Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/rcfKfK-7anxCMNPcwpF6t-yVIB0.roa
File:                     rcfKfK-7anxCMNPcwpF6t-yVIB0.roa (raw, json)
Hash identifier:          s5o6ixrXqlzTfTbfxtj7XneIDx4QXZrpljvO7MKOtbQ=
Subject key identifier:   AD:C7:CA:7C:AF:BB:6A:7C:42:30:D3:DC:C2:91:7A:B7:EC:95:20:1D
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019422FBBDA1F9ADE06886187ED16CFDFA89
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/rcfKfK-7anxCMNPcwpF6t-yVIB0.roa
Signing time:             Wed 01 Jan 2025 17:48:30 +0000
ROA not before:           Wed 01 Jan 2025 17:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396555
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:bd:a1:f9:ad:e0:68:86:18:7e:d1:6c:fd:fa:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jan  1 17:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=adc7ca7cafbb6a7c4230d3dcc2917ab7ec95201d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:73:88:52:e7:42:22:19:1f:de:ef:37:b0:5c:
                    b8:64:65:62:ec:54:fc:21:50:5d:32:72:d4:91:ab:
                    5b:69:37:82:a7:a6:2c:eb:52:4d:23:03:ad:0e:65:
                    c1:42:be:a8:3f:cd:40:3e:74:1e:bb:12:d0:8f:d3:
                    dc:2f:56:73:74:16:41:62:53:3c:f7:40:27:1d:c1:
                    0d:e0:1f:62:3f:8b:97:da:fd:ba:6e:a8:df:b6:50:
                    cf:c7:33:02:1d:9f:87:b6:0f:10:ca:85:d8:d8:4b:
                    6b:66:e4:ea:96:08:b4:75:55:88:bc:79:9b:0f:fc:
                    82:28:ca:7b:18:f6:47:87:4a:bd:2f:b3:2d:01:fd:
                    56:59:92:7b:5e:ef:73:d3:aa:7f:9f:b8:fa:d3:16:
                    31:dd:59:ce:96:bd:b4:cb:dc:bd:79:64:0c:e7:89:
                    d9:88:d1:fb:64:1a:a3:db:22:f5:1b:4f:c0:cf:7e:
                    74:06:98:32:78:ed:72:9e:17:30:2b:cc:00:a7:f8:
                    33:2a:f9:93:f2:a7:d1:01:40:61:75:e8:9f:ca:30:
                    45:3a:ba:2b:1a:29:fd:3d:a3:ca:c9:8a:cb:f2:16:
                    6d:a9:da:a8:0c:5d:81:8f:91:c4:f5:0c:51:75:98:
                    52:e5:0f:ff:7f:6b:4c:5c:89:26:5e:ce:76:de:a4:
                    10:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:C7:CA:7C:AF:BB:6A:7C:42:30:D3:DC:C2:91:7A:B7:EC:95:20:1D
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/rcfKfK-7anxCMNPcwpF6t-yVIB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.53/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:5f:6a:f1:55:2c:10:18:ff:76:94:ad:cd:1c:68:85:7d:6b:
         9c:95:2f:74:9e:a3:c5:45:f2:11:ef:e7:78:37:89:00:b9:b1:
         97:46:37:8e:af:3e:fe:67:9f:d1:f7:48:c6:d8:50:25:37:cb:
         94:2d:ef:91:87:8c:11:f7:36:32:08:9b:2a:0a:e6:70:93:84:
         68:07:b6:b8:53:56:e4:9c:15:4a:98:b1:fa:38:ed:6a:8c:31:
         bd:1c:5f:3d:22:1c:d4:62:78:e1:47:8f:a5:83:d2:18:8a:b7:
         bc:6a:d2:c8:9b:12:d2:69:e0:60:5e:a9:f8:9c:9d:eb:e5:de:
         b0:1c:27:de:e5:ef:5b:a3:dc:1a:82:98:fe:5f:d3:15:59:91:
         59:0e:c8:68:a9:5a:2c:e7:99:21:7e:41:94:64:b8:16:1d:99:
         3e:ca:1c:d5:07:f7:55:bb:d7:f9:b3:85:dd:8b:a3:22:aa:0f:
         88:f5:70:50:09:e3:78:d6:3e:10:73:7f:66:5e:8a:25:68:fd:
         5e:ae:32:cf:ad:a1:3c:8b:be:4c:8c:9e:d1:15:a4:a5:45:2f:
         a3:75:d4:38:d6:bc:46:ae:86:fc:c1:f8:3f:c2:e7:d3:43:6d:
         64:04:61:e4:08:c1:fa:66:d1:39:0f:6a:fc:f6:0e:9c:ee:23:
         6d:93:e8:e8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+72h+a3gaIYYftFs/fqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGM3Y2E3Y2FmYmI2YTdjNDIzMGQzZGNjMjkxN2FiN2VjOTUyMDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHOIUudCIhkf3u83sFy4ZGVi7FT8
IVBdMnLUkatbaTeCp6Ys61JNIwOtDmXBQr6oP81APnQeuxLQj9PcL1ZzdBZBYlM8
90AnHcEN4B9iP4uX2v26bqjftlDPxzMCHZ+Htg8QyoXY2EtrZuTqlgi0dVWIvHmb
D/yCKMp7GPZHh0q9L7MtAf1WWZJ7Xu9z06p/n7j60xYx3VnOlr20y9y9eWQM54nZ
iNH7ZBqj2yL1G0/Az350BpgyeO1ynhcwK8wAp/gzKvmT8qfRAUBhdeifyjBFOror
Gin9PaPKyYrL8hZtqdqoDF2Bj5HE9QxRdZhS5Q//f2tMXIkmXs523qQQTwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK3Hynyvu2p8QjDT3MKRerfslSAdMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvcmNmS2ZLLTdhbnhDTU5QY3dwRjZ0LXlWSUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUBURPDHgMF
ALlkADUwDQYJKoZIhvcNAQELBQADggEBAF9favFVLBAY/3aUrc0caIV9a5yVL3Se
o8VF8hHv53g3iQC5sZdGN46vPv5nn9H3SMbYUCU3y5Qt75GHjBH3NjIImyoK5nCT
hGgHtrhTVuScFUqYsfo47WqMMb0cXz0iHNRieOFHj6WD0hiKt7xq0sibEtJp4GBe
qficnevl3rAcJ97l71uj3BqCmP5f0xVZkVkOyGipWiznmSF+QZRkuBYdmT7KHNUH
91W71/mzhd2LoyKqD4j1cFAJ43jWPhBzf2ZeiiVo/V6uMs+toTyLvkyMntEVpKVF
L6N11DjWvEauhvzB+D/C59NDbWQEYeQIwfpm0TkPavz2DpzuI22T6Og=
-----END CERTIFICATE-----