Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/r_dwcUYhpilehuKtzu3JuvO90Hs.roa
File:                     r_dwcUYhpilehuKtzu3JuvO90Hs.roa (raw, json)
Hash identifier:          lOtNglRUMQ2jfpu77pS+dPcbdP5dMUGMbtdOA+yJQrI=
Subject key identifier:   AF:F7:70:71:46:21:A6:29:5E:86:E2:AD:CE:ED:C9:BA:F3:BD:D0:7B
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F6235508213A4AF1F1E19DDFE578C06
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/r_dwcUYhpilehuKtzu3JuvO90Hs.roa
Signing time:             Tue 25 Jun 2024 12:32:34 +0000
ROA not before:           Tue 25 Jun 2024 12:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20362
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:35:50:82:13:a4:af:1f:1e:19:dd:fe:57:8c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aff770714621a6295e86e2adceedc9baf3bdd07b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:89:b6:59:82:2d:52:b3:42:c7:dc:c0:5b:18:
                    8d:98:2f:f1:7a:e9:04:5e:4b:9e:f9:23:0c:fe:a0:
                    be:b6:f9:36:eb:78:dd:fd:34:b8:93:5e:23:37:e1:
                    43:e2:a9:82:4b:22:f4:6a:78:dd:58:71:5c:78:8e:
                    b7:3b:c9:3c:43:3b:6e:20:de:15:c4:2b:a7:6f:6a:
                    6d:0e:38:50:f9:e8:c9:e9:4b:d0:60:6b:fa:e3:15:
                    22:55:7e:23:37:40:04:43:c7:63:7d:44:e7:4c:b5:
                    51:dd:ee:87:4d:43:ae:7f:ea:b6:2d:5d:93:85:49:
                    ee:c3:7c:c8:b1:21:81:c0:16:ea:be:54:f0:5d:59:
                    00:4f:e5:ef:9c:bf:a1:e7:75:40:65:00:8f:db:fe:
                    1f:bc:7a:42:84:34:fb:84:14:6e:89:4d:28:5f:34:
                    aa:33:db:26:67:71:d7:59:b5:cd:2b:a1:d7:05:ff:
                    b7:1e:c7:6e:c1:02:03:64:8f:bd:cf:70:40:f2:de:
                    8e:d5:79:55:c6:36:15:5b:22:95:07:e0:a5:91:fb:
                    3f:60:e5:bd:fc:61:fe:d6:6c:c3:7a:d1:bb:62:b3:
                    4c:f9:3d:76:e1:57:59:8d:45:ad:e2:b6:72:dd:e2:
                    7e:27:66:0d:f0:9b:fc:89:22:cb:09:93:01:e8:1a:
                    78:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F7:70:71:46:21:A6:29:5E:86:E2:AD:CE:ED:C9:BA:F3:BD:D0:7B
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/r_dwcUYhpilehuKtzu3JuvO90Hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         35:e0:49:59:96:21:ce:e8:3d:ce:08:99:cf:ae:60:b6:03:bb:
         12:b0:35:79:4b:ca:d9:98:e7:9f:da:b2:ea:19:4d:c8:c6:aa:
         3d:31:d3:9b:47:22:93:68:6d:e9:52:e2:c1:7c:43:ce:e8:2d:
         58:9c:57:eb:42:e5:b9:f2:f8:16:1f:66:f5:9e:83:bc:43:85:
         3f:46:bb:80:ed:df:3f:a7:99:ab:e4:99:3f:41:2e:51:bb:d7:
         60:e8:51:1d:20:ca:3a:4b:f5:b2:84:f7:07:67:30:92:aa:a4:
         d8:75:39:86:30:cb:a3:ed:d1:99:9c:b1:64:3b:97:eb:9a:98:
         c5:d2:10:ef:14:89:8d:92:b3:59:fa:47:72:6a:49:4a:1b:20:
         22:2d:46:9c:86:7e:01:a2:51:fe:08:c4:c6:3f:e5:66:c9:7e:
         93:92:6d:99:61:9a:ed:b5:e3:4a:9d:e9:47:4e:00:78:b9:50:
         5a:55:e7:57:64:96:1f:06:6b:0d:d0:f0:b0:5c:32:45:3f:13:
         f6:6d:b9:d5:57:28:04:6c:8e:1f:1f:ea:b8:26:90:1b:6c:a1:
         d2:65:29:02:bd:c9:f9:ee:f5:23:5d:ee:a0:4f:aa:d1:e4:e1:
         df:97:de:73:6d:96:ac:ac:7b:0d:9e:78:06:67:de:95:df:dc:
         d4:76:da:81
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYjVQghOkrx8eGd3+V4wGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmY3NzA3MTQ2MjFhNjI5NWU4NmUyYWRjZWVkYzliYWYzYmRkMDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIm2WYItUrNCx9zAWxiNmC/xeukE
Xkue+SMM/qC+tvk263jd/TS4k14jN+FD4qmCSyL0anjdWHFceI63O8k8QztuIN4V
xCunb2ptDjhQ+ejJ6UvQYGv64xUiVX4jN0AEQ8djfUTnTLVR3e6HTUOuf+q2LV2T
hUnuw3zIsSGBwBbqvlTwXVkAT+XvnL+h53VAZQCP2/4fvHpChDT7hBRuiU0oXzSq
M9smZ3HXWbXNK6HXBf+3HsduwQIDZI+9z3BA8t6O1XlVxjYVWyKVB+Clkfs/YOW9
/GH+1mzDetG7YrNM+T124VdZjUWt4rZy3eJ+J2YN8Jv8iSLLCZMB6Bp44QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK/3cHFGIaYpXobirc7tybrzvdB7MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvcl9kd2NVWWhwaWxlaHVLdHp1M0p1dk85MEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEANeBJWZYhzug9zgiZz65gtgO7ErA1eUvK2Zjnn9qy
6hlNyMaqPTHTm0cik2ht6VLiwXxDzugtWJxX60LlufL4Fh9m9Z6DvEOFP0a7gO3f
P6eZq+SZP0EuUbvXYOhRHSDKOkv1soT3B2cwkqqk2HU5hjDLo+3RmZyxZDuX65qY
xdIQ7xSJjZKzWfpHcmpJShsgIi1GnIZ+AaJR/gjExj/lZsl+k5JtmWGa7bXjSp3p
R04AeLlQWlXnV2SWHwZrDdDwsFwyRT8T9m251VcoBGyOHx/quCaQG2yh0mUpAr3J
+e71I13uoE+q0eTh35fec22WrKx7DZ54Bmfeld/c1HbagQ==
-----END CERTIFICATE-----