Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/0JOMNLa-HNueXYX8xXIEXAQGMvc.roa
File:                     0JOMNLa-HNueXYX8xXIEXAQGMvc.roa (raw, json)
Hash identifier:          W0NaLZSsYhnxP6nRRfkozLYXaDKlNzo4uvMB5FeU/oo=
Subject key identifier:   D0:93:8C:34:B6:BE:1C:DB:9E:5D:85:FC:C5:72:04:5C:04:06:32:F7
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82BE5E8D63A483A0B36CE82A865670
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/0JOMNLa-HNueXYX8xXIEXAQGMvc.roa
Signing time:             Thu 26 Mar 2026 14:18:24 +0000
ROA not before:           Thu 26 Mar 2026 14:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396561
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:be:5e:8d:63:a4:83:a0:b3:6c:e8:2a:86:56:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0938c34b6be1cdb9e5d85fcc572045c040632f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6e:52:db:1e:2f:86:ed:cd:3b:6c:84:a7:29:
                    c1:07:28:3d:d1:25:cc:82:cb:5a:64:24:03:ac:cb:
                    c9:20:17:84:69:2c:9e:eb:9f:f2:dd:8e:80:9e:56:
                    d2:54:14:09:f3:7b:39:8e:e7:5a:cb:9f:86:c1:70:
                    b6:14:19:21:e1:6b:82:d4:f3:75:9b:0d:fd:c4:d6:
                    90:a4:6d:24:2a:c6:6e:d3:7f:fd:5d:ec:16:78:51:
                    18:a5:57:42:33:dc:dc:2a:0f:b9:39:63:ec:0f:4c:
                    3f:d0:f4:e5:59:bf:cb:12:61:c1:6d:7f:d2:61:40:
                    24:03:75:1a:e4:56:67:61:46:2e:51:66:b9:83:65:
                    ab:eb:ee:55:fd:5c:f4:15:35:85:3c:30:e2:75:97:
                    32:9c:e1:71:a8:f0:88:22:b7:5e:35:07:e2:75:2a:
                    05:a5:a3:6f:a0:13:c6:e6:5a:d2:f0:23:1d:7e:d3:
                    62:bb:1a:e5:1e:f1:3d:b3:86:ab:cd:90:0b:74:0a:
                    fd:f3:45:85:6b:91:bd:a4:f9:c4:20:af:27:37:8e:
                    a2:f3:07:b9:9a:c2:f5:95:ed:9f:a2:14:71:cc:41:
                    33:83:9c:37:bf:91:40:3f:4f:8f:83:64:6d:a2:fe:
                    cf:8c:06:b6:2f:de:14:21:30:61:28:79:65:1b:66:
                    cd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:93:8C:34:B6:BE:1C:DB:9E:5D:85:FC:C5:72:04:5C:04:06:32:F7
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/0JOMNLa-HNueXYX8xXIEXAQGMvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:d5:94:94:6b:5e:5d:94:6d:e8:25:33:d1:5c:8b:57:e8:cd:
         7c:a3:96:c1:07:7a:8e:e1:6d:cc:27:66:bd:e7:36:6c:9e:ac:
         ca:f6:23:11:2c:bb:e2:9f:90:d8:4d:78:f6:99:27:60:52:64:
         ba:2f:5a:5f:30:ce:15:47:20:a1:f5:e6:db:00:be:57:46:55:
         98:9c:f4:68:03:86:68:01:28:85:f7:49:60:51:b2:2a:50:23:
         60:b8:3e:2d:d9:0b:cb:be:7b:78:7e:c4:84:fe:ca:b9:80:65:
         7f:48:7b:e9:0f:d6:d7:5d:d1:5d:d2:ed:18:9c:50:6a:44:52:
         83:0f:c7:77:7c:bf:bf:2b:2f:d9:cf:53:33:9c:40:92:9c:08:
         d5:c1:d5:3c:1a:87:87:9b:9d:2d:22:fb:57:fd:39:bf:b5:56:
         94:25:fd:71:44:f6:a7:25:ad:8f:13:17:a2:db:fb:54:71:a6:
         70:99:89:ef:64:a0:a2:e0:43:1f:7f:33:75:b1:9e:55:32:a0:
         5a:b5:b8:54:1a:74:b7:02:18:a1:34:c7:6e:5b:5e:05:71:00:
         5e:86:8f:c8:13:b3:b0:47:bd:8f:80:ea:86:d3:97:38:58:87:
         56:d7:45:6c:ce:d8:31:d9:10:2a:26:59:db:ed:59:da:ad:c1:
         04:14:23:a9
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgr5ejWOkg6CzbOgqhlZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDkzOGMzNGI2YmUxY2RiOWU1ZDg1ZmNjNTcyMDQ1YzA0MDYzMmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG5S2x4vhu3NO2yEpynBByg90SXM
gstaZCQDrMvJIBeEaSye65/y3Y6AnlbSVBQJ83s5juday5+GwXC2FBkh4WuC1PN1
mw39xNaQpG0kKsZu03/9XewWeFEYpVdCM9zcKg+5OWPsD0w/0PTlWb/LEmHBbX/S
YUAkA3Ua5FZnYUYuUWa5g2Wr6+5V/Vz0FTWFPDDidZcynOFxqPCIIrdeNQfidSoF
paNvoBPG5lrS8CMdftNiuxrlHvE9s4arzZALdAr980WFa5G9pPnEIK8nN46i8we5
msL1le2fohRxzEEzg5w3v5FAP0+Pg2Rtov7PjAa2L94UITBhKHllG2bN4wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFNCTjDS2vhzbnl2F/MVyBFwEBjL3MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMEpPTU5MYS1ITnVlWFlYOHhYSUVYQVFHTXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEADtWUlGteXZRt6CUz0VyLV+jNfKOWwQd6
juFtzCdmvec2bJ6syvYjESy74p+Q2E149pknYFJkui9aXzDOFUcgofXm2wC+V0ZV
mJz0aAOGaAEohfdJYFGyKlAjYLg+LdkLy757eH7EhP7KuYBlf0h76Q/W113RXdLt
GJxQakRSgw/Hd3y/vysv2c9TM5xAkpwI1cHVPBqHh5udLSL7V/05v7VWlCX9cUT2
pyWtjxMXotv7VHGmcJmJ72SgouBDH38zdbGeVTKgWrW4VBp0twIYoTTHblteBXEA
XoaPyBOzsEe9j4DqhtOXOFiHVtdFbM7YMdkQKiZZ2+1Z2q3BBBQjqQ==
-----END CERTIFICATE-----