Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-bg8DxYXXS1lZAeQj3c4i1PG0hg.roa
File:                     1-bg8DxYXXS1lZAeQj3c4i1PG0hg.roa (raw, json)
Hash identifier:          zsqYfamidPmLnz4GwBlORvFmZKYFFlk+vJfalxMAdWA=
Subject key identifier:   F9:B8:3C:0F:16:17:5D:2D:65:64:07:90:8F:77:38:8B:53:C6:D2:18
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82A8829A69EBBCDE12C94EB8313564
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-bg8DxYXXS1lZAeQj3c4i1PG0hg.roa
Signing time:             Thu 26 Mar 2026 14:18:19 +0000
ROA not before:           Thu 26 Mar 2026 14:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20172
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:a8:82:9a:69:eb:bc:de:12:c9:4e:b8:31:35:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9b83c0f16175d2d656407908f77388b53c6d218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:79:8f:f9:cb:91:ae:67:9a:af:d3:57:97:fc:
                    55:9f:3f:47:74:99:53:45:11:5d:e4:cf:90:d6:ef:
                    92:07:d9:c2:70:bf:b3:26:47:16:67:c3:7b:b1:05:
                    1e:12:15:1c:ca:21:c2:62:d8:4a:67:69:7d:c7:f2:
                    84:10:e9:20:f1:2e:ca:1b:d0:c9:67:f3:d1:20:fe:
                    58:7f:12:5e:9c:76:26:c1:eb:4f:14:ae:21:2b:ea:
                    77:8d:5b:f1:be:da:5c:d5:67:3b:26:6f:9f:c1:0d:
                    3a:dd:03:55:ec:4f:a3:13:b2:a4:ca:0a:be:28:0d:
                    67:38:c2:70:59:3a:2c:f9:16:9a:5a:6c:bc:55:05:
                    ee:ff:be:93:ea:ba:4a:9c:00:0a:c3:c0:b2:31:13:
                    f7:55:f1:f8:8c:4e:19:af:0d:0a:de:b7:7d:1e:8d:
                    a3:78:91:38:47:56:11:11:ae:76:be:00:4a:7a:27:
                    a5:47:6f:fe:7f:e4:02:13:94:56:61:a3:f6:ea:82:
                    66:5c:93:0f:c7:bd:80:0b:b4:90:94:bc:7a:97:7a:
                    fd:bb:c6:0c:0e:c0:d2:56:41:4e:ea:a6:93:cf:c0:
                    a9:e2:34:e4:3b:28:36:ed:1d:50:e7:b0:f4:83:d7:
                    3c:2c:02:8a:97:33:4a:b7:da:ae:bc:35:03:f1:b1:
                    d8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:B8:3C:0F:16:17:5D:2D:65:64:07:90:8F:77:38:8B:53:C6:D2:18
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-bg8DxYXXS1lZAeQj3c4i1PG0hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:f2:d5:33:fe:1c:1a:20:bb:d9:36:50:1b:b8:d8:ff:85:a6:
         cc:26:90:f3:2c:19:0c:16:6d:dd:b7:2e:a2:e9:a8:89:6d:ff:
         fa:68:de:68:dd:67:3f:8a:78:ca:1d:85:cf:b0:7a:1c:17:f9:
         74:61:bc:ad:c9:47:c9:42:45:96:fb:54:96:2a:53:87:85:33:
         67:ce:9b:69:66:f0:66:6f:65:74:83:6e:b9:35:d0:14:7c:7d:
         f8:ab:a6:92:de:35:8c:b5:6b:c7:31:dd:8c:62:c8:61:15:57:
         aa:52:02:66:c3:8c:e3:7a:09:ee:81:24:db:a4:1e:c4:c9:33:
         4a:b1:b8:98:d2:fb:6f:4f:d8:b1:bc:98:8e:dd:09:99:c7:2f:
         68:7e:98:2c:7e:26:cf:0c:55:56:6b:d2:98:23:96:2e:c0:ee:
         ef:1d:d2:8d:80:fe:7f:96:ac:de:ef:84:36:d2:e0:9a:ce:49:
         16:3d:70:9a:cd:4b:43:e5:ec:c7:d3:ae:a2:fe:0f:8f:89:5e:
         39:2b:2f:0f:bb:fd:33:d0:90:34:fc:32:d7:22:5a:e1:f1:cd:
         a9:58:fb:ac:f7:03:4f:00:3d:10:df:6e:1d:04:72:ac:cd:45:
         d2:dd:61:c0:6e:7e:03:39:be:74:ce:07:f2:01:49:3c:5e:2e:
         59:87:c5:d8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0qgqiCmmnrvN4SyU64MTVkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWI4M2MwZjE2MTc1ZDJkNjU2NDA3OTA4Zjc3Mzg4YjUzYzZkMjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXmP+cuRrmear9NXl/xVnz9HdJlT
RRFd5M+Q1u+SB9nCcL+zJkcWZ8N7sQUeEhUcyiHCYthKZ2l9x/KEEOkg8S7KG9DJ
Z/PRIP5YfxJenHYmwetPFK4hK+p3jVvxvtpc1Wc7Jm+fwQ063QNV7E+jE7Kkygq+
KA1nOMJwWTos+RaaWmy8VQXu/76T6rpKnAAKw8CyMRP3VfH4jE4Zrw0K3rd9Ho2j
eJE4R1YREa52vgBKeielR2/+f+QCE5RWYaP26oJmXJMPx72AC7SQlLx6l3r9u8YM
DsDSVkFO6qaTz8Cp4jTkOyg27R1Q57D0g9c8LAKKlzNKt9quvDUD8bHYTwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPm4PA8WF10tZWQHkI93OItTxtIYMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMS1iZzhEeFlYWFMxbFpBZVFqM2M0aTFQRzBoZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmEvYmM5MmU2LWM4ZWUtNDhmMC1hZTdmLTM2Y2NiNWEwNjE5
NS8xL3REZ0xtNHdIQkZmdFZMeEYwUzNkMGtUZ2JWSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAmBggrBgEFBQcBBwEB/wQXMBUwEwQCAAEwDQMFAVETwx4D
BAC5ZAAwDQYJKoZIhvcNAQELBQADggEBAFHy1TP+HBogu9k2UBu42P+FpswmkPMs
GQwWbd23LqLpqIlt//po3mjdZz+KeModhc+wehwX+XRhvK3JR8lCRZb7VJYqU4eF
M2fOm2lm8GZvZXSDbrk10BR8ffirppLeNYy1a8cx3YxiyGEVV6pSAmbDjON6Ce6B
JNukHsTJM0qxuJjS+29P2LG8mI7dCZnHL2h+mCx+Js8MVVZr0pgjli7A7u8d0o2A
/n+WrN7vhDbS4JrOSRY9cJrNS0Pl7MfTrqL+D4+JXjkrLw+7/TPQkDT8MtciWuHx
zalY+6z3A08APRDfbh0EcqzNRdLdYcBufgM5vnTOB/IBSTxeLlmHxdg=
-----END CERTIFICATE-----