Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/oE-PKP4wzcdT3NaVUhJcynmSHJ8.roa
File:                     oE-PKP4wzcdT3NaVUhJcynmSHJ8.roa (raw, json)
Hash identifier:          qr3y93dXzbjLO0b9L8bVzaJjSe8Vt6w985CPHgkFaSc=
Subject key identifier:   A0:4F:8F:28:FE:30:CD:C7:53:DC:D6:95:52:12:5C:CA:79:92:1C:9F
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F6250C675FFB98DB42BCFD48ED50464
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/oE-PKP4wzcdT3NaVUhJcynmSHJ8.roa
Signing time:             Tue 25 Jun 2024 12:32:41 +0000
ROA not before:           Tue 25 Jun 2024 12:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396568
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:50:c6:75:ff:b9:8d:b4:2b:cf:d4:8e:d5:04:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a04f8f28fe30cdc753dcd69552125cca79921c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:76:7b:97:d1:8b:97:ff:dc:be:ae:1c:b7:1f:
                    48:b2:4d:a4:ee:d0:2b:7d:fe:07:54:63:14:53:48:
                    fc:1d:da:55:89:51:1b:0b:0d:c6:97:c5:48:90:69:
                    e4:a3:50:3f:02:5e:73:45:a1:03:29:bd:49:0f:8a:
                    9f:88:14:0b:61:94:8b:0b:97:9e:31:c8:72:fa:76:
                    33:52:cb:7a:7f:c4:70:ca:4f:00:34:b2:0e:08:e5:
                    8f:d0:8e:ba:7a:a0:44:a3:6a:77:5a:55:68:7b:80:
                    c2:23:66:47:0b:e5:e4:de:2e:7a:52:24:45:31:c4:
                    f6:1f:7f:fb:98:23:3b:f8:3e:64:64:c2:1e:71:de:
                    6c:e8:71:0d:ea:dc:4d:6a:ef:94:cc:9a:a3:40:4c:
                    8d:21:f9:d5:54:fe:ad:87:b7:d6:2f:cc:71:63:fa:
                    9a:39:db:df:c8:2f:4d:24:90:00:59:ca:6a:2c:89:
                    53:87:f3:ee:16:5a:38:e4:19:dd:48:f5:6f:4f:25:
                    75:b0:4c:a3:d7:6b:07:ab:4a:49:53:0f:77:6d:f2:
                    c8:8a:c2:59:a2:a1:4e:61:dc:0e:9f:fe:9b:5c:39:
                    5b:55:ad:1d:09:43:61:1d:b8:5e:4c:98:f4:c8:f8:
                    b5:96:65:f8:41:e5:57:62:cf:5a:c4:c8:66:8b:12:
                    91:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:4F:8F:28:FE:30:CD:C7:53:DC:D6:95:52:12:5C:CA:79:92:1C:9F
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/oE-PKP4wzcdT3NaVUhJcynmSHJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         81:a9:b3:80:46:fd:25:37:e9:42:ff:83:4a:fa:7d:d3:af:1d:
         1b:fe:5e:cd:94:c2:8e:67:0d:37:ae:14:62:ba:95:57:99:d5:
         1b:12:f4:c2:f3:d5:c6:a4:62:97:0a:86:15:20:a4:02:86:18:
         0e:53:bc:ab:d9:37:66:9c:be:19:5f:73:0f:b4:1b:71:3d:46:
         f7:69:b9:ba:2a:dc:6e:0d:db:04:d9:04:48:0b:e7:ca:ac:2d:
         cb:00:41:00:57:d2:e6:1e:c8:8e:dc:dc:9f:6d:ed:df:8d:08:
         66:4f:29:42:19:48:c5:f0:d4:af:54:21:f6:c0:62:fc:64:56:
         c5:9d:42:bd:57:26:c7:3d:44:45:fe:62:3d:22:8f:0b:73:2b:
         16:95:3c:fc:81:fe:6e:07:5a:dc:fc:0c:fb:40:52:a9:6e:69:
         1a:b6:9c:bc:6f:40:27:80:bb:f5:43:41:b5:8c:2f:9b:aa:66:
         dc:38:6f:ee:74:42:38:25:df:b1:6b:07:c0:ee:13:23:9c:06:
         ae:7c:92:6f:fd:0d:44:39:5b:81:a2:95:ad:67:68:5e:e3:e8:
         ee:65:c1:43:71:9b:7b:e5:b1:03:f3:7b:1a:f0:19:bd:ec:4a:
         b8:ef:5b:1c:3d:f7:c5:b3:b9:6a:b3:c1:98:da:f5:1f:47:98:
         71:57:1e:9a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYlDGdf+5jbQrz9SO1QRkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDRmOGYyOGZlMzBjZGM3NTNkY2Q2OTU1MjEyNWNjYTc5OTIxYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3Z7l9GLl//cvq4ctx9Isk2k7tAr
ff4HVGMUU0j8HdpViVEbCw3Gl8VIkGnko1A/Al5zRaEDKb1JD4qfiBQLYZSLC5ee
Mchy+nYzUst6f8Rwyk8ANLIOCOWP0I66eqBEo2p3WlVoe4DCI2ZHC+Xk3i56UiRF
McT2H3/7mCM7+D5kZMIecd5s6HEN6txNau+UzJqjQEyNIfnVVP6th7fWL8xxY/qa
OdvfyC9NJJAAWcpqLIlTh/PuFlo45BndSPVvTyV1sEyj12sHq0pJUw93bfLIisJZ
oqFOYdwOn/6bXDlbVa0dCUNhHbheTJj0yPi1lmX4QeVXYs9axMhmixKRLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKBPjyj+MM3HU9zWlVISXMp5khyfMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvb0UtUEtQNHd6Y2RUM05hVlVoSmN5bm1TSEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAgamzgEb9JTfpQv+DSvp9068dG/5ezZTCjmcNN64U
YrqVV5nVGxL0wvPVxqRilwqGFSCkAoYYDlO8q9k3Zpy+GV9zD7QbcT1G92m5uirc
bg3bBNkESAvnyqwtywBBAFfS5h7Ijtzcn23t340IZk8pQhlIxfDUr1Qh9sBi/GRW
xZ1CvVcmxz1ERf5iPSKPC3MrFpU8/IH+bgda3PwM+0BSqW5pGracvG9AJ4C79UNB
tYwvm6pm3Dhv7nRCOCXfsWsHwO4TI5wGrnySb/0NRDlbgaKVrWdoXuPo7mXBQ3Gb
e+WxA/N7GvAZvexKuO9bHD33xbO5arPBmNr1H0eYcVcemg==
-----END CERTIFICATE-----