Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wUWPknO35PWRfemZIC8kN7RD2J8.roa
File:                     wUWPknO35PWRfemZIC8kN7RD2J8.roa (raw, json)
Hash identifier:          UWTPD+Zz98PVqyTZTZdr1ToFBQMZbATmfa1wOgjMdnQ=
Subject key identifier:   C1:45:8F:92:73:B7:E4:F5:91:7D:E9:99:20:2F:24:37:B4:43:D8:9F
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F625EEF83093241C80D5402FAE97160
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wUWPknO35PWRfemZIC8kN7RD2J8.roa
Signing time:             Tue 25 Jun 2024 12:32:45 +0000
ROA not before:           Tue 25 Jun 2024 12:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396594
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:5e:ef:83:09:32:41:c8:0d:54:02:fa:e9:71:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1458f9273b7e4f5917de999202f2437b443d89f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e6:4f:43:a7:f4:55:6e:96:87:b8:a8:f0:83:
                    ab:3c:6e:ca:ac:6b:67:a1:91:68:76:ed:05:e3:c9:
                    78:c3:36:6c:d7:cd:b6:a5:d2:19:2f:4a:28:ff:2d:
                    aa:5b:09:f6:90:8f:63:77:bd:6a:91:71:1b:c1:fb:
                    02:37:aa:46:d1:34:3e:a5:ce:90:44:38:c9:43:49:
                    24:f7:06:5f:c7:eb:b0:95:7f:3d:98:49:71:af:9c:
                    01:81:f8:cc:1c:72:96:7e:69:3c:63:76:2d:0d:78:
                    8e:d3:59:09:2b:84:fb:c5:53:36:33:27:6d:4a:06:
                    a6:b8:d8:e2:6a:b4:e6:fa:ce:b8:6c:26:16:c5:46:
                    d9:51:c6:c0:d8:4d:ab:a5:b4:40:42:20:16:d1:c2:
                    77:a3:78:ec:b4:79:14:b1:68:df:f2:d5:48:f7:1b:
                    4c:67:34:08:43:d0:8c:34:45:18:8b:2a:cb:3d:e8:
                    b8:13:d9:68:30:6d:1f:17:55:e8:58:82:57:52:76:
                    2e:1d:b8:ab:5c:f9:1a:77:b3:87:71:bd:00:bb:b6:
                    0e:d7:f2:1e:5f:6a:96:b0:8f:ff:47:b7:9e:68:60:
                    38:d9:6b:2a:77:ac:24:d4:72:6e:4d:7a:99:5f:03:
                    96:a4:f3:2e:23:c4:66:25:a8:ad:1b:e0:bf:1f:1a:
                    e2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:45:8F:92:73:B7:E4:F5:91:7D:E9:99:20:2F:24:37:B4:43:D8:9F
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wUWPknO35PWRfemZIC8kN7RD2J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         c3:68:9d:12:fa:3c:85:3a:d0:f2:f7:bc:67:dc:07:4b:f7:7d:
         d9:c4:b3:90:2c:9b:da:29:f9:86:e6:ef:dd:50:e8:83:3e:bc:
         85:8f:35:77:54:eb:b3:d2:29:49:58:cd:71:c0:bf:88:03:85:
         0d:6f:b3:40:f2:01:fe:68:13:bf:70:4f:28:f2:0f:5d:63:a1:
         a7:0c:c6:6c:52:d9:0b:a0:37:54:56:dd:f9:46:dc:e7:bd:79:
         4b:3d:54:44:9a:0c:a6:0b:60:47:15:95:1f:08:9e:c9:95:a2:
         fa:c0:da:65:4b:e3:6b:ba:39:55:79:f0:d8:34:ac:83:b1:61:
         95:f8:af:7a:57:61:92:5a:2b:05:d7:3f:fc:ca:f5:20:f3:f2:
         36:58:ac:83:da:00:c9:dc:6a:e4:8f:3f:57:8a:64:4f:a4:19:
         8a:59:38:25:aa:ce:17:fe:17:8d:03:19:ff:5f:d8:7f:24:16:
         db:50:28:b4:dd:ac:85:c5:21:5a:91:53:50:ac:d6:8b:30:9f:
         c8:53:28:d0:6a:0b:f3:44:92:56:d2:b1:a3:a5:3a:5b:b0:23:
         09:9c:a3:8b:70:41:e8:d1:f0:91:49:c6:85:86:09:0d:98:d1:
         a1:34:af:55:a1:ed:f4:95:0a:13:87:4d:28:7c:59:40:b4:74:
         5a:e6:36:0f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYl7vgwkyQcgNVAL66XFgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQ1OGY5MjczYjdlNGY1OTE3ZGU5OTkyMDJmMjQzN2I0NDNkODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseZPQ6f0VW6Wh7io8IOrPG7KrGtn
oZFodu0F48l4wzZs1822pdIZL0oo/y2qWwn2kI9jd71qkXEbwfsCN6pG0TQ+pc6Q
RDjJQ0kk9wZfx+uwlX89mElxr5wBgfjMHHKWfmk8Y3YtDXiO01kJK4T7xVM2Mydt
SgamuNjiarTm+s64bCYWxUbZUcbA2E2rpbRAQiAW0cJ3o3jstHkUsWjf8tVI9xtM
ZzQIQ9CMNEUYiyrLPei4E9loMG0fF1XoWIJXUnYuHbirXPkad7OHcb0Au7YO1/Ie
X2qWsI//R7eeaGA42Wsqd6wk1HJuTXqZXwOWpPMuI8RmJaitG+C/HxrigQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMFFj5Jzt+T1kX3pmSAvJDe0Q9ifMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvd1VXUGtuTzM1UFdSZmVtWklDOGtON1JEMko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAw2idEvo8hTrQ8ve8Z9wHS/d92cSzkCyb2in5hubv
3VDogz68hY81d1Trs9IpSVjNccC/iAOFDW+zQPIB/mgTv3BPKPIPXWOhpwzGbFLZ
C6A3VFbd+Ubc5715Sz1URJoMpgtgRxWVHwieyZWi+sDaZUvja7o5VXnw2DSsg7Fh
lfiveldhklorBdc//Mr1IPPyNlisg9oAydxq5I8/V4pkT6QZilk4JarOF/4XjQMZ
/1/YfyQW21AotN2shcUhWpFTUKzWizCfyFMo0GoL80SSVtKxo6U6W7AjCZyji3BB
6NHwkUnGhYYJDZjRoTSvVaHt9JUKE4dNKHxZQLR0WuY2Dw==
-----END CERTIFICATE-----