Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/O8L-Kx3mmk_QUxRiLlOic1VYb9M.roa
File:                     O8L-Kx3mmk_QUxRiLlOic1VYb9M.roa (raw, json)
Hash identifier:          bxyfm8upoZWi6yeEQAXg8mXkPdMqgc+shx5y1djuZ9k=
Subject key identifier:   3B:C2:FE:2B:1D:E6:9A:4F:D0:53:14:62:2E:53:A2:73:55:58:6F:D3
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F625B26F6C6C2208EB8BBF65B2A5FC9
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/O8L-Kx3mmk_QUxRiLlOic1VYb9M.roa
Signing time:             Tue 25 Jun 2024 12:32:44 +0000
ROA not before:           Tue 25 Jun 2024 12:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396586
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:5b:26:f6:c6:c2:20:8e:b8:bb:f6:5b:2a:5f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bc2fe2b1de69a4fd05314622e53a27355586fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:db:6b:fd:97:ac:9e:f0:95:cf:47:bf:c5:e8:
                    eb:28:7f:58:43:70:53:80:96:2d:7a:74:8d:b1:45:
                    ad:0a:97:70:56:18:a0:48:1f:0d:e5:ba:1f:43:36:
                    a6:ab:9c:3b:5a:90:47:8f:2a:40:7b:a2:5b:60:84:
                    cb:f4:5f:13:f5:c6:18:5d:6f:7c:22:ed:04:b6:22:
                    95:8b:6e:7c:3c:30:61:68:36:6a:0f:93:a1:92:bc:
                    71:7c:8b:b0:f0:dc:ab:07:7d:84:1a:a9:2b:c8:df:
                    88:14:bb:05:10:69:bf:c6:54:06:76:a3:7c:c3:f7:
                    82:30:12:a9:cc:39:cc:e7:a0:f9:52:f1:82:83:b9:
                    dd:08:cb:05:2b:8e:65:12:5c:c9:a7:86:e2:0a:8e:
                    eb:aa:e6:fa:57:00:62:0d:1c:f6:d2:09:bc:9c:be:
                    1b:e1:b8:53:6a:5f:27:45:6b:7f:a0:23:1b:14:7e:
                    22:fb:e7:7b:01:79:73:07:b1:34:d4:64:ef:dd:90:
                    b0:2c:7a:89:51:79:e4:d7:a1:16:b7:ed:be:83:2a:
                    82:9f:82:25:26:79:08:d2:a5:cf:71:43:8e:c8:eb:
                    6e:19:58:6b:2f:62:90:a7:07:5c:89:78:a4:8e:7a:
                    ab:71:b9:0c:f3:b6:12:28:2e:ce:3b:bb:65:3d:10:
                    91:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C2:FE:2B:1D:E6:9A:4F:D0:53:14:62:2E:53:A2:73:55:58:6F:D3
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/O8L-Kx3mmk_QUxRiLlOic1VYb9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         41:56:64:42:61:14:29:c1:29:16:f8:9a:f5:17:f6:a2:b0:5f:
         3d:69:3b:b2:58:8d:4c:9b:c5:7e:cd:0a:5b:31:01:cb:4e:03:
         34:29:85:33:97:09:3c:df:e4:a1:f3:a1:33:0e:d6:38:7f:8b:
         d0:ee:bf:32:5a:3f:96:75:e0:7e:db:fc:c7:ae:ae:e6:3e:2e:
         1a:3f:e6:29:ec:1f:bf:11:8a:78:85:2c:7d:70:0c:31:be:9d:
         80:2a:dd:f9:77:77:9b:1a:ed:45:9e:24:69:3b:84:dd:5c:64:
         81:4c:3a:a5:29:3b:c1:14:6b:65:3b:69:01:67:1c:04:c2:e1:
         14:31:10:fa:07:51:83:91:23:35:2a:5a:ca:b2:7d:ec:8b:d5:
         d1:32:10:a0:df:81:f9:33:99:a7:2e:d6:41:c9:dc:91:33:19:
         b2:42:09:54:6f:5c:03:9f:94:f4:37:ee:86:9b:63:04:00:88:
         a9:ae:9f:21:53:73:7e:43:83:be:93:1f:6d:d3:f6:2c:88:ac:
         68:cb:61:7d:45:7a:9f:d5:0b:ba:5d:5f:39:2c:f4:1f:ad:a8:
         99:8b:fd:b3:ef:2f:77:10:94:2f:c5:62:bf:0a:86:10:00:f4:
         79:a0:ae:91:65:e1:26:5c:34:c7:00:5d:35:46:73:c0:a9:db:
         27:d6:00:84
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYlsm9sbCII64u/ZbKl/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmMyZmUyYjFkZTY5YTRmZDA1MzE0NjIyZTUzYTI3MzU1NTg2ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldtr/ZesnvCVz0e/xejrKH9YQ3BT
gJYtenSNsUWtCpdwVhigSB8N5bofQzamq5w7WpBHjypAe6JbYITL9F8T9cYYXW98
Iu0EtiKVi258PDBhaDZqD5OhkrxxfIuw8NyrB32EGqkryN+IFLsFEGm/xlQGdqN8
w/eCMBKpzDnM56D5UvGCg7ndCMsFK45lElzJp4biCo7rqub6VwBiDRz20gm8nL4b
4bhTal8nRWt/oCMbFH4i++d7AXlzB7E01GTv3ZCwLHqJUXnk16EWt+2+gyqCn4Il
JnkI0qXPcUOOyOtuGVhrL2KQpwdciXikjnqrcbkM87YSKC7OO7tlPRCREwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDvC/isd5ppP0FMUYi5TonNVWG/TMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvTzhMLUt4M21ta19RVXhSaUxsT2ljMVZZYjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAQVZkQmEUKcEpFvia9Rf2orBfPWk7sliNTJvFfs0K
WzEBy04DNCmFM5cJPN/kofOhMw7WOH+L0O6/Mlo/lnXgftv8x66u5j4uGj/mKewf
vxGKeIUsfXAMMb6dgCrd+Xd3mxrtRZ4kaTuE3VxkgUw6pSk7wRRrZTtpAWccBMLh
FDEQ+gdRg5EjNSpayrJ97IvV0TIQoN+B+TOZpy7WQcnckTMZskIJVG9cA5+U9Dfu
hptjBACIqa6fIVNzfkODvpMfbdP2LIisaMthfUV6n9ULul1fOSz0H62omYv9s+8v
dxCUL8VivwqGEAD0eaCukWXhJlw0xwBdNUZzwKnbJ9YAhA==
-----END CERTIFICATE-----