Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/NjfzhdS8p8K0QdGZKoUi4L9BpCs.roa
File:                     NjfzhdS8p8K0QdGZKoUi4L9BpCs.roa (raw, json)
Hash identifier:          Q5mp2Nrk39bxgCYh+Fa6OHp921mRH2ZamPQ85fr6dbU=
Subject key identifier:   36:37:F3:85:D4:BC:A7:C2:B4:41:D1:99:2A:85:22:E0:BF:41:A4:2B
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F624A54681F6EAD644809C6B573EBB6
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/NjfzhdS8p8K0QdGZKoUi4L9BpCs.roa
Signing time:             Tue 25 Jun 2024 12:32:39 +0000
ROA not before:           Tue 25 Jun 2024 12:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396553
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:4a:54:68:1f:6e:ad:64:48:09:c6:b5:73:eb:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3637f385d4bca7c2b441d1992a8522e0bf41a42b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1d:3a:ab:6b:1a:11:10:a5:d6:09:d1:ff:99:
                    a2:7c:d3:50:06:6e:0b:7a:39:9c:ab:cd:87:1c:77:
                    24:a1:75:ca:fe:be:3a:ba:cf:97:14:9b:9a:3f:42:
                    c9:4a:48:7b:91:f0:d2:cf:de:b3:89:98:f9:4e:c5:
                    e9:b9:0b:8d:a1:18:f0:f8:7c:49:ee:f3:b7:13:34:
                    56:76:b7:89:ad:e1:3d:92:e2:3c:39:03:b7:52:22:
                    0d:45:97:f9:d4:d0:47:a2:5b:b0:78:e0:a3:08:87:
                    7a:0f:86:a7:c2:c0:a0:54:3f:f2:c8:40:28:45:56:
                    6a:42:ae:59:81:1a:4a:ce:6c:e7:25:e0:cf:b5:ae:
                    c5:96:43:8b:21:0e:37:52:f3:c9:b0:e9:b0:f9:45:
                    26:6b:e6:3a:be:aa:c0:4d:b6:a6:60:42:be:fd:80:
                    5c:25:09:81:e3:c7:65:ae:e6:7b:5a:c2:7e:b9:77:
                    45:55:e8:1b:9a:09:bf:98:26:7c:22:7e:6a:72:3b:
                    a4:82:d4:16:0f:77:de:5a:02:58:d1:3f:fb:9f:8c:
                    cb:5f:fc:51:3e:a4:63:4d:c3:89:d7:7f:a2:32:98:
                    88:0f:c3:b7:78:5a:87:60:55:64:0a:b4:c8:34:15:
                    10:30:91:5e:c2:f5:1f:92:25:6a:9c:86:75:aa:f9:
                    7d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:37:F3:85:D4:BC:A7:C2:B4:41:D1:99:2A:85:22:E0:BF:41:A4:2B
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/NjfzhdS8p8K0QdGZKoUi4L9BpCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         35:c5:f9:45:71:1d:7c:c7:ab:5a:b8:5a:cd:b2:6e:d9:19:be:
         05:07:ba:ad:fd:a7:e0:1a:9a:b7:55:d6:dc:07:24:b8:09:4b:
         59:d4:3a:db:ab:f8:fc:7b:1a:bf:23:8f:d5:6c:72:f7:5b:75:
         51:61:16:43:c0:85:bc:f0:00:1a:07:97:ef:fa:86:bf:0f:69:
         35:71:07:29:fe:2c:c8:5e:73:d8:4d:65:0d:03:0d:21:f4:3b:
         99:cb:4d:72:9b:0b:a8:9c:32:91:9d:d6:75:35:95:95:9e:e7:
         f2:ce:dc:4e:7a:56:8d:75:d6:1b:2b:e6:6f:57:9a:b5:ed:8b:
         b3:cb:15:4b:60:46:2f:46:52:a2:ea:e2:7f:41:52:d7:20:72:
         80:05:ab:2f:ea:e5:7a:b7:ee:fe:e4:d4:74:8d:87:26:02:b5:
         47:21:5d:10:2f:d9:af:e9:36:df:dc:53:02:f1:55:37:13:a2:
         b8:3d:e7:e1:0a:5c:c6:98:ae:ba:ec:f9:7e:77:ed:48:a0:81:
         27:8f:ef:6f:f1:08:34:84:fa:77:c2:71:cb:d9:1d:86:a0:c1:
         1e:f2:64:81:56:93:dc:c9:7e:14:20:ee:b1:72:89:b4:3f:0f:
         84:d6:ef:b5:08:1a:c2:66:13:ab:bc:e1:6e:09:5f:e3:d2:52:
         ba:82:6d:85
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYkpUaB9urWRICca1c+u2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM3ZjM4NWQ0YmNhN2MyYjQ0MWQxOTkyYTg1MjJlMGJmNDFhNDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB06q2saERCl1gnR/5mifNNQBm4L
ejmcq82HHHckoXXK/r46us+XFJuaP0LJSkh7kfDSz96ziZj5TsXpuQuNoRjw+HxJ
7vO3EzRWdreJreE9kuI8OQO3UiINRZf51NBHoluweOCjCId6D4anwsCgVD/yyEAo
RVZqQq5ZgRpKzmznJeDPta7FlkOLIQ43UvPJsOmw+UUma+Y6vqrATbamYEK+/YBc
JQmB48dlruZ7WsJ+uXdFVegbmgm/mCZ8In5qcjukgtQWD3feWgJY0T/7n4zLX/xR
PqRjTcOJ13+iMpiID8O3eFqHYFVkCrTINBUQMJFewvUfkiVqnIZ1qvl9aQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDY384XUvKfCtEHRmSqFIuC/QaQrMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvTmpmemhkUzhwOEswUWRHWktvVWk0TDlCcENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEANcX5RXEdfMerWrhazbJu2Rm+BQe6rf2n4Bqat1XW
3AckuAlLWdQ626v4/HsavyOP1Wxy91t1UWEWQ8CFvPAAGgeX7/qGvw9pNXEHKf4s
yF5z2E1lDQMNIfQ7mctNcpsLqJwykZ3WdTWVlZ7n8s7cTnpWjXXWGyvmb1eate2L
s8sVS2BGL0ZSourif0FS1yBygAWrL+rlerfu/uTUdI2HJgK1RyFdEC/Zr+k239xT
AvFVNxOiuD3n4Qpcxpiuuuz5fnftSKCBJ4/vb/EINIT6d8Jxy9kdhqDBHvJkgVaT
3Ml+FCDusXKJtD8PhNbvtQgawmYTq7zhbglf49JSuoJthQ==
-----END CERTIFICATE-----