Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iIypORatwvLRTQdlK9TZZ4MBCT8.roa
File:                     iIypORatwvLRTQdlK9TZZ4MBCT8.roa (raw, json)
Hash identifier:          DsVEwQRmiaefO2NOnziT9iJtUdavYWqYyLJgdyCqfH4=
Subject key identifier:   88:8C:A9:39:16:AD:C2:F2:D1:4D:07:65:2B:D4:D9:67:83:01:09:3F
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       01904F62676B7960FA050EAEC3498F1A5531
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iIypORatwvLRTQdlK9TZZ4MBCT8.roa
Signing time:             Tue 25 Jun 2024 12:32:47 +0000
ROA not before:           Tue 25 Jun 2024 12:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396615
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:62:67:6b:79:60:fa:05:0e:ae:c3:49:8f:1a:55:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Jun 25 12:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=888ca93916adc2f2d14d07652bd4d9678301093f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bf:03:9e:99:92:c4:2c:8a:64:ae:0d:54:1a:
                    9e:86:d1:68:bd:62:5e:38:a3:54:cc:77:7a:da:9e:
                    13:a0:7a:03:db:ed:cf:82:66:67:03:90:30:3f:bf:
                    e6:ff:d2:6a:02:b9:4f:2a:56:36:95:43:84:a2:26:
                    8f:50:39:07:80:73:57:5e:d9:fc:30:ef:6f:aa:ac:
                    a8:23:c4:f6:5d:36:df:f2:d6:77:97:ee:28:26:4b:
                    e8:48:5a:7b:71:20:98:ed:63:57:d6:10:d1:df:cb:
                    ba:1f:ec:43:54:78:cb:e6:76:ca:a1:f5:8f:5e:48:
                    f1:d2:4d:d8:61:ef:55:a9:4c:83:73:96:a9:21:ed:
                    3e:db:87:71:83:e5:ea:b0:32:6d:ba:5f:74:e4:0a:
                    41:34:e7:2a:0e:d7:21:b2:03:f4:3c:ec:0a:64:cd:
                    49:fe:75:9f:00:84:14:15:a8:09:d8:e3:5b:64:18:
                    d8:a2:35:e7:7f:57:aa:c9:74:2f:68:35:cd:b3:2b:
                    cd:47:fa:b6:81:44:e6:cf:e7:de:c3:fe:9b:bc:c0:
                    84:84:b1:11:83:13:26:69:68:6d:dc:ad:38:0c:da:
                    d6:ef:32:c2:c4:b7:b3:ad:db:88:bd:40:0c:b3:84:
                    d8:98:b9:37:94:c0:9e:37:be:11:63:0d:b2:32:04:
                    d4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:8C:A9:39:16:AD:C2:F2:D1:4D:07:65:2B:D4:D9:67:83:01:09:3F
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iIypORatwvLRTQdlK9TZZ4MBCT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31

    Signature Algorithm: sha256WithRSAEncryption
         51:27:f6:4d:67:dc:47:ad:26:7e:3e:9f:a6:c4:fc:80:25:17:
         aa:16:af:8f:95:db:bc:03:5c:c1:7c:72:75:c7:34:ca:8d:26:
         9b:4a:1c:2b:e8:05:a5:1a:53:a9:01:00:cf:26:2b:30:2f:42:
         02:77:9e:6f:d6:25:07:da:0c:28:c4:77:e4:72:1f:40:07:1e:
         e8:ae:ea:10:3e:d1:c4:83:f1:61:bd:fb:82:9a:d6:0c:fb:8c:
         eb:b8:52:1f:78:3d:88:e0:ec:28:c9:df:a1:1d:75:cb:7a:f8:
         f2:60:fe:c0:72:7e:57:1f:d8:23:63:2a:d5:ee:34:99:59:f7:
         60:99:89:b7:6f:20:21:a5:57:e9:c8:d4:a1:93:0b:df:85:e4:
         19:48:d0:1f:ef:5f:5c:70:f3:5a:55:d9:26:f4:7c:80:0c:7e:
         65:25:04:51:d7:62:44:92:63:94:b9:65:2c:27:ad:70:ae:06:
         61:0f:1c:e2:a8:54:6e:33:48:33:ef:0c:d4:73:92:35:01:ad:
         53:d9:18:a4:c2:43:70:b5:90:96:cd:f1:98:39:43:5d:d6:c9:
         23:a2:25:a4:44:06:17:49:10:10:bd:01:4c:c8:6d:9f:46:b6:
         58:7a:b3:c3:a0:ef:cc:0b:e9:7a:2c:c0:a0:86:d0:75:38:51:
         5f:3c:de:e3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBPYmdreWD6BQ6uw0mPGlUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwNjI1MTIzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODhjYTkzOTE2YWRjMmYyZDE0ZDA3NjUyYmQ0ZDk2NzgzMDEwOTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzL8DnpmSxCyKZK4NVBqehtFovWJe
OKNUzHd62p4ToHoD2+3PgmZnA5AwP7/m/9JqArlPKlY2lUOEoiaPUDkHgHNXXtn8
MO9vqqyoI8T2XTbf8tZ3l+4oJkvoSFp7cSCY7WNX1hDR38u6H+xDVHjL5nbKofWP
Xkjx0k3YYe9VqUyDc5apIe0+24dxg+XqsDJtul905ApBNOcqDtchsgP0POwKZM1J
/nWfAIQUFagJ2ONbZBjYojXnf1eqyXQvaDXNsyvNR/q2gUTmz+few/6bvMCEhLER
gxMmaWht3K04DNrW7zLCxLezrduIvUAMs4TYmLk3lMCeN74RYw2yMgTUlwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIiMqTkWrcLy0U0HZSvU2WeDAQk/MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvaUl5cE9SYXR3dkxSVFFkbEs5VFpaNE1CQ1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUBURPDHjAN
BgkqhkiG9w0BAQsFAAOCAQEAUSf2TWfcR60mfj6fpsT8gCUXqhavj5XbvANcwXxy
dcc0yo0mm0ocK+gFpRpTqQEAzyYrMC9CAneeb9YlB9oMKMR35HIfQAce6K7qED7R
xIPxYb37gprWDPuM67hSH3g9iODsKMnfoR11y3r48mD+wHJ+Vx/YI2Mq1e40mVn3
YJmJt28gIaVX6cjUoZML34XkGUjQH+9fXHDzWlXZJvR8gAx+ZSUEUddiRJJjlLll
LCetcK4GYQ8c4qhUbjNIM+8M1HOSNQGtU9kYpMJDcLWQls3xmDlDXdbJI6IlpEQG
F0kQEL0BTMhtn0a2WHqzw6DvzAvpeizAoIbQdThRXzze4w==
-----END CERTIFICATE-----