Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/AkGU9yJebNeck1_V358mbBqrOn4.roa
File:                     AkGU9yJebNeck1_V358mbBqrOn4.roa (raw, json)
Hash identifier:          Q2frOR0YMZUzdr0RSD4/n0Pp9g1WIt9pv+eak6cyZ5A=
Subject key identifier:   02:41:94:F7:22:5E:6C:D7:9C:93:5F:D5:DF:9F:26:6C:1A:AB:3A:7E
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82AF0F83C43045C62832A5F040321F
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/AkGU9yJebNeck1_V358mbBqrOn4.roa
Signing time:             Thu 26 Mar 2026 14:18:20 +0000
ROA not before:           Thu 26 Mar 2026 14:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36621
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:af:0f:83:c4:30:45:c6:28:32:a5:f0:40:32:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=024194f7225e6cd79c935fd5df9f266c1aab3a7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:be:8f:76:37:dd:2c:f6:22:4c:17:96:38:84:
                    6d:3c:35:26:33:7f:e6:da:61:50:1c:3b:bc:16:d1:
                    68:2a:6b:9e:9f:7c:1b:dc:da:56:b8:93:1e:5e:52:
                    9a:5c:29:69:31:88:82:af:31:7a:58:b4:87:a4:40:
                    bb:c6:cd:a0:6a:7f:ec:67:87:55:ae:9a:74:bd:88:
                    eb:90:cd:b6:05:13:9a:a2:f4:fb:42:c8:53:ef:e4:
                    a3:d4:1a:55:78:df:d8:94:0e:87:94:c0:d1:ae:2d:
                    dd:1f:b1:8a:b3:f6:c4:93:0e:8d:44:93:eb:dc:9a:
                    43:a6:70:fe:a6:67:da:a0:12:6d:b3:9b:8e:4e:fb:
                    61:db:e7:7a:44:5f:1a:7a:9b:cc:42:62:7e:59:d7:
                    20:36:61:a8:b3:f6:fc:e2:c5:55:86:74:d0:81:c8:
                    63:18:4d:4a:1b:39:a3:c4:ec:61:80:22:88:5b:91:
                    78:6f:b5:4b:5d:eb:9f:cf:20:67:84:4c:34:93:bf:
                    d0:5c:e8:e7:de:75:3d:98:96:ed:45:c5:79:11:49:
                    12:7e:75:17:62:87:15:97:92:70:6a:23:a0:da:2a:
                    1c:e8:ae:4a:a4:d6:83:38:3c:d8:71:f7:44:b7:ff:
                    92:13:66:95:57:a1:0e:49:a9:fd:92:fd:91:b4:d8:
                    87:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:41:94:F7:22:5E:6C:D7:9C:93:5F:D5:DF:9F:26:6C:1A:AB:3A:7E
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/AkGU9yJebNeck1_V358mbBqrOn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:b2:30:82:2a:ca:99:58:b7:30:de:1a:cd:bf:10:b1:87:7d:
         b5:36:00:18:05:22:7a:57:49:f7:38:99:96:8f:af:40:ab:05:
         f7:44:0f:61:84:d8:2f:44:14:13:5c:72:18:95:d9:da:3c:ca:
         41:9f:7e:63:b9:43:92:df:c7:0d:a7:8f:d2:d7:6a:e8:dc:a9:
         74:7f:79:68:43:bb:51:32:ab:68:7f:b6:71:0e:ff:9e:08:ec:
         e8:5a:34:a6:eb:1b:1b:98:74:c4:d8:d9:b8:17:2e:5a:83:05:
         67:9b:a9:2b:d1:04:7c:f3:78:d8:4b:e6:c7:6b:f1:c5:72:b4:
         47:59:64:f9:b3:58:b5:44:66:35:3f:06:e9:08:50:33:30:9b:
         22:04:bf:ff:ef:da:a7:96:b4:c2:88:14:21:bb:ea:5c:f6:ab:
         75:22:8f:1d:58:78:c8:12:e5:8b:58:73:2a:67:dc:eb:e3:0b:
         b6:b9:c7:a9:2d:7a:f1:40:e2:7a:c9:6a:75:32:36:40:ec:52:
         1c:9f:3d:0d:b6:e4:93:cd:1a:74:65:2c:8a:e8:16:36:c8:89:
         aa:3c:94:48:2c:05:c3:40:19:d4:83:b0:87:af:02:44:73:e4:
         f3:a3:e6:4b:89:59:31:c7:99:ac:c8:71:af:55:b2:79:9a:9a:
         59:3e:d2:04
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgq8Pg8QwRcYoMqXwQDIfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjQxOTRmNzIyNWU2Y2Q3OWM5MzVmZDVkZjlmMjY2YzFhYWIzYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA276PdjfdLPYiTBeWOIRtPDUmM3/m
2mFQHDu8FtFoKmuen3wb3NpWuJMeXlKaXClpMYiCrzF6WLSHpEC7xs2gan/sZ4dV
rpp0vYjrkM22BROaovT7QshT7+Sj1BpVeN/YlA6HlMDRri3dH7GKs/bEkw6NRJPr
3JpDpnD+pmfaoBJts5uOTvth2+d6RF8aepvMQmJ+WdcgNmGos/b84sVVhnTQgchj
GE1KGzmjxOxhgCKIW5F4b7VLXeufzyBnhEw0k7/QXOjn3nU9mJbtRcV5EUkSfnUX
YocVl5JwaiOg2ioc6K5KpNaDODzYcfdEt/+SE2aVV6EOSan9kv2RtNiHowIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFAJBlPciXmzXnJNf1d+fJmwaqzp+MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvQWtHVTl5SmViTmVjazFfVjM1OG1iQnFyT240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAJrIwgirKmVi3MN4azb8QsYd9tTYAGAUi
eldJ9ziZlo+vQKsF90QPYYTYL0QUE1xyGJXZ2jzKQZ9+Y7lDkt/HDaeP0tdq6Nyp
dH95aEO7UTKraH+2cQ7/ngjs6Fo0pusbG5h0xNjZuBcuWoMFZ5upK9EEfPN42Evm
x2vxxXK0R1lk+bNYtURmNT8G6QhQMzCbIgS//+/ap5a0wogUIbvqXPardSKPHVh4
yBLli1hzKmfc6+MLtrnHqS168UDieslqdTI2QOxSHJ89Dbbkk80adGUsiugWNsiJ
qjyUSCwFw0AZ1IOwh68CRHPk86PmS4lZMceZrMhxr1WyeZqaWT7SBA==
-----END CERTIFICATE-----