Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/AXl5TvgGZYeRzejIr7zWyYwGYeY.roa
File:                     AXl5TvgGZYeRzejIr7zWyYwGYeY.roa (raw, json)
Hash identifier:          OGxv8OzR/A6yAAovRO8SeZDbVTVPhgqi0OEmXi3GrGQ=
Subject key identifier:   01:79:79:4E:F8:06:65:87:91:CD:E8:C8:AF:BC:D6:C9:8C:06:61:E6
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82A928693E057986B5FBE402A55B50
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/AXl5TvgGZYeRzejIr7zWyYwGYeY.roa
Signing time:             Thu 26 Mar 2026 14:18:19 +0000
ROA not before:           Thu 26 Mar 2026 14:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20362
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:a9:28:69:3e:05:79:86:b5:fb:e4:02:a5:5b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0179794ef806658791cde8c8afbcd6c98c0661e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:01:63:27:d5:4a:89:7d:64:a7:e8:77:9f:31:
                    27:61:2e:69:fb:b6:69:d9:59:aa:85:b1:09:d4:18:
                    22:ec:f7:ba:4f:84:cb:3c:b0:21:8e:be:cf:ee:1f:
                    48:87:f9:4e:0b:bf:06:78:4f:e1:f7:74:ab:93:87:
                    ca:2b:3c:0e:83:8c:a2:6a:02:30:a1:54:3c:85:6c:
                    ce:74:00:7a:23:51:df:45:15:c3:d3:31:7a:8f:90:
                    ac:9d:1a:12:49:01:0b:47:c9:d7:de:df:25:f0:d7:
                    74:c8:2f:1f:e1:82:49:3c:3c:9a:ee:59:e9:b4:e0:
                    2e:19:fc:8a:1c:6d:4e:8c:c8:da:3b:fe:3c:5e:af:
                    45:d7:02:a9:2d:c3:26:e2:fa:ed:9c:a4:4e:bf:fd:
                    c7:d0:55:c2:09:cb:d1:bc:53:c5:91:6f:a8:a3:cd:
                    9d:45:68:d7:0d:19:24:21:ae:f5:5e:11:0f:7c:bc:
                    13:58:89:f9:45:d7:f0:ab:f6:9a:c9:05:01:2c:f4:
                    76:ea:eb:e9:03:3a:84:aa:13:aa:7a:f6:b9:6d:53:
                    1c:c1:6b:4a:0c:e0:69:58:6b:f6:ad:aa:57:19:19:
                    cf:d7:b8:95:1e:ee:0f:53:23:c4:b2:1c:6e:d9:48:
                    e5:06:58:f4:b5:18:99:e8:9a:20:0f:e2:b2:d2:e5:
                    11:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:79:79:4E:F8:06:65:87:91:CD:E8:C8:AF:BC:D6:C9:8C:06:61:E6
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/AXl5TvgGZYeRzejIr7zWyYwGYeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:1d:69:db:50:97:5a:8f:ea:62:91:a3:57:cf:c2:b9:89:18:
         06:67:87:f5:cf:10:bd:f1:19:0b:f5:c1:71:d2:3d:22:78:55:
         7e:a1:28:b4:d3:12:a7:1f:c2:03:33:cd:5d:60:ac:17:73:d3:
         a7:d2:ca:84:e9:be:70:4a:9e:3a:2f:17:60:e2:99:c1:d0:2e:
         43:f7:72:a8:f8:60:9d:a9:15:31:56:ab:d3:7b:f5:a0:69:19:
         c0:bb:5f:8a:5e:51:ea:66:b8:92:c4:33:0d:8e:f6:b7:0d:4c:
         ba:9f:26:d6:f7:d4:74:11:7d:34:b3:36:75:db:ed:df:a5:e9:
         66:55:98:6e:ad:50:ce:ef:eb:ee:0e:9f:a7:78:3e:1e:e6:3e:
         88:29:14:e1:63:41:5d:1c:e7:55:b0:2d:ef:c8:e4:67:11:76:
         84:5e:7f:ac:3b:75:d8:0b:35:c1:2a:87:d5:a3:ef:3d:f8:53:
         9c:91:50:76:48:d3:28:32:e8:57:f5:df:87:03:80:c1:fc:98:
         ab:f0:ce:7d:b2:8f:7c:55:2e:b6:47:9b:d7:f4:36:46:0e:30:
         11:90:f5:97:d7:4c:7e:28:5f:6d:8e:d0:cd:d9:14:cd:0f:44:
         70:b4:23:19:5b:f5:49:e4:b9:b1:9a:64:ef:bc:e4:57:78:d3:
         30:73:52:3f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgqkoaT4FeYa1++QCpVtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTc5Nzk0ZWY4MDY2NTg3OTFjZGU4YzhhZmJjZDZjOThjMDY2MWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswFjJ9VKiX1kp+h3nzEnYS5p+7Zp
2VmqhbEJ1Bgi7Pe6T4TLPLAhjr7P7h9Ih/lOC78GeE/h93Srk4fKKzwOg4yiagIw
oVQ8hWzOdAB6I1HfRRXD0zF6j5CsnRoSSQELR8nX3t8l8Nd0yC8f4YJJPDya7lnp
tOAuGfyKHG1OjMjaO/48Xq9F1wKpLcMm4vrtnKROv/3H0FXCCcvRvFPFkW+oo82d
RWjXDRkkIa71XhEPfLwTWIn5Rdfwq/aayQUBLPR26uvpAzqEqhOqeva5bVMcwWtK
DOBpWGv2rapXGRnP17iVHu4PUyPEshxu2UjlBlj0tRiZ6JogD+Ky0uURMQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFAF5eU74BmWHkc3oyK+81smMBmHmMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvQVhsNVR2Z0daWWVSemVqSXI3eld5WXdHWWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAsR1p21CXWo/qYpGjV8/CuYkYBmeH9c8Q
vfEZC/XBcdI9InhVfqEotNMSpx/CAzPNXWCsF3PTp9LKhOm+cEqeOi8XYOKZwdAu
Q/dyqPhgnakVMVar03v1oGkZwLtfil5R6ma4ksQzDY72tw1Mup8m1vfUdBF9NLM2
ddvt36XpZlWYbq1Qzu/r7g6fp3g+HuY+iCkU4WNBXRznVbAt78jkZxF2hF5/rDt1
2As1wSqH1aPvPfhTnJFQdkjTKDLoV/XfhwOAwfyYq/DOfbKPfFUutkeb1/Q2Rg4w
EZD1l9dMfihfbY7QzdkUzQ9EcLQjGVv1SeS5sZpk77zkV3jTMHNSPw==
-----END CERTIFICATE-----