Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/t272epJ2LlS8xrwSsI8X5RlWtKA.roa
File:                     t272epJ2LlS8xrwSsI8X5RlWtKA.roa (raw, json)
Hash identifier:          W8oXJvy+FN61sl/6DOrVcvRnLHP8dZJlf+nt6dy6qDQ=
Subject key identifier:   B7:6E:F6:7A:92:76:2E:54:BC:C6:BC:12:B0:8F:17:E5:19:56:B4:A0
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F62633EE99AA301AAB80C789E60F3A9
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/t272epJ2LlS8xrwSsI8X5RlWtKA.roa
Signing time:             Tue 25 Jun 2024 12:32:46 +0000
ROA not before:           Tue 25 Jun 2024 12:32:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396605
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:63:3e:e9:9a:a3:01:aa:b8:0c:78:9e:60:f3:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b76ef67a92762e54bcc6bc12b08f17e51956b4a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c8:81:f4:35:4c:f9:93:4b:65:f2:0e:e7:13:
                    68:10:c8:24:2a:16:6a:5f:c6:a7:2f:a1:1f:24:c4:
                    e6:69:3b:d0:05:89:ea:1b:e4:e9:e9:f4:04:cd:ee:
                    2c:88:4a:ff:3f:b8:55:30:21:a6:e5:ca:8d:eb:db:
                    d3:48:59:07:97:c8:ce:d7:9c:ed:82:30:94:a6:28:
                    e8:82:96:f3:1b:ef:4a:19:2d:ff:f4:c1:e8:95:9b:
                    b6:7d:5f:36:9a:e8:d9:98:cc:d6:0b:0e:7c:81:7a:
                    68:86:97:97:12:7c:7e:ab:ff:1e:02:8a:e7:7e:69:
                    b0:8e:9f:a0:5d:ca:cb:cb:61:0a:fe:0f:15:51:52:
                    68:63:46:04:b9:e2:4e:86:84:2b:86:c7:dc:8b:7b:
                    ee:c6:73:08:29:63:f5:ef:49:de:44:5f:ac:be:e2:
                    83:aa:24:de:4b:65:00:57:d3:09:7c:61:70:a0:01:
                    67:d6:0b:ac:5e:50:14:10:ed:9a:5d:59:06:58:4a:
                    67:ff:32:2c:07:df:a2:17:bd:71:53:aa:5d:02:a4:
                    e4:3c:3d:db:97:b0:59:fa:5d:32:a0:6b:01:95:65:
                    36:7a:dc:c3:e9:0a:44:70:a1:ee:cd:11:5b:b0:d0:
                    33:3d:bd:22:12:0f:8e:f4:b6:d4:df:b8:37:7f:d3:
                    71:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:6E:F6:7A:92:76:2E:54:BC:C6:BC:12:B0:8F:17:E5:19:56:B4:A0
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/t272epJ2LlS8xrwSsI8X5RlWtKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         66:71:e9:e5:a0:1c:a9:ba:90:3b:db:f2:50:ba:fc:18:d7:f8:
         c5:06:e1:95:ef:fd:b6:23:d9:c2:97:94:d0:42:50:f5:d0:bc:
         71:30:2d:59:9e:5c:21:40:5a:5f:98:99:12:9b:d7:93:c1:7e:
         6f:64:5b:2f:2f:be:09:9f:64:24:07:2b:24:76:c5:09:ab:2c:
         1b:5f:d3:72:76:ea:69:d5:57:3e:fa:6b:3c:2c:06:46:3a:aa:
         4e:b4:58:42:eb:4c:00:6b:39:48:18:31:28:fb:a5:47:f8:5d:
         fc:92:e1:1e:97:8a:6e:ca:9c:10:2d:54:78:3a:5f:8d:99:d3:
         06:75:d1:c4:b4:82:c4:e5:8a:17:85:8d:c2:53:a1:21:22:96:
         1b:7b:7f:5f:b5:d9:2d:87:15:f7:2b:e4:ba:f6:bc:09:f3:28:
         39:0a:95:5e:fa:c1:74:c0:39:52:a7:91:22:3d:e9:c5:cc:29:
         99:4a:5a:68:ee:24:53:c2:ad:dd:49:dc:26:de:02:94:62:80:
         92:95:f6:fa:da:c1:de:0e:cf:89:e3:da:25:57:a3:2b:3e:88:
         b8:81:7c:c8:c9:99:b5:aa:8e:01:7a:0f:f5:f6:34:3f:49:d5:
         ad:d7:ac:b9:99:cb:35:65:51:02:34:ab:a7:4a:00:fc:93:eb:
         67:be:24:1f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYmM+6ZqjAaq4DHieYPOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZlZjY3YTkyNzYyZTU0YmNjNmJjMTJiMDhmMTdlNTE5NTZiNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MiB9DVM+ZNLZfIO5xNoEMgkKhZq
X8anL6EfJMTmaTvQBYnqG+Tp6fQEze4siEr/P7hVMCGm5cqN69vTSFkHl8jO15zt
gjCUpijogpbzG+9KGS3/9MHolZu2fV82mujZmMzWCw58gXpohpeXEnx+q/8eAorn
fmmwjp+gXcrLy2EK/g8VUVJoY0YEueJOhoQrhsfci3vuxnMIKWP170neRF+svuKD
qiTeS2UAV9MJfGFwoAFn1gusXlAUEO2aXVkGWEpn/zIsB9+iF71xU6pdAqTkPD3b
l7BZ+l0yoGsBlWU2etzD6QpEcKHuzRFbsNAzPb0iEg+O9LbU37g3f9NxDwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLdu9nqSdi5UvMa8ErCPF+UZVrSgMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvdDI3MmVwSjJMbFM4eHJ3U3NJOFg1UmxXdEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAZnHp5aAcqbqQO9vyULr8GNf4xQbhle/9tiPZwpeU
0EJQ9dC8cTAtWZ5cIUBaX5iZEpvXk8F+b2RbLy++CZ9kJAcrJHbFCassG1/Tcnbq
adVXPvprPCwGRjqqTrRYQutMAGs5SBgxKPulR/hd/JLhHpeKbsqcEC1UeDpfjZnT
BnXRxLSCxOWKF4WNwlOhISKWG3t/X7XZLYcV9yvkuva8CfMoOQqVXvrBdMA5UqeR
Ij3pxcwpmUpaaO4kU8Kt3UncJt4ClGKAkpX2+trB3g7PiePaJVejKz6IuIF8yMmZ
taqOAXoP9fY0P0nVrdesuZnLNWVRAjSrp0oA/JPrZ74kHw==
-----END CERTIFICATE-----