Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/69Jhic5cUuRc4MR7PolKLdPWJV4.roa
File:                     69Jhic5cUuRc4MR7PolKLdPWJV4.roa (raw, json)
Hash identifier:          Y+fBUktba3d2xxtl65W30ctlh7EfHSEi6Z3dE9hFcIU=
Subject key identifier:   EB:D2:61:89:CE:5C:52:E4:5C:E0:C4:7B:3E:89:4A:2D:D3:D6:25:5E
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F6259D415D51A62D4B1B780C4EB6BE8
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/69Jhic5cUuRc4MR7PolKLdPWJV4.roa
Signing time:             Tue 25 Jun 2024 12:32:43 +0000
ROA not before:           Tue 25 Jun 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396584
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:59:d4:15:d5:1a:62:d4:b1:b7:80:c4:eb:6b:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebd26189ce5c52e45ce0c47b3e894a2dd3d6255e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:08:25:c5:40:1e:d8:bd:80:b4:88:ab:fb:31:
                    95:b2:d9:d1:d3:6d:bc:a4:78:26:c4:de:6c:a1:c8:
                    7e:87:58:bf:9a:90:2a:8a:b4:28:61:ab:d0:9e:6d:
                    a9:da:a6:fc:da:fd:00:b3:26:58:70:18:d6:a6:cf:
                    a8:c7:b5:51:98:0f:8d:ac:33:a3:d7:84:8c:89:85:
                    cf:4c:90:eb:3c:e0:b7:2c:98:66:cc:40:61:c0:9d:
                    44:7f:34:cb:11:d2:34:06:6d:95:0d:9c:c6:5d:6d:
                    a4:e1:ff:8a:7e:cc:72:90:59:55:c9:17:3b:64:28:
                    17:3a:d0:d0:0b:eb:f8:62:9f:e4:a2:12:40:a8:0d:
                    6d:76:55:58:53:a9:5b:98:ae:b7:7b:08:be:00:c4:
                    1c:89:7d:9a:3a:36:cc:7f:7f:fe:56:69:87:9d:59:
                    9c:10:9e:1b:49:a1:37:40:c9:de:04:6d:de:cc:cb:
                    c5:1a:18:56:f1:a9:b3:d9:b3:e3:7f:7e:b6:b3:57:
                    02:cc:9f:3a:c1:19:8f:2b:43:04:86:09:8c:25:75:
                    39:f6:d7:ea:a6:ea:c3:be:fb:fe:12:08:78:b8:ff:
                    67:92:97:a6:60:41:40:92:08:77:37:09:f0:8c:52:
                    91:62:8e:fd:7e:25:4f:85:02:3e:61:a7:a8:fd:b1:
                    3b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D2:61:89:CE:5C:52:E4:5C:E0:C4:7B:3E:89:4A:2D:D3:D6:25:5E
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/69Jhic5cUuRc4MR7PolKLdPWJV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         9b:1e:fd:7a:26:51:01:d5:f6:8f:10:5b:8d:1f:48:49:ab:a2:
         ee:b2:ad:62:d3:23:b7:3e:f7:48:27:1b:16:66:42:e7:ef:c0:
         e0:6a:52:0a:56:35:fa:75:08:d4:2e:71:3f:45:0e:f2:b7:a2:
         9c:5d:c7:5b:3e:6b:e1:e1:c3:f7:2e:3f:fc:c8:fa:93:1d:cc:
         0c:22:a7:5d:5b:63:8f:07:59:81:76:c4:44:00:59:1a:49:61:
         2e:2f:73:c7:d3:33:78:c0:c0:36:5b:72:cf:97:e6:9d:e0:ee:
         64:2b:30:8b:c5:00:d1:e7:3c:08:25:e2:10:85:a2:c1:a2:2d:
         80:c2:78:8c:02:47:e5:1e:10:31:d7:9e:e1:9f:c5:48:4a:46:
         82:9d:72:3f:3c:4b:5c:7b:53:62:f0:ed:7d:89:10:6a:66:54:
         a3:de:4a:cf:d8:e9:99:e4:05:f9:bb:ee:d7:f7:72:dd:b7:b5:
         4d:dc:bd:4c:43:1d:40:5f:3f:2d:dd:8f:47:ea:63:03:85:a7:
         92:a8:b8:c8:57:aa:09:33:48:d0:7f:f6:41:da:ca:f3:6c:df:
         6d:7f:75:98:dd:cf:56:89:5c:7a:72:64:73:74:e8:2e:fb:8c:
         9e:62:78:4c:9e:33:68:9c:dc:0e:f7:ad:80:0c:00:86:1a:9c:
         b1:df:5c:96
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYlnUFdUaYtSxt4DE62voMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQyNjE4OWNlNWM1MmU0NWNlMGM0N2IzZTg5NGEyZGQzZDYyNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugglxUAe2L2AtIir+zGVstnR0228
pHgmxN5soch+h1i/mpAqirQoYavQnm2p2qb82v0AsyZYcBjWps+ox7VRmA+NrDOj
14SMiYXPTJDrPOC3LJhmzEBhwJ1EfzTLEdI0Bm2VDZzGXW2k4f+KfsxykFlVyRc7
ZCgXOtDQC+v4Yp/kohJAqA1tdlVYU6lbmK63ewi+AMQciX2aOjbMf3/+VmmHnVmc
EJ4bSaE3QMneBG3ezMvFGhhW8amz2bPjf362s1cCzJ86wRmPK0MEhgmMJXU59tfq
purDvvv+Egh4uP9nkpemYEFAkgh3NwnwjFKRYo79fiVPhQI+Yaeo/bE7KQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOvSYYnOXFLkXODEez6JSi3T1iVeMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvNjlKaGljNWNVdVJjNE1SN1BvbEtMZFBXSlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAmx79eiZRAdX2jxBbjR9ISaui7rKtYtMjtz73SCcb
FmZC5+/A4GpSClY1+nUI1C5xP0UO8reinF3HWz5r4eHD9y4//Mj6kx3MDCKnXVtj
jwdZgXbERABZGklhLi9zx9MzeMDANltyz5fmneDuZCswi8UA0ec8CCXiEIWiwaIt
gMJ4jAJH5R4QMdee4Z/FSEpGgp1yPzxLXHtTYvDtfYkQamZUo95Kz9jpmeQF+bvu
1/dy3be1Tdy9TEMdQF8/Ld2PR+pjA4Wnkqi4yFeqCTNI0H/2QdrK82zfbX91mN3P
VolcenJkc3ToLvuMnmJ4TJ4zaJzcDvetgAwAhhqcsd9clg==
-----END CERTIFICATE-----