Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Z5T6q-B7jEt8uJd8RCxPI7yRjSI.roa
File:                     Z5T6q-B7jEt8uJd8RCxPI7yRjSI.roa (raw, json)
Hash identifier:          0ZnjEjLT4Nu0jMw+mj9+/Hc6D4cxJke+Mw9nGw73ZBM=
Subject key identifier:   67:94:FA:AB:E0:7B:8C:4B:7C:B8:97:7C:44:2C:4F:23:BC:91:8D:22
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F62376698D2EC63E3D6338E4BFA5C73
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Z5T6q-B7jEt8uJd8RCxPI7yRjSI.roa
Signing time:             Tue 25 Jun 2024 12:32:35 +0000
ROA not before:           Tue 25 Jun 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22547
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:37:66:98:d2:ec:63:e3:d6:33:8e:4b:fa:5c:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6794faabe07b8c4b7cb8977c442c4f23bc918d22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2b:4f:88:5b:31:91:35:3b:dd:bb:b1:5e:83:
                    d5:c9:a5:84:f1:9b:8b:f8:7c:0b:d1:c9:76:7d:a6:
                    69:24:d6:4d:f1:e6:79:0c:b8:54:5b:b2:be:e5:b9:
                    8f:fe:bd:37:9b:9d:81:0a:7b:1d:05:13:23:31:4a:
                    91:12:22:a7:78:fe:f0:c9:70:5c:6c:0a:64:4f:31:
                    61:44:c7:6b:f4:8a:5d:0a:35:12:7c:21:09:e4:e7:
                    ea:98:ea:59:fc:fd:a7:8b:9e:1e:c3:94:e7:62:5f:
                    2c:25:60:1f:fe:f0:c8:56:67:24:3b:c3:1c:62:b1:
                    91:4e:83:5a:3b:b5:91:03:07:d6:02:92:3e:3f:a9:
                    57:d6:71:ab:f8:9a:90:94:b8:05:77:ea:ef:85:a2:
                    e0:80:24:39:1f:3f:20:40:51:42:6a:22:26:24:eb:
                    98:3a:a6:6e:05:c6:e6:ec:f9:4a:56:95:5a:a9:86:
                    26:d4:96:c6:6b:81:99:a0:6a:c3:6f:91:8b:02:70:
                    9b:cb:9b:ca:34:93:d6:e3:3d:c1:47:82:53:e7:3f:
                    bb:ee:c7:89:c4:40:7e:8c:d9:d4:71:0f:15:54:57:
                    39:ee:45:ba:bc:78:ed:89:f8:9c:54:e4:40:7c:73:
                    a1:09:d6:a9:2e:39:d6:54:28:03:a6:38:6a:77:7b:
                    a3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:94:FA:AB:E0:7B:8C:4B:7C:B8:97:7C:44:2C:4F:23:BC:91:8D:22
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Z5T6q-B7jEt8uJd8RCxPI7yRjSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         93:6a:d7:ee:73:b4:4f:21:8b:b4:c3:22:1a:54:c9:9b:e7:e3:
         60:c3:de:54:bf:17:75:bc:38:34:3e:76:58:98:18:04:de:11:
         4d:49:92:31:92:fc:d7:19:78:7c:d9:17:0a:57:00:c8:5e:1a:
         d9:50:98:9b:8c:89:17:da:2d:65:be:08:e4:84:50:da:1a:f0:
         c0:3c:5b:ea:7f:3c:cd:1a:aa:fe:da:4e:94:dc:3d:3f:a2:b4:
         84:bb:45:e9:29:13:f5:50:b9:e9:c1:e3:64:4d:8a:7f:4a:fa:
         2a:0c:57:05:33:33:1e:20:ad:d9:24:79:fb:c6:cc:56:f8:03:
         1e:db:63:8d:b3:7b:99:76:e2:94:4c:4b:9d:79:0b:ba:b1:6e:
         25:3e:79:08:df:8f:10:e4:bf:d7:bd:a9:1e:e0:87:59:d7:58:
         33:d2:4f:b8:ac:e4:68:e7:af:07:9f:71:4c:4e:40:dc:46:a6:
         a2:f0:69:4c:2d:0a:89:a2:e0:57:1c:e3:b0:52:88:d8:86:b6:
         fc:f3:7f:16:36:28:70:cf:9c:64:4e:36:d5:a5:89:a6:5f:d2:
         39:23:d2:ee:2a:fe:0d:00:60:03:7a:9c:f7:ba:3a:ce:3b:05:
         95:6b:87:8e:af:60:5a:ba:eb:86:d2:81:15:8c:1b:ac:7d:3a:
         02:d1:08:6c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYjdmmNLsY+PWM45L+lxzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzk0ZmFhYmUwN2I4YzRiN2NiODk3N2M0NDJjNGYyM2JjOTE4ZDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ytPiFsxkTU73buxXoPVyaWE8ZuL
+HwL0cl2faZpJNZN8eZ5DLhUW7K+5bmP/r03m52BCnsdBRMjMUqREiKneP7wyXBc
bApkTzFhRMdr9IpdCjUSfCEJ5OfqmOpZ/P2ni54ew5TnYl8sJWAf/vDIVmckO8Mc
YrGRToNaO7WRAwfWApI+P6lX1nGr+JqQlLgFd+rvhaLggCQ5Hz8gQFFCaiImJOuY
OqZuBcbm7PlKVpVaqYYm1JbGa4GZoGrDb5GLAnCby5vKNJPW4z3BR4JT5z+77seJ
xEB+jNnUcQ8VVFc57kW6vHjtificVORAfHOhCdapLjnWVCgDpjhqd3ujzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGeU+qvge4xLfLiXfEQsTyO8kY0iMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWjVUNnEtQjdqRXQ4dUpkOFJDeFBJN3lSalNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAk2rX7nO0TyGLtMMiGlTJm+fjYMPeVL8Xdbw4ND52
WJgYBN4RTUmSMZL81xl4fNkXClcAyF4a2VCYm4yJF9otZb4I5IRQ2hrwwDxb6n88
zRqq/tpOlNw9P6K0hLtF6SkT9VC56cHjZE2Kf0r6KgxXBTMzHiCt2SR5+8bMVvgD
HttjjbN7mXbilExLnXkLurFuJT55CN+PEOS/172pHuCHWddYM9JPuKzkaOevB59x
TE5A3EamovBpTC0KiaLgVxzjsFKI2Ia2/PN/FjYocM+cZE421aWJpl/SOSPS7ir+
DQBgA3qc97o6zjsFlWuHjq9gWrrrhtKBFYwbrH06AtEIbA==
-----END CERTIFICATE-----