprvrtjiY.roa (raw, json)
Hash identifier:          VzvCYbsoh/Vq8w54EhpvSC3o7tjXC3fA3j3UnLAGHvQ=
Subject key identifier:   80:DF:6F:40:0F:F3:A2:3F:17:82:7D:F6:1B:D9:E9:AE:FA:ED:8E:26
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBAA205FA808609B2ADBBB7B5F6DA5
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/gN9vQA_zoj8Xgn32G9nprvrtjiY.roa
Signing time:             Wed 01 Jan 2025 17:48:25 +0000
ROA not before:           Wed 01 Jan 2025 17:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10515
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:aa:20:5f:a8:08:60:9b:2a:db:bb:7b:5f:6d:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80df6f400ff3a23f17827df61bd9e9aefaed8e26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:e9:ff:a3:9b:a1:e2:a9:55:15:a3:e6:4f:b4:
                    dc:95:12:60:2f:32:64:c3:09:6d:de:3b:02:d4:33:
                    bb:b4:48:f8:90:e7:03:0d:b2:07:09:45:71:c0:1f:
                    fa:34:70:49:8d:2c:f1:ca:37:cf:0e:d9:5c:2a:b1:
                    73:42:5f:21:75:6b:ac:a1:90:d0:3d:86:c6:33:d5:
                    67:7c:6a:4a:20:1d:00:f1:5a:b2:4e:88:d8:14:6e:
                    46:df:93:da:a9:3b:cc:b7:ae:aa:33:35:00:73:85:
                    73:fc:32:3a:e5:75:55:01:88:5d:7b:ea:e1:5b:87:
                    88:0f:bb:26:28:b7:04:08:da:f3:aa:c6:5c:44:bd:
                    a9:25:aa:4b:42:a0:bf:ed:fd:05:e3:a4:4f:93:5a:
                    13:f3:bc:c9:e4:ca:15:48:df:a5:54:73:6e:f5:67:
                    ca:21:fe:94:6a:b0:80:48:f6:fe:64:37:6e:23:88:
                    1e:25:90:c1:0d:d0:28:8f:73:c2:91:4c:52:97:e1:
                    55:68:a6:62:ec:cd:bc:47:1e:71:32:87:44:2d:da:
                    59:0c:ef:4b:a4:27:d2:aa:9d:c0:63:aa:99:31:9d:
                    fb:2b:06:d4:84:57:b2:5b:c3:6f:14:f4:48:dc:62:
                    3e:9a:ae:f2:2a:6c:aa:37:46:aa:47:f3:a1:58:d6:
                    59:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:DF:6F:40:0F:F3:A2:3F:17:82:7D:F6:1B:D9:E9:AE:FA:ED:8E:26
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/gN9vQA_zoj8Xgn32G9nprvrtjiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:3f:6f:6a:bf:da:d3:37:d0:32:33:5e:9b:b9:39:7c:35:fa:
         32:5e:d9:f1:96:2f:2d:86:32:47:ea:e8:ae:0f:20:6e:9b:37:
         9a:9a:f3:b5:4e:12:01:30:c2:f3:35:49:39:29:19:00:d7:50:
         7d:14:a9:56:ad:38:bf:58:3d:5d:60:35:74:e7:ed:c8:02:da:
         b5:f8:a6:fe:d2:7f:af:43:9a:4c:d3:12:25:de:c1:87:14:d1:
         d0:1c:5e:98:d8:eb:e5:47:bf:c5:91:19:ff:2a:31:6f:23:c6:
         92:47:84:78:67:8c:3c:e4:43:f9:60:35:64:9e:82:59:0b:7c:
         e1:73:3c:c0:59:c7:83:c4:c4:c2:23:c1:ed:cd:31:95:15:7f:
         4e:33:b3:e1:d3:d2:c4:0b:da:82:41:ed:8f:df:e7:0e:79:a5:
         27:f1:34:3d:ec:c7:98:ce:9b:2b:75:d9:90:3d:7c:10:ab:0e:
         8c:4d:fe:3a:64:1f:90:11:16:8d:8b:ac:7c:29:88:5a:16:a3:
         3a:4d:76:87:61:95:30:b7:ee:95:7b:08:e2:84:47:a1:8c:d7:
         80:83:5a:07:9d:bf:3e:66:3e:f2:23:f6:ab:73:a5:13:74:a4:
         3a:23:4b:6f:98:b5:0b:9f:bb:0d:c6:7d:74:6e:2a:30:bb:37:
         27:35:c5:42
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+6ogX6gIYJsq27t7X22lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGRmNmY0MDBmZjNhMjNmMTc4MjdkZjYxYmQ5ZTlhZWZhZWQ4ZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5un/o5uh4qlVFaPmT7TclRJgLzJk
wwlt3jsC1DO7tEj4kOcDDbIHCUVxwB/6NHBJjSzxyjfPDtlcKrFzQl8hdWusoZDQ
PYbGM9VnfGpKIB0A8VqyTojYFG5G35PaqTvMt66qMzUAc4Vz/DI65XVVAYhde+rh
W4eID7smKLcECNrzqsZcRL2pJapLQqC/7f0F46RPk1oT87zJ5MoVSN+lVHNu9WfK
If6UarCASPb+ZDduI4geJZDBDdAoj3PCkUxSl+FVaKZi7M28Rx5xModELdpZDO9L
pCfSqp3AY6qZMZ37KwbUhFeyW8NvFPRI3GI+mq7yKmyqN0aqR/OhWNZZ/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIDfb0AP86I/F4J99hvZ6a767Y4mMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvZ045dlFBX3pvajhYZ24zMkc5bnBydnJ0amlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAB4/b2q/2tM30DIzXpu5OXw1+jJe2fGW
Ly2GMkfq6K4PIG6bN5qa87VOEgEwwvM1STkpGQDXUH0UqVatOL9YPV1gNXTn7cgC
2rX4pv7Sf69DmkzTEiXewYcU0dAcXpjY6+VHv8WRGf8qMW8jxpJHhHhnjDzkQ/lg
NWSeglkLfOFzPMBZx4PExMIjwe3NMZUVf04zs+HT0sQL2oJB7Y/f5w55pSfxND3s
x5jOmyt12ZA9fBCrDoxN/jpkH5ARFo2LrHwpiFoWozpNdodhlTC37pV7COKER6GM
14CDWgedvz5mPvIj9qtzpRN0pDojS2+YtQufuw3GfXRuKjC7Nyc1xUI=
-----END CERTIFICATE-----