Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/A2SMl2uBUI6HBKLoqX4zSb8vi_0.roa
File:                     A2SMl2uBUI6HBKLoqX4zSb8vi_0.roa (raw, json)
Hash identifier:          itW71KPAHm6bJXmwLMuohMCft1+2g4ZeM7IeR/5i63U=
Subject key identifier:   03:64:8C:97:6B:81:50:8E:87:04:A2:E8:A9:7E:33:49:BF:2F:8B:FD
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82AF9F2AEDDDA7CB4953626E562A27
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/A2SMl2uBUI6HBKLoqX4zSb8vi_0.roa
Signing time:             Thu 26 Mar 2026 14:18:20 +0000
ROA not before:           Thu 26 Mar 2026 14:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36622
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:af:9f:2a:ed:dd:a7:cb:49:53:62:6e:56:2a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03648c976b81508e8704a2e8a97e3349bf2f8bfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9c:1a:5b:ab:df:8a:a4:c8:30:81:ed:b2:b5:
                    7a:c7:2c:26:77:b3:a3:46:5a:c1:0a:03:aa:83:29:
                    11:2a:ac:bf:e9:8c:d8:5b:87:4d:aa:fd:53:a9:db:
                    de:45:04:3c:3f:9e:bd:f7:34:04:03:88:c1:fc:46:
                    ea:49:19:f0:4e:da:36:9b:be:6e:b8:ad:70:7e:9e:
                    7d:41:bb:58:94:58:e4:ba:59:ad:e4:b1:44:a2:f6:
                    c2:f1:be:5c:01:46:75:ee:3c:ab:8c:2b:4d:27:1e:
                    19:6e:d7:64:a0:60:16:fb:00:0c:b7:0a:97:fb:ab:
                    22:73:fb:35:92:f1:8e:cc:31:88:ef:65:78:cd:50:
                    ea:ac:59:14:ac:92:b5:d7:64:3d:0d:0b:ab:99:a9:
                    a6:de:5f:68:65:3f:c6:0b:2f:5a:3a:47:53:e4:ed:
                    a7:5d:0f:b0:8e:4a:77:1a:21:bd:4a:ae:96:37:3a:
                    2a:47:b7:cc:4d:a2:e4:c8:90:64:b1:bd:29:2e:c5:
                    34:8a:30:8a:ae:ec:8c:91:36:ea:7f:5d:ab:a1:72:
                    a7:73:38:26:49:80:e9:de:24:00:f0:04:a1:f4:72:
                    24:e8:3d:8f:81:d1:f1:a7:e4:c9:9e:44:8f:85:53:
                    e7:47:be:a9:27:19:a5:d8:d6:f4:b1:34:e3:71:42:
                    f4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:64:8C:97:6B:81:50:8E:87:04:A2:E8:A9:7E:33:49:BF:2F:8B:FD
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/A2SMl2uBUI6HBKLoqX4zSb8vi_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:a3:0a:a0:4f:61:ad:d0:38:b3:11:b0:86:3e:37:24:a6:49:
         80:a0:ba:13:f5:93:0f:4d:12:33:c6:d8:80:12:bd:10:70:e8:
         fa:c1:39:9a:29:23:d1:30:be:64:52:11:6a:85:1d:60:1d:27:
         7d:5b:4a:f2:ab:1b:de:1e:14:05:e8:a5:37:92:9c:b5:ff:32:
         f0:5a:17:9f:74:d2:f1:59:5a:aa:83:cd:0a:cf:57:0e:b0:8f:
         48:09:b4:a3:16:14:b0:ab:58:d3:f2:e4:07:fb:0b:5c:07:b3:
         7c:2e:b2:f3:8a:b5:ed:27:dc:c9:64:72:46:eb:e9:c2:c8:0e:
         84:fa:1f:17:d3:2d:d6:59:0f:3f:eb:bd:93:52:08:82:7e:9b:
         43:10:ab:1d:59:08:ec:b9:28:c1:b2:2f:44:2b:31:3c:41:67:
         36:71:b5:e6:63:7d:05:45:f1:77:66:66:c8:20:c8:c6:90:dd:
         dd:74:38:f2:f5:19:61:be:03:f1:8e:86:d7:69:1b:fd:75:22:
         c1:8c:55:02:41:c2:54:f2:ac:80:f3:d2:51:94:05:cd:12:82:
         a2:39:81:06:cb:11:54:51:fa:d5:ec:89:5c:2d:c1:30:b7:6a:
         73:c0:e1:7a:7e:17:3a:6d:ed:f8:ca:90:08:7c:2a:d1:71:85:
         43:11:10:9b
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgq+fKu3dp8tJU2JuVionMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzY0OGM5NzZiODE1MDhlODcwNGEyZThhOTdlMzM0OWJmMmY4YmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZwaW6vfiqTIMIHtsrV6xywmd7Oj
RlrBCgOqgykRKqy/6YzYW4dNqv1TqdveRQQ8P5699zQEA4jB/EbqSRnwTto2m75u
uK1wfp59QbtYlFjkulmt5LFEovbC8b5cAUZ17jyrjCtNJx4ZbtdkoGAW+wAMtwqX
+6sic/s1kvGOzDGI72V4zVDqrFkUrJK112Q9DQurmamm3l9oZT/GCy9aOkdT5O2n
XQ+wjkp3GiG9Sq6WNzoqR7fMTaLkyJBksb0pLsU0ijCKruyMkTbqf12roXKnczgm
SYDp3iQA8ASh9HIk6D2PgdHxp+TJnkSPhVPnR76pJxml2Nb0sTTjcUL0gwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFANkjJdrgVCOhwSi6Kl+M0m/L4v9MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvQTJTTWwydUJVSTZIQktMb3FYNHpTYjh2aV8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAd6MKoE9hrdA4sxGwhj43JKZJgKC6E/WT
D00SM8bYgBK9EHDo+sE5mikj0TC+ZFIRaoUdYB0nfVtK8qsb3h4UBeilN5Kctf8y
8FoXn3TS8VlaqoPNCs9XDrCPSAm0oxYUsKtY0/LkB/sLXAezfC6y84q17SfcyWRy
RuvpwsgOhPofF9Mt1lkPP+u9k1IIgn6bQxCrHVkI7LkowbIvRCsxPEFnNnG15mN9
BUXxd2ZmyCDIxpDd3XQ48vUZYb4D8Y6G12kb/XUiwYxVAkHCVPKsgPPSUZQFzRKC
ojmBBssRVFH61eyJXC3BMLdqc8Dhen4XOm3t+MqQCHwq0XGFQxEQmw==
-----END CERTIFICATE-----