Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/p_uJuRfkS7S8rLNKz5DaSCURnWc.roa
File:                     p_uJuRfkS7S8rLNKz5DaSCURnWc.roa (raw, json)
Hash identifier:          syBo5UG5eRhbEUfG6hCrtYU6NskqgP9DY5Jn9ZFXBTw=
Subject key identifier:   A7:FB:89:B9:17:E4:4B:B4:BC:AC:B3:4A:CF:90:DA:48:25:11:9D:67
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F624AD04AFDFFF28D6B8CF2CA66F2C6
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/p_uJuRfkS7S8rLNKz5DaSCURnWc.roa
Signing time:             Tue 25 Jun 2024 12:32:40 +0000
ROA not before:           Tue 25 Jun 2024 12:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396554
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:4a:d0:4a:fd:ff:f2:8d:6b:8c:f2:ca:66:f2:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7fb89b917e44bb4bcacb34acf90da4825119d67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:72:51:53:cf:f7:55:48:d9:d5:61:68:bf:70:
                    8c:74:3f:94:cf:58:2c:d8:4b:fa:6f:70:15:6d:bf:
                    c4:1d:8a:1d:49:2c:82:1d:cd:f3:86:18:17:d4:36:
                    1f:32:4e:15:a2:18:7f:62:95:5b:b2:6f:4d:92:89:
                    b5:8d:85:87:c2:ce:1c:da:d6:9d:62:20:57:9f:a6:
                    52:6f:16:37:89:f1:04:6e:3d:28:53:4a:f7:e2:78:
                    30:2e:af:87:17:5b:89:b4:fa:a4:71:22:1d:74:13:
                    1e:a9:56:5d:05:45:80:1e:6a:c8:c8:05:af:0a:8a:
                    af:f8:78:ae:0e:2c:ad:19:9e:b2:51:2c:71:a6:a5:
                    bf:c3:39:80:06:03:f8:82:72:f0:ee:23:c5:45:6f:
                    51:d6:03:0d:8b:45:14:52:c7:b6:e1:4a:73:72:e4:
                    55:65:92:74:7c:08:67:a2:49:b9:6a:5e:09:02:3c:
                    b2:2c:2c:0e:8d:a5:3e:d6:27:88:92:8f:69:10:80:
                    84:43:4d:4a:22:a2:49:4d:54:0d:27:a7:12:15:6e:
                    d4:34:03:fe:1b:94:3b:16:42:42:35:a3:88:8e:88:
                    e0:06:8f:67:ee:c4:03:72:6a:3b:78:68:75:af:9c:
                    bb:dd:7d:17:c1:49:86:65:90:02:a1:21:42:13:a3:
                    d9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:FB:89:B9:17:E4:4B:B4:BC:AC:B3:4A:CF:90:DA:48:25:11:9D:67
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/p_uJuRfkS7S8rLNKz5DaSCURnWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         9b:97:c5:22:8d:b6:21:01:e0:e5:ee:fc:6e:c8:c0:19:84:90:
         dd:83:4b:e7:96:61:74:f9:d4:72:db:19:f5:38:47:50:6b:18:
         34:f2:ab:5d:92:a7:c4:aa:c1:ee:6a:63:73:10:1b:de:74:d8:
         1a:7f:59:b5:67:1c:65:55:7b:1d:a9:4d:62:f7:3f:4d:36:ca:
         5c:bb:86:dc:ba:9c:10:8b:13:35:7d:d9:9a:6c:02:2e:43:65:
         1f:3f:3e:e5:ab:f2:3a:71:89:88:b3:45:1b:59:69:80:1c:32:
         77:8a:a3:47:38:2f:ed:b8:37:97:d8:c1:f3:82:03:bb:30:bf:
         04:b3:45:a3:14:5c:86:9a:de:10:db:64:60:b7:6d:9b:f7:60:
         23:49:7d:6e:16:49:a8:20:a4:61:2e:0f:63:a5:c6:76:9a:55:
         0a:a7:8d:0e:61:b7:16:88:8e:38:59:3b:a0:a4:9b:51:9b:c2:
         6c:f4:96:2f:8f:51:f9:b3:9f:ad:30:91:10:da:e3:3f:70:04:
         12:7f:81:c4:ad:95:b6:06:ff:3f:72:8a:d3:f0:95:9c:45:d9:
         46:b7:9a:39:1e:2c:f9:1e:a3:f2:97:48:59:34:48:9d:f0:e5:
         f8:eb:8a:5d:b6:30:92:8b:77:ac:ab:08:77:e0:94:17:86:23:
         57:08:34:53
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYkrQSv3/8o1rjPLKZvLGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2ZiODliOTE3ZTQ0YmI0YmNhY2IzNGFjZjkwZGE0ODI1MTE5ZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHJRU8/3VUjZ1WFov3CMdD+Uz1gs
2Ev6b3AVbb/EHYodSSyCHc3zhhgX1DYfMk4Vohh/YpVbsm9Nkom1jYWHws4c2tad
YiBXn6ZSbxY3ifEEbj0oU0r34ngwLq+HF1uJtPqkcSIddBMeqVZdBUWAHmrIyAWv
Coqv+HiuDiytGZ6yUSxxpqW/wzmABgP4gnLw7iPFRW9R1gMNi0UUUse24UpzcuRV
ZZJ0fAhnokm5al4JAjyyLCwOjaU+1ieIko9pEICEQ01KIqJJTVQNJ6cSFW7UNAP+
G5Q7FkJCNaOIjojgBo9n7sQDcmo7eGh1r5y73X0XwUmGZZACoSFCE6PZLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKf7ibkX5Eu0vKyzSs+Q2kglEZ1nMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvcF91SnVSZmtTN1M4ckxOS3o1RGFTQ1VSbldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAm5fFIo22IQHg5e78bsjAGYSQ3YNL55ZhdPnUctsZ
9ThHUGsYNPKrXZKnxKrB7mpjcxAb3nTYGn9ZtWccZVV7HalNYvc/TTbKXLuG3Lqc
EIsTNX3ZmmwCLkNlHz8+5avyOnGJiLNFG1lpgBwyd4qjRzgv7bg3l9jB84IDuzC/
BLNFoxRchpreENtkYLdtm/dgI0l9bhZJqCCkYS4PY6XGdppVCqeNDmG3FoiOOFk7
oKSbUZvCbPSWL49R+bOfrTCRENrjP3AEEn+BxK2Vtgb/P3KK0/CVnEXZRreaOR4s
+R6j8pdIWTRInfDl+OuKXbYwkot3rKsId+CUF4YjVwg0Uw==
-----END CERTIFICATE-----