Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/qSTdGT2y3WRwNniOJh938WISN78.roa
File:                     qSTdGT2y3WRwNniOJh938WISN78.roa (raw, json)
Hash identifier:          NTFEdbiAznLEuo4x+rHl7hl1u3Iorgd4pQOI35zTrYQ=
Subject key identifier:   A9:24:DD:19:3D:B2:DD:64:70:36:78:8E:26:1F:77:F1:62:12:37:BF
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBE3FE8570BD0293BCCFCF533C6287
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/qSTdGT2y3WRwNniOJh938WISN78.roa
Signing time:             Wed 01 Jan 2025 17:48:40 +0000
ROA not before:           Wed 01 Jan 2025 17:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397211
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e3:fe:85:70:bd:02:93:bc:cf:cf:53:3c:62:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a924dd193db2dd647036788e261f77f1621237bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:18:0a:54:a3:f9:f6:f9:71:a9:58:c0:44:17:
                    83:41:8f:32:0c:69:89:60:e9:98:e0:dd:cd:47:c1:
                    71:2a:6f:31:03:4b:a5:dc:43:43:77:a6:90:d2:df:
                    51:48:2c:7d:6e:dd:c4:db:e6:68:89:54:e3:0b:10:
                    18:8a:d7:6a:81:b2:25:2d:3a:92:b5:43:a4:a8:16:
                    6b:a1:69:1a:99:a1:62:24:f0:2c:48:2d:c5:88:88:
                    fa:76:75:fe:16:95:2f:93:f3:32:69:88:2b:8c:a9:
                    a3:72:77:c7:f7:4a:84:7c:0a:bb:4f:09:9d:ff:22:
                    08:90:32:b5:cf:e8:13:fb:e2:dc:f1:71:60:76:da:
                    a7:b4:38:3f:b1:8e:d1:dd:ab:04:86:0e:1d:9f:7a:
                    78:3e:fb:83:16:a7:91:7f:6a:14:2b:b5:ee:e3:0d:
                    fa:5e:77:0a:17:2c:3a:2c:86:a5:15:26:7a:a7:14:
                    9a:b1:3a:30:35:1a:63:4e:ed:25:7c:98:5f:0e:16:
                    23:a1:d8:4b:01:84:ac:1b:53:7b:e9:b2:5f:65:df:
                    8b:5d:03:1d:4a:d8:53:27:25:8a:04:65:23:5f:dd:
                    9f:f9:4b:0c:e7:d1:04:88:c8:23:e4:7b:4a:7f:85:
                    eb:1a:a3:a4:0e:90:95:2d:f5:4b:6b:ce:ec:cc:fd:
                    31:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:24:DD:19:3D:B2:DD:64:70:36:78:8E:26:1F:77:F1:62:12:37:BF
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/qSTdGT2y3WRwNniOJh938WISN78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         08:53:20:b0:30:bb:47:f8:ee:ab:be:28:3b:ea:42:e8:e9:14:
         bf:28:fb:9c:09:a7:95:c2:21:b6:9c:ad:37:da:75:d9:b7:bc:
         ff:ff:88:13:87:ad:33:42:4e:7e:11:84:54:25:a6:3f:25:c4:
         17:56:c8:e2:d2:ff:10:79:33:03:e1:27:2e:44:e5:0d:8a:a0:
         96:9b:85:32:94:03:9b:8b:01:7d:d5:c6:07:86:d4:03:da:4f:
         9d:07:2b:80:9a:d7:1c:1c:bc:de:51:e7:04:87:fa:56:83:aa:
         34:f2:1a:91:7e:77:f1:fb:69:98:80:e0:69:2e:3d:e4:07:65:
         63:8c:40:a1:1a:46:82:78:5f:79:4b:97:64:92:c8:81:ec:37:
         a4:79:f8:a2:82:1b:f9:83:a5:fb:85:37:08:9c:4d:28:79:e7:
         8c:42:7a:8c:07:f1:0e:85:f2:43:89:b7:76:a1:cf:61:5d:43:
         19:dd:13:c7:29:49:9a:76:b9:66:25:82:8d:af:80:2f:3f:5f:
         45:29:4b:8e:d8:cc:46:7d:a2:bc:a5:1c:18:16:ad:58:c3:96:
         26:01:f2:24:e6:9e:18:18:46:8e:1c:c6:2b:fd:76:cf:13:e5:
         22:27:df:fa:29:c4:01:2b:a2:e7:19:d7:93:54:8b:04:d7:42:
         5a:fe:a7:f1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi++P+hXC9ApO8z89TPGKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTI0ZGQxOTNkYjJkZDY0NzAzNjc4OGUyNjFmNzdmMTYyMTIzN2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxgKVKP59vlxqVjARBeDQY8yDGmJ
YOmY4N3NR8FxKm8xA0ul3ENDd6aQ0t9RSCx9bt3E2+ZoiVTjCxAYitdqgbIlLTqS
tUOkqBZroWkamaFiJPAsSC3FiIj6dnX+FpUvk/MyaYgrjKmjcnfH90qEfAq7Twmd
/yIIkDK1z+gT++Lc8XFgdtqntDg/sY7R3asEhg4dn3p4PvuDFqeRf2oUK7Xu4w36
XncKFyw6LIalFSZ6pxSasTowNRpjTu0lfJhfDhYjodhLAYSsG1N76bJfZd+LXQMd
SthTJyWKBGUjX92f+UsM59EEiMgj5HtKf4XrGqOkDpCVLfVLa87szP0xGwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKkk3Rk9st1kcDZ4jiYfd/FiEje/MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvcVNUZEdUMnkzV1J3Tm5pT0poOTM4V0lTTjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAAhTILAwu0f47qu+KDvqQujpFL8o+5wJ
p5XCIbacrTfaddm3vP//iBOHrTNCTn4RhFQlpj8lxBdWyOLS/xB5MwPhJy5E5Q2K
oJabhTKUA5uLAX3VxgeG1APaT50HK4Ca1xwcvN5R5wSH+laDqjTyGpF+d/H7aZiA
4GkuPeQHZWOMQKEaRoJ4X3lLl2SSyIHsN6R5+KKCG/mDpfuFNwicTSh554xCeowH
8Q6F8kOJt3ahz2FdQxndE8cpSZp2uWYlgo2vgC8/X0UpS47YzEZ9orylHBgWrVjD
liYB8iTmnhgYRo4cxiv9ds8T5SIn3/opxAEroucZ15NUiwTXQlr+p/E=
-----END CERTIFICATE-----