Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wKf_e68AFgulvFhRytVScTM8ybE.roa
File:                     wKf_e68AFgulvFhRytVScTM8ybE.roa (raw, json)
Hash identifier:          EotIX7nxXVr4pfdmufOu6fmaLKwVPii3P3dwJgG1voo=
Subject key identifier:   C0:A7:FF:7B:AF:00:16:0B:A5:BC:58:51:CA:D5:52:71:33:3C:C9:B1
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F623889D2C37C4B63FF276B689282CC
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wKf_e68AFgulvFhRytVScTM8ybE.roa
Signing time:             Tue 25 Jun 2024 12:32:35 +0000
ROA not before:           Tue 25 Jun 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32651
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:38:89:d2:c3:7c:4b:63:ff:27:6b:68:92:82:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0a7ff7baf00160ba5bc5851cad55271333cc9b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:46:fc:31:66:ec:d9:40:86:0e:72:14:a7:0f:
                    4a:f5:9b:d1:ae:1a:09:ea:d4:1e:54:8c:41:09:0f:
                    6e:4a:20:08:53:39:4d:f5:f0:6d:52:4e:ae:8c:2a:
                    79:0e:2a:48:a3:43:9d:7f:b0:33:5c:5d:17:83:6c:
                    f1:5f:18:1e:cb:42:5b:c8:35:fe:05:e3:0b:b7:c7:
                    be:7e:0b:da:84:15:47:e7:fd:15:e3:9b:e4:10:54:
                    1c:37:6f:d2:34:4f:16:24:a2:ba:80:b3:f4:ab:32:
                    f4:84:4b:36:b6:21:63:2a:7f:20:02:15:f4:c1:c4:
                    9d:5c:0d:0b:61:2d:88:90:58:b7:e0:87:92:78:fd:
                    9a:e2:87:98:18:96:4e:92:44:88:d7:d5:d3:76:f1:
                    a6:51:b0:af:de:cd:ca:1a:ff:91:cf:e9:9a:d4:ff:
                    01:82:a3:c4:e0:fe:81:e6:35:d5:ff:b9:c8:a0:47:
                    8c:8d:fd:c3:88:15:5e:e8:48:03:a8:d2:40:db:b8:
                    f4:05:e6:9f:6d:64:41:5a:76:4b:0b:21:30:b3:96:
                    90:b5:1d:8a:42:4c:79:de:37:2a:fd:00:0c:c9:9e:
                    d5:96:99:38:42:3b:d3:df:c6:31:c3:c9:1f:30:8d:
                    bb:39:97:cc:3f:d2:1b:b1:51:13:33:40:57:8b:96:
                    91:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:A7:FF:7B:AF:00:16:0B:A5:BC:58:51:CA:D5:52:71:33:3C:C9:B1
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wKf_e68AFgulvFhRytVScTM8ybE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         52:13:18:c9:64:bd:2d:ea:95:2d:af:2b:e2:b6:04:c0:21:f8:
         fa:30:df:c8:c2:d4:7b:f1:23:85:32:35:60:39:9f:e5:e2:6d:
         c2:27:7c:9c:1d:f1:a1:34:fa:e4:c0:26:d7:85:c8:2d:1d:56:
         43:5a:58:0f:12:48:e2:56:e5:fa:c7:c5:ac:a8:81:29:aa:6d:
         21:67:42:1b:91:03:6a:a2:a0:15:c4:12:3d:6f:6a:d3:98:b4:
         b1:b3:7a:55:f0:e9:cc:ca:4d:fb:7f:1b:fd:2b:59:0a:c0:9c:
         f0:5e:ca:98:8e:bd:86:fb:49:03:a1:34:47:8c:a9:f9:62:9d:
         59:fa:86:09:99:66:27:98:82:c0:11:76:d5:ec:53:c8:88:3a:
         f4:28:31:09:bb:4f:d2:64:41:a5:53:e8:fd:0b:3e:16:ab:a1:
         83:eb:08:ed:b1:46:6f:fc:11:f5:6c:17:43:c3:c5:26:0f:3f:
         42:d7:41:53:7c:26:dd:46:0c:ed:b7:09:30:6a:62:12:a2:04:
         28:d8:71:da:0d:4b:87:ef:c5:0e:da:2b:90:01:c0:58:e2:f5:
         5a:51:34:f8:e5:15:38:f5:06:73:dc:0b:e7:18:cf:93:96:ba:
         3a:0b:d3:2c:63:26:30:03:24:dc:cd:d5:3e:83:ed:87:2d:4d:
         03:f4:64:53
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYjiJ0sN8S2P/J2tokoLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGE3ZmY3YmFmMDAxNjBiYTViYzU4NTFjYWQ1NTI3MTMzM2NjOWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUb8MWbs2UCGDnIUpw9K9ZvRrhoJ
6tQeVIxBCQ9uSiAIUzlN9fBtUk6ujCp5DipIo0Odf7AzXF0Xg2zxXxgey0JbyDX+
BeMLt8e+fgvahBVH5/0V45vkEFQcN2/SNE8WJKK6gLP0qzL0hEs2tiFjKn8gAhX0
wcSdXA0LYS2IkFi34IeSeP2a4oeYGJZOkkSI19XTdvGmUbCv3s3KGv+Rz+ma1P8B
gqPE4P6B5jXV/7nIoEeMjf3DiBVe6EgDqNJA27j0BeafbWRBWnZLCyEws5aQtR2K
Qkx53jcq/QAMyZ7Vlpk4QjvT38Yxw8kfMI27OZfMP9IbsVETM0BXi5aRswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMCn/3uvABYLpbxYUcrVUnEzPMmxMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvd0tmX2U2OEFGZ3VsdkZoUnl0VlNjVE04eWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAUhMYyWS9LeqVLa8r4rYEwCH4+jDfyMLUe/EjhTI1
YDmf5eJtwid8nB3xoTT65MAm14XILR1WQ1pYDxJI4lbl+sfFrKiBKaptIWdCG5ED
aqKgFcQSPW9q05i0sbN6VfDpzMpN+38b/StZCsCc8F7KmI69hvtJA6E0R4yp+WKd
WfqGCZlmJ5iCwBF21exTyIg69CgxCbtP0mRBpVPo/Qs+Fquhg+sI7bFGb/wR9WwX
Q8PFJg8/QtdBU3wm3UYM7bcJMGpiEqIEKNhx2g1Lh+/FDtorkAHAWOL1WlE0+OUV
OPUGc9wL5xjPk5a6OgvTLGMmMAMk3M3VPoPthy1NA/RkUw==
-----END CERTIFICATE-----