Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/GvOxsQ1EpLfVnnwP65kYWTPESQE.roa
File:                     GvOxsQ1EpLfVnnwP65kYWTPESQE.roa (raw, json)
Hash identifier:          u5++TjCrgjSe/jWL03gqUxROFayuAyWr6sta1lWC4hg=
Subject key identifier:   1A:F3:B1:B1:0D:44:A4:B7:D5:9E:7C:0F:EB:99:18:59:33:C4:49:01
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F62586017BFB231BDA626B6EE465ABB
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/GvOxsQ1EpLfVnnwP65kYWTPESQE.roa
Signing time:             Tue 25 Jun 2024 12:32:43 +0000
ROA not before:           Tue 25 Jun 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396582
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:58:60:17:bf:b2:31:bd:a6:26:b6:ee:46:5a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1af3b1b10d44a4b7d59e7c0feb99185933c44901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2b:6e:06:9b:5b:ac:cc:92:f8:e5:c2:be:13:
                    b0:45:db:6c:c6:3e:9d:95:ad:97:67:53:c0:2e:aa:
                    54:08:fd:2d:7e:58:4b:a2:54:78:b2:a5:73:8e:a1:
                    8b:9b:c2:a7:1b:46:1d:1b:65:1e:cf:8b:6c:de:25:
                    4b:9d:cf:c7:4d:cd:5f:45:d1:90:99:0b:1a:de:67:
                    5f:86:b9:29:a4:f7:67:ea:a5:6a:cb:73:c1:8e:fa:
                    83:03:58:88:17:3c:91:93:0c:bf:cb:d1:0d:66:41:
                    11:a3:6c:39:de:f9:27:c0:80:4d:49:dc:ac:9b:67:
                    10:53:c5:5f:f6:0e:41:0d:a8:45:48:71:ca:ff:0b:
                    33:fb:6f:ed:13:13:13:02:2c:d1:a9:ed:2b:43:cf:
                    5e:eb:5d:94:8f:2f:47:35:60:04:cc:50:d9:13:e8:
                    9f:03:e8:80:b2:93:b3:42:d7:e3:21:f1:ba:79:5b:
                    75:88:27:9d:b9:41:05:73:48:b2:4c:bf:8f:11:f6:
                    1e:64:c3:4c:63:66:24:8f:a1:cc:28:50:82:64:de:
                    f5:d3:d0:86:d7:00:5d:00:3a:27:49:66:51:d6:05:
                    d3:b3:f2:be:4e:7b:3b:e0:22:3f:03:df:36:13:8d:
                    31:4d:26:50:93:a1:33:6c:31:bf:eb:b9:46:dd:c5:
                    ed:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F3:B1:B1:0D:44:A4:B7:D5:9E:7C:0F:EB:99:18:59:33:C4:49:01
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/GvOxsQ1EpLfVnnwP65kYWTPESQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         be:6c:57:03:e8:a7:d2:8a:a3:1d:cb:ab:6c:c5:0f:51:3a:03:
         79:96:ad:9a:e2:88:74:ef:ce:4b:78:30:f3:d0:59:3b:fd:36:
         2c:c5:fc:e7:0f:c0:0e:4b:e9:4e:5d:eb:b2:ba:79:f8:1c:67:
         f0:9c:85:eb:7f:81:0c:46:c3:d5:4a:4c:53:44:77:a8:7b:56:
         a1:e6:e1:d4:50:8c:80:1c:6a:13:30:3e:b9:6c:2e:85:ae:60:
         ba:21:07:37:ad:a7:1a:94:f1:32:fb:26:d0:03:f3:bf:cb:d0:
         66:44:97:87:1b:1c:f4:df:6b:4e:ac:30:13:fb:17:29:20:9e:
         6c:9b:5f:12:cb:c7:ac:c5:ab:dc:37:e8:22:13:78:f7:54:05:
         43:1b:b3:a2:5c:27:6f:0e:35:4b:4c:12:c2:57:1c:d7:b6:2b:
         61:c0:de:63:82:b1:4f:55:9c:23:ce:a8:36:7e:e0:e6:c3:1a:
         5d:8e:13:7e:6c:8f:6e:9c:b2:80:92:ed:4b:db:60:ca:3a:1c:
         7d:43:37:16:37:7b:9e:3f:df:a2:71:99:b6:f9:67:1f:90:13:
         22:b8:d0:25:82:4c:f1:cb:8a:50:93:d8:8c:fe:6c:fc:af:24:
         6c:4c:b4:a3:23:90:f5:32:76:74:d0:3e:9b:fe:db:13:73:ba:
         c9:6c:6f:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYlhgF7+yMb2mJrbuRlq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWYzYjFiMTBkNDRhNGI3ZDU5ZTdjMGZlYjk5MTg1OTMzYzQ0OTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuStuBptbrMyS+OXCvhOwRdtsxj6d
la2XZ1PALqpUCP0tflhLolR4sqVzjqGLm8KnG0YdG2Uez4ts3iVLnc/HTc1fRdGQ
mQsa3mdfhrkppPdn6qVqy3PBjvqDA1iIFzyRkwy/y9ENZkERo2w53vknwIBNSdys
m2cQU8Vf9g5BDahFSHHK/wsz+2/tExMTAizRqe0rQ89e612Ujy9HNWAEzFDZE+if
A+iAspOzQtfjIfG6eVt1iCeduUEFc0iyTL+PEfYeZMNMY2Ykj6HMKFCCZN7109CG
1wBdADonSWZR1gXTs/K+Tns74CI/A982E40xTSZQk6EzbDG/67lG3cXtkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBrzsbENRKS31Z58D+uZGFkzxEkBMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvR3ZPeHNRMUVwTGZWbm53UDY1a1lXVFBFU1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAvmxXA+in0oqjHcurbMUPUToDeZatmuKIdO/OS3gw
89BZO/02LMX85w/ADkvpTl3rsrp5+Bxn8JyF63+BDEbD1UpMU0R3qHtWoebh1FCM
gBxqEzA+uWwuha5guiEHN62nGpTxMvsm0APzv8vQZkSXhxsc9N9rTqwwE/sXKSCe
bJtfEsvHrMWr3DfoIhN491QFQxuzolwnbw41S0wSwlcc17YrYcDeY4KxT1WcI86o
Nn7g5sMaXY4TfmyPbpyygJLtS9tgyjocfUM3Fjd7nj/fonGZtvlnH5ATIrjQJYJM
8cuKUJPYjP5s/K8kbEy0oyOQ9TJ2dNA+m/7bE3O6yWxvzw==
-----END CERTIFICATE-----