Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-xWpzpfUJq8crdI4PW3QqAaYSOY.roa
File:                     1-xWpzpfUJq8crdI4PW3QqAaYSOY.roa (raw, json)
Hash identifier:          bhCRfnLklZa83eh2mooVyClkB2g9PQBd5BQPJtQVj/E=
Subject key identifier:   FB:15:A9:CE:97:D4:26:AF:1C:AD:D2:38:3D:6D:D0:A8:06:98:48:E6
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D918A5DEC37583D2DAB2D7E64BB6
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-xWpzpfUJq8crdI4PW3QqAaYSOY.roa
Signing time:             Thu 26 Mar 2026 14:18:31 +0000
ROA not before:           Thu 26 Mar 2026 14:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397194
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d9:18:a5:de:c3:75:83:d2:da:b2:d7:e6:4b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb15a9ce97d426af1cadd2383d6dd0a8069848e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2d:5a:da:62:cf:ea:f9:fb:33:91:9c:d7:2d:
                    44:6e:9c:f2:65:ca:f6:cc:9b:24:53:28:26:b4:59:
                    d9:77:92:18:4d:e9:79:32:a8:56:7e:c3:1c:3c:ed:
                    c4:70:6e:3f:ae:19:ea:d3:fb:07:8c:08:e9:4e:65:
                    1e:7e:19:0b:fc:7b:53:e1:8b:59:dd:b7:a6:99:2c:
                    54:e6:f6:d5:a7:9d:bb:5c:eb:21:09:b2:83:8f:c2:
                    7c:ff:54:73:a6:a0:a0:00:74:cc:f0:0b:36:88:9c:
                    e6:51:7a:9d:c9:45:a6:89:bf:3b:a0:68:a3:b2:ba:
                    f8:0e:85:8d:b6:11:90:3e:39:29:e4:07:b2:1e:ed:
                    98:00:db:ae:4a:81:cf:e8:63:be:fc:17:a7:a4:48:
                    02:77:b7:75:f3:cf:96:2f:6f:a8:bc:3e:2d:6b:d2:
                    b5:14:dc:d0:27:a6:fd:87:46:5e:a3:35:51:58:5d:
                    6f:74:4d:eb:f1:e2:f1:63:2f:03:4c:ca:d0:e8:ad:
                    29:64:f5:1c:de:c6:a8:e5:2b:35:d0:c8:fe:70:19:
                    a0:7e:37:72:08:60:9c:96:cf:6a:bd:cf:d9:30:75:
                    6b:f8:5a:f9:98:e8:4b:64:0c:3d:a2:7d:79:f5:dd:
                    c9:51:c6:00:ae:d6:ae:c9:24:9a:67:d1:d3:c0:1c:
                    66:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:15:A9:CE:97:D4:26:AF:1C:AD:D2:38:3D:6D:D0:A8:06:98:48:E6
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/1-xWpzpfUJq8crdI4PW3QqAaYSOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e8:96:a2:6a:08:ff:6e:4b:9b:36:c4:f1:73:ec:94:12:ea:
         e7:0a:2b:0a:fd:af:40:bd:f4:67:3a:f6:29:ee:9c:c9:71:ac:
         b0:23:bd:4b:b2:51:10:16:14:44:71:d8:95:64:d1:45:6e:05:
         ee:89:f5:2a:96:52:0d:e4:1f:67:55:7d:59:66:8a:ed:56:30:
         8c:ab:ec:81:05:a5:92:92:19:f6:19:27:43:61:2e:83:e3:0e:
         85:5d:5e:1e:f8:ec:85:bf:95:8d:10:e9:97:8f:55:d6:0b:c2:
         fe:3d:c9:ca:3e:38:b1:c5:03:a9:29:eb:68:96:f8:99:ea:57:
         44:d7:d2:cf:d5:6e:94:c7:0f:60:64:b0:bb:cf:f3:78:80:d1:
         dd:3e:66:97:aa:1a:24:ca:e8:e3:17:18:4e:fe:c0:9b:37:58:
         21:4a:30:4e:66:ef:43:9a:f4:db:2f:95:6f:69:aa:9c:b2:30:
         3c:23:b4:27:99:b3:d6:87:0f:68:2b:90:0f:05:07:b7:83:8b:
         3d:d4:55:0f:6d:ec:be:18:1c:69:b0:97:3a:9d:91:d4:35:8d:
         86:6b:63:32:3f:fa:9a:35:96:bd:b6:9f:da:c8:0e:fc:8f:62:
         53:7b:00:e5:2f:58:d6:f0:59:c2:0a:a0:62:24:3f:33:ae:7d:
         c1:f6:d3:8c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0qgtkYpd7DdYPS2rLX5ku2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjE1YTljZTk3ZDQyNmFmMWNhZGQyMzgzZDZkZDBhODA2OTg0OGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzS1a2mLP6vn7M5Gc1y1EbpzyZcr2
zJskUygmtFnZd5IYTel5MqhWfsMcPO3EcG4/rhnq0/sHjAjpTmUefhkL/HtT4YtZ
3bemmSxU5vbVp527XOshCbKDj8J8/1RzpqCgAHTM8As2iJzmUXqdyUWmib87oGij
srr4DoWNthGQPjkp5AeyHu2YANuuSoHP6GO+/BenpEgCd7d188+WL2+ovD4ta9K1
FNzQJ6b9h0ZeozVRWF1vdE3r8eLxYy8DTMrQ6K0pZPUc3sao5Ss10Mj+cBmgfjdy
CGCcls9qvc/ZMHVr+Fr5mOhLZAw9on159d3JUcYArtauySSaZ9HTwBxmMwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPsVqc6X1CavHK3SOD1t0KgGmEjmMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMS14V3B6cGZVSnE4Y3JkSTRQVzNRcUFhWVNPWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmEvYmM5MmU2LWM4ZWUtNDhmMC1hZTdmLTM2Y2NiNWEwNjE5
NS8xL3REZ0xtNHdIQkZmdFZMeEYwUzNkMGtUZ2JWSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAmBggrBgEFBQcBBwEB/wQXMBUwEwQCAAEwDQMFAVETwx4D
BAC5ZAAwDQYJKoZIhvcNAQELBQADggEBAATolqJqCP9uS5s2xPFz7JQS6ucKKwr9
r0C99Gc69inunMlxrLAjvUuyURAWFERx2JVk0UVuBe6J9SqWUg3kH2dVfVlmiu1W
MIyr7IEFpZKSGfYZJ0NhLoPjDoVdXh747IW/lY0Q6ZePVdYLwv49yco+OLHFA6kp
62iW+JnqV0TX0s/VbpTHD2BksLvP83iA0d0+ZpeqGiTK6OMXGE7+wJs3WCFKME5m
70Oa9NsvlW9pqpyyMDwjtCeZs9aHD2grkA8FB7eDiz3UVQ9t7L4YHGmwlzqdkdQ1
jYZrYzI/+po1lr22n9rIDvyPYlN7AOUvWNbwWcIKoGIkPzOufcH204w=
-----END CERTIFICATE-----