Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3LizI0__nN86WociB-oA0FT10dE.roa
File:                     3LizI0__nN86WociB-oA0FT10dE.roa (raw, json)
Hash identifier:          Pc80FDrlRi1CPeZWOseW6YD2CSzHvBmL7Y2uv0MuJUs=
Subject key identifier:   DC:B8:B3:23:4F:FF:9C:DF:3A:5A:87:22:07:EA:00:D0:54:F5:D1:D1
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82ADAFD3CB8E469C5F63EA63485BEC
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3LizI0__nN86WociB-oA0FT10dE.roa
Signing time:             Thu 26 Mar 2026 14:18:20 +0000
ROA not before:           Thu 26 Mar 2026 14:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36618
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:ad:af:d3:cb:8e:46:9c:5f:63:ea:63:48:5b:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dcb8b3234fff9cdf3a5a872207ea00d054f5d1d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d5:07:6c:ec:31:d5:5e:b9:20:2c:88:70:01:
                    c8:a4:62:46:cd:3b:da:43:3c:99:e9:20:cf:85:23:
                    ad:f9:ac:b3:3a:a3:18:14:1d:77:5b:be:05:8f:7e:
                    08:6d:3e:89:76:04:0e:c4:c7:c2:2c:5f:cd:55:64:
                    59:1e:8d:8c:93:96:80:54:a2:70:9c:0f:9e:66:56:
                    2b:a7:f6:a5:0c:eb:44:08:1f:ca:56:3d:ca:31:6a:
                    ce:5f:06:cd:a8:6d:10:0d:58:f7:8f:3f:86:e3:4f:
                    6f:7e:32:80:44:9f:62:18:a6:be:cd:65:4c:af:c7:
                    15:b4:de:49:50:bf:c1:a7:b9:fa:ab:27:59:0d:e2:
                    0b:d6:7b:6d:ce:4a:66:02:c1:ba:08:ec:dc:02:8c:
                    4c:b6:3b:ea:82:dc:13:ea:d9:88:8c:c3:81:33:75:
                    df:53:a5:1a:f5:97:d8:a2:55:41:da:67:0f:f2:bb:
                    71:9d:77:32:6d:f0:99:54:64:10:b5:29:34:f7:b2:
                    04:fd:3d:4a:b9:e8:45:59:0d:e1:83:17:0b:1e:39:
                    04:e8:e9:72:d8:ee:81:9c:68:76:80:7f:2f:8e:89:
                    e3:0d:b9:32:36:63:1b:08:99:7d:4a:59:65:8c:c0:
                    1f:f6:fd:63:fc:95:e8:d8:84:84:d5:51:20:5a:2a:
                    3e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B8:B3:23:4F:FF:9C:DF:3A:5A:87:22:07:EA:00:D0:54:F5:D1:D1
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/3LizI0__nN86WociB-oA0FT10dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:09:e6:e1:43:74:dd:03:f2:d9:fb:1e:df:30:03:b1:8b:fd:
         4f:d9:d7:68:9c:42:bd:2b:e8:bf:cc:03:af:c9:10:94:8d:b8:
         8e:53:d7:f0:4b:70:6a:6a:67:45:25:7f:d2:43:e0:f4:de:57:
         5c:b0:d5:da:ec:be:8f:5f:67:f2:19:0d:8c:fb:db:d5:0c:89:
         76:00:80:c4:84:bb:bb:6c:a4:a2:f0:84:ef:75:e6:0d:8d:45:
         df:06:1a:c7:cd:24:a2:11:97:06:0c:49:e3:ab:27:36:20:d2:
         b5:6f:11:8a:59:d2:c2:87:da:9c:2d:01:13:79:9c:5e:69:f9:
         d1:a0:a9:7a:b2:1e:ab:f3:ed:fe:b1:f7:d0:1e:c2:58:c2:35:
         b7:a3:48:7e:03:65:67:35:8c:e9:3d:1c:23:c7:b6:fa:80:93:
         38:06:49:39:63:f0:7e:60:8f:b6:88:33:06:d4:0b:92:4b:90:
         49:d1:40:43:69:b7:6b:22:8d:67:a4:5c:78:c4:50:76:01:f6:
         ec:04:46:8e:81:79:9c:3e:9d:0a:db:e3:91:38:71:2d:00:e1:
         eb:4f:b6:56:b0:be:46:34:8d:e9:ad:f0:78:c3:fa:2c:dd:68:
         4b:a2:9b:77:a4:9d:df:1a:69:3d:47:ec:d2:4e:3a:6f:51:9f:
         1a:ef:9f:bf
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgq2v08uORpxfY+pjSFvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I4YjMyMzRmZmY5Y2RmM2E1YTg3MjIwN2VhMDBkMDU0ZjVkMWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09UHbOwx1V65ICyIcAHIpGJGzTva
QzyZ6SDPhSOt+ayzOqMYFB13W74Fj34IbT6JdgQOxMfCLF/NVWRZHo2Mk5aAVKJw
nA+eZlYrp/alDOtECB/KVj3KMWrOXwbNqG0QDVj3jz+G409vfjKARJ9iGKa+zWVM
r8cVtN5JUL/Bp7n6qydZDeIL1nttzkpmAsG6COzcAoxMtjvqgtwT6tmIjMOBM3Xf
U6Ua9ZfYolVB2mcP8rtxnXcybfCZVGQQtSk097IE/T1KuehFWQ3hgxcLHjkE6Oly
2O6BnGh2gH8vjonjDbkyNmMbCJl9SllljMAf9v1j/JXo2ISE1VEgWio+2wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFNy4syNP/5zfOlqHIgfqANBU9dHRMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvM0xpekkwX19uTjg2V29jaUItb0EwRlQxMGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAxgnm4UN03QPy2fse3zADsYv9T9nXaJxC
vSvov8wDr8kQlI24jlPX8EtwampnRSV/0kPg9N5XXLDV2uy+j19n8hkNjPvb1QyJ
dgCAxIS7u2ykovCE73XmDY1F3wYax80kohGXBgxJ46snNiDStW8RilnSwofanC0B
E3mcXmn50aCperIeq/Pt/rH30B7CWMI1t6NIfgNlZzWM6T0cI8e2+oCTOAZJOWPw
fmCPtogzBtQLkkuQSdFAQ2m3ayKNZ6RceMRQdgH27ARGjoF5nD6dCtvjkThxLQDh
60+2VrC+RjSN6a3weMP6LN1oS6Kbd6Sd3xppPUfs0k46b1GfGu+fvw==
-----END CERTIFICATE-----