Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7lIczwo7C8iuIxu6YSOYJ3GfgCM.roa
File:                     7lIczwo7C8iuIxu6YSOYJ3GfgCM.roa (raw, json)
Hash identifier:          AM1jHHTGCZTqKK2pXatM97FSsvtP0bZlmyQEiQvAKCA=
Subject key identifier:   EE:52:1C:CF:0A:3B:0B:C8:AE:23:1B:BA:61:23:98:27:71:9F:80:23
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F62457B3181EBC21A90227C932EC46A
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7lIczwo7C8iuIxu6YSOYJ3GfgCM.roa
Signing time:             Tue 25 Jun 2024 12:32:38 +0000
ROA not before:           Tue 25 Jun 2024 12:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396545
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:45:7b:31:81:eb:c2:1a:90:22:7c:93:2e:c4:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee521ccf0a3b0bc8ae231bba61239827719f8023
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:cf:bf:09:c2:ed:17:13:5d:d5:b5:1e:49:bb:
                    bd:a9:56:83:b5:bd:48:b8:10:c2:ac:b0:fd:c1:42:
                    bf:16:a7:68:2e:6f:92:63:16:9b:03:66:4e:c3:19:
                    c2:5d:56:c0:e3:48:53:35:79:b3:5d:ca:23:33:b5:
                    a5:8d:83:08:79:00:a5:2d:b3:57:bb:3e:30:5d:d1:
                    da:4a:88:e6:3c:2f:06:0d:e1:fc:df:b6:77:18:f6:
                    5c:0f:f3:4c:2e:50:73:27:58:04:9b:6f:a4:b5:95:
                    79:7c:23:97:d5:30:75:c1:d3:1e:ab:aa:d0:b4:e8:
                    e1:37:45:62:7a:ff:65:65:96:5b:a1:f0:41:5b:35:
                    f3:8d:f7:de:11:2e:9b:9b:fa:59:ec:a6:88:64:cb:
                    a7:76:e3:7c:2a:e7:8b:38:9a:0f:a5:fc:28:dc:be:
                    48:10:37:9b:35:da:6e:ce:ac:0b:b8:a3:03:a7:26:
                    b4:95:cb:84:a1:99:ad:c0:e9:f4:1d:a8:7c:78:fc:
                    28:47:b4:6e:c5:93:02:7b:81:2c:39:10:e2:37:b5:
                    78:cf:82:84:3d:94:39:8d:70:9f:27:21:e1:a2:ea:
                    fe:87:5f:25:6b:e7:09:89:ef:4f:66:13:f4:28:aa:
                    cc:e7:7a:81:fa:8e:2a:4e:f0:27:79:e8:f3:cc:d9:
                    56:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:52:1C:CF:0A:3B:0B:C8:AE:23:1B:BA:61:23:98:27:71:9F:80:23
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/7lIczwo7C8iuIxu6YSOYJ3GfgCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         7c:6c:d9:d2:72:34:36:54:5e:b3:d7:61:d4:04:d2:f4:87:fc:
         da:12:7b:82:36:25:59:a2:88:ec:4d:ce:f5:d6:fe:be:1b:a8:
         d8:9c:59:75:07:14:69:f5:ff:b6:19:61:10:d4:a8:0b:31:27:
         71:a2:da:e9:55:dc:15:e7:06:9c:72:c0:6a:14:3d:f2:34:d5:
         dc:2d:75:f0:aa:7f:70:be:3b:eb:13:9b:88:3f:9d:47:1e:8a:
         03:5c:29:2b:98:72:f6:fe:2d:c0:a7:e3:82:da:ea:8c:9b:8e:
         c6:6c:a7:6d:4e:ac:60:0c:74:8c:7d:81:22:48:53:86:47:a3:
         55:bf:f9:10:0c:15:c8:a5:14:23:73:30:8f:2e:7d:5b:8b:26:
         76:24:ec:97:aa:8a:69:44:c0:88:83:45:de:4f:24:ca:51:43:
         fe:25:43:d6:5c:41:a7:45:51:2b:63:71:da:b6:7a:a3:93:c0:
         43:db:27:9c:2a:e6:4a:10:7c:7c:fa:00:a0:e5:48:43:87:90:
         bf:72:7d:26:6d:e8:6c:13:43:91:9d:b0:b7:1d:73:15:c8:fd:
         2e:4a:9c:93:fa:23:88:82:2c:08:e3:a1:2c:97:1c:ed:36:8e:
         7b:1e:17:16:b0:fa:7f:90:b6:c4:12:30:de:6b:5b:bd:28:33:
         e8:2e:f4:88
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYkV7MYHrwhqQInyTLsRqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTUyMWNjZjBhM2IwYmM4YWUyMzFiYmE2MTIzOTgyNzcxOWY4MDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM+/CcLtFxNd1bUeSbu9qVaDtb1I
uBDCrLD9wUK/FqdoLm+SYxabA2ZOwxnCXVbA40hTNXmzXcojM7WljYMIeQClLbNX
uz4wXdHaSojmPC8GDeH837Z3GPZcD/NMLlBzJ1gEm2+ktZV5fCOX1TB1wdMeq6rQ
tOjhN0Viev9lZZZbofBBWzXzjffeES6bm/pZ7KaIZMunduN8KueLOJoPpfwo3L5I
EDebNdpuzqwLuKMDpya0lcuEoZmtwOn0Hah8ePwoR7RuxZMCe4EsORDiN7V4z4KE
PZQ5jXCfJyHhour+h18la+cJie9PZhP0KKrM53qB+o4qTvAneejzzNlWuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO5SHM8KOwvIriMbumEjmCdxn4AjMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvN2xJY3p3bzdDOGl1SXh1NllTT1lKM0dmZ0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAfGzZ0nI0NlRes9dh1ATS9If82hJ7gjYlWaKI7E3O
9db+vhuo2JxZdQcUafX/thlhENSoCzEncaLa6VXcFecGnHLAahQ98jTV3C118Kp/
cL476xObiD+dRx6KA1wpK5hy9v4twKfjgtrqjJuOxmynbU6sYAx0jH2BIkhThkej
Vb/5EAwVyKUUI3Mwjy59W4smdiTsl6qKaUTAiINF3k8kylFD/iVD1lxBp0VRK2Nx
2rZ6o5PAQ9snnCrmShB8fPoAoOVIQ4eQv3J9Jm3obBNDkZ2wtx1zFcj9Lkqck/oj
iIIsCOOhLJcc7TaOex4XFrD6f5C2xBIw3mtbvSgz6C70iA==
-----END CERTIFICATE-----