Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/2GVCst1v0ClvXWia1lLj7InaPRk.roa
File:                     2GVCst1v0ClvXWia1lLj7InaPRk.roa (raw, json)
Hash identifier:          33/8yK1Lpy9mi7qsJ57aT7WtbNklHdRf3fBWeE8+65o=
Subject key identifier:   D8:65:42:B2:DD:6F:D0:29:6F:5D:68:9A:D6:52:E3:EC:89:DA:3D:19
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82CB13135525C30490937A6BB29523
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/2GVCst1v0ClvXWia1lLj7InaPRk.roa
Signing time:             Thu 26 Mar 2026 14:18:27 +0000
ROA not before:           Thu 26 Mar 2026 14:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396588
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:cb:13:13:55:25:c3:04:90:93:7a:6b:b2:95:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d86542b2dd6fd0296f5d689ad652e3ec89da3d19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:37:79:9b:bb:57:7f:cb:d7:b9:90:ea:20:59:
                    4f:4e:e7:54:7f:75:de:8b:34:56:84:e2:88:fa:c3:
                    a8:b4:a7:b7:2f:6e:19:b2:f7:81:84:d0:8d:04:e6:
                    f1:49:72:da:d1:4d:66:03:f9:01:8b:51:7e:6b:2c:
                    af:b5:bb:7d:f1:da:0f:ae:30:83:3f:cf:bb:ee:01:
                    38:36:a9:92:ef:5d:25:7a:3f:51:e9:d2:41:f1:8d:
                    f7:fa:1c:a0:67:cc:75:0a:37:d4:c8:ae:48:9b:54:
                    da:04:23:8f:35:ff:6c:17:c5:be:00:16:2f:9a:eb:
                    b9:18:97:a2:f4:09:77:c8:3b:8c:5b:0c:79:fb:ae:
                    75:61:7e:7f:ae:be:05:e3:71:56:73:05:8f:55:9e:
                    3b:6c:aa:26:3c:1c:ac:6d:8b:ad:7a:63:59:71:c7:
                    81:2d:bc:64:ba:6c:3a:e1:c6:89:62:40:c0:6f:15:
                    e4:79:82:39:6e:1c:b2:c3:57:0f:a7:93:8c:e4:b8:
                    89:13:a2:3b:11:75:1c:78:91:82:12:bb:68:30:18:
                    9a:d3:cd:67:f1:d0:4c:9f:1c:af:20:0e:3d:5d:f2:
                    1d:e7:cd:de:c0:96:ed:e4:ac:34:c8:ec:76:c1:83:
                    3d:a0:a0:c2:38:50:21:2e:bd:d7:ae:c0:1b:c3:49:
                    e3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:65:42:B2:DD:6F:D0:29:6F:5D:68:9A:D6:52:E3:EC:89:DA:3D:19
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/2GVCst1v0ClvXWia1lLj7InaPRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:a9:b6:42:4c:25:81:93:0d:75:6c:17:9d:6e:cc:a0:7a:71:
         61:cf:4b:6b:e6:20:f6:d8:85:e6:90:77:ca:a8:3d:9e:ca:cb:
         42:ec:10:16:a0:75:a5:67:9a:b6:82:75:81:75:0b:ef:08:50:
         08:9f:25:84:50:c1:54:1c:82:6d:9b:e8:8f:37:a6:98:35:5c:
         fe:4e:4c:82:3b:1f:2a:d0:77:94:c1:d9:fd:03:e3:a2:4c:9c:
         ef:35:28:31:6a:f0:8e:29:e0:74:89:ea:b9:17:45:65:40:d0:
         fb:59:e0:da:c9:c5:e3:8f:07:9b:ba:49:cb:bf:ca:0f:f0:fc:
         b0:a4:4e:46:24:23:5e:6c:9e:3b:46:a1:fd:7e:3c:bb:df:79:
         dc:0c:68:25:d0:73:54:ef:da:1b:6e:05:ed:08:c3:5f:a4:22:
         22:73:58:49:69:aa:06:57:95:09:04:0a:8e:81:66:57:6c:82:
         6f:b4:b7:58:6b:3f:58:70:69:08:a6:84:11:1c:8b:4c:c7:ea:
         01:6b:1f:3d:a9:db:42:b9:43:d7:20:87:64:32:c8:41:53:49:
         c8:56:b5:1e:91:03:d8:33:2a:18:9d:48:36:1e:bf:a8:85:76:
         e7:fe:ae:3c:77:d1:e6:4d:8d:45:1f:d4:84:00:07:fc:64:59:
         f3:26:e3:3d
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgssTE1UlwwSQk3prspUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY1NDJiMmRkNmZkMDI5NmY1ZDY4OWFkNjUyZTNlYzg5ZGEzZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzd5m7tXf8vXuZDqIFlPTudUf3Xe
izRWhOKI+sOotKe3L24ZsveBhNCNBObxSXLa0U1mA/kBi1F+ayyvtbt98doPrjCD
P8+77gE4NqmS710lej9R6dJB8Y33+hygZ8x1CjfUyK5Im1TaBCOPNf9sF8W+ABYv
muu5GJei9Al3yDuMWwx5+651YX5/rr4F43FWcwWPVZ47bKomPBysbYutemNZcceB
Lbxkumw64caJYkDAbxXkeYI5bhyyw1cPp5OM5LiJE6I7EXUceJGCErtoMBia081n
8dBMnxyvIA49XfId583ewJbt5Kw0yOx2wYM9oKDCOFAhLr3XrsAbw0njxwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFNhlQrLdb9Apb11omtZS4+yJ2j0ZMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMkdWQ3N0MXYwQ2x2WFdpYTFsTGo3SW5hUFJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEARKm2QkwlgZMNdWwXnW7MoHpxYc9La+Yg
9tiF5pB3yqg9nsrLQuwQFqB1pWeatoJ1gXUL7whQCJ8lhFDBVByCbZvojzemmDVc
/k5MgjsfKtB3lMHZ/QPjokyc7zUoMWrwjingdInquRdFZUDQ+1ng2snF448Hm7pJ
y7/KD/D8sKRORiQjXmyeO0ah/X48u9953AxoJdBzVO/aG24F7QjDX6QiInNYSWmq
BleVCQQKjoFmV2yCb7S3WGs/WHBpCKaEERyLTMfqAWsfPanbQrlD1yCHZDLIQVNJ
yFa1HpED2DMqGJ1INh6/qIV25/6uPHfR5k2NRR/UhAAH/GRZ8ybjPQ==
-----END CERTIFICATE-----