Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/BvahMFs_YJzgX2lOiwopsQiepq0.roa
File:                     BvahMFs_YJzgX2lOiwopsQiepq0.roa (raw, json)
Hash identifier:          LrvQhFJTbPQSuPXaLGyr8eYPR85sMenKV8EKgHH+TbU=
Subject key identifier:   06:F6:A1:30:5B:3F:60:9C:E0:5F:69:4E:8B:0A:29:B1:08:9E:A6:AD
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82BF8B6E8E3E38D6EDCCA2C0CC22C2
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/BvahMFs_YJzgX2lOiwopsQiepq0.roa
Signing time:             Thu 26 Mar 2026 14:18:24 +0000
ROA not before:           Thu 26 Mar 2026 14:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396562
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:bf:8b:6e:8e:3e:38:d6:ed:cc:a2:c0:cc:22:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06f6a1305b3f609ce05f694e8b0a29b1089ea6ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:82:35:f4:a9:b6:15:82:0f:6b:c0:14:3e:6e:
                    b5:36:47:ee:a6:ae:89:94:65:bc:eb:bc:b4:ce:d0:
                    20:95:05:ba:42:c8:d4:87:a2:f7:22:70:a7:8a:78:
                    c1:ee:91:0a:49:89:d5:1c:e7:57:b2:97:d5:19:79:
                    9a:63:e6:a4:39:7d:e8:72:21:2f:f2:8e:00:ad:04:
                    3f:91:68:34:b2:5e:cc:e0:ac:64:cd:16:82:b8:a7:
                    ab:d5:7c:fd:c6:24:9d:1f:0a:28:91:48:3a:db:5f:
                    d2:41:09:5e:6d:a5:4b:4b:2b:bb:7b:3f:b3:db:09:
                    5c:ae:69:30:a8:1c:16:1c:12:a8:21:8a:b4:e0:a4:
                    fa:70:ff:79:81:f4:c4:f7:11:b8:d0:6d:c5:42:09:
                    87:d9:c4:76:81:07:b5:22:d9:36:fa:c6:4f:1e:f5:
                    72:66:cf:b4:50:30:94:c2:a0:79:bf:ac:5c:4f:e4:
                    d1:e1:af:12:ec:7a:d9:77:23:80:f8:1c:74:8f:e4:
                    c3:d0:9c:b0:6f:88:e2:17:28:1a:ce:a9:81:f0:c6:
                    a1:91:17:d3:b9:39:4c:0c:59:90:da:02:ff:c4:46:
                    a2:17:71:9d:f5:a3:57:ce:93:48:e3:8f:35:12:86:
                    1b:9c:e6:7b:ee:29:a5:bc:7c:dd:14:c7:29:b1:79:
                    58:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:F6:A1:30:5B:3F:60:9C:E0:5F:69:4E:8B:0A:29:B1:08:9E:A6:AD
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/BvahMFs_YJzgX2lOiwopsQiepq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:08:a4:a6:be:75:f4:6f:05:ec:ba:13:21:07:94:87:77:bf:
         5e:49:ee:9f:cb:47:52:ce:90:34:ee:d1:cd:65:6f:99:54:97:
         cc:fa:b1:f8:36:55:3d:43:ce:9d:49:20:cc:0a:81:5e:a2:1f:
         b2:0f:a9:06:15:b8:44:c9:9d:fd:69:80:ae:07:8f:75:09:0e:
         2e:74:95:4d:10:f3:df:91:2a:7a:d0:11:c5:cd:eb:a2:9b:4b:
         15:3e:7d:3f:10:00:38:e4:44:25:2e:3e:39:75:87:3b:bf:ea:
         37:80:51:6b:f1:24:4a:dc:0d:04:bd:61:a6:ec:32:c1:d4:94:
         7b:4f:bc:02:5e:ee:c7:9c:80:fb:60:9e:09:4c:17:f1:4d:c5:
         59:e4:7e:cc:ca:7d:0f:53:80:93:c4:74:5b:c9:8f:55:f8:a6:
         4d:3e:d8:64:67:98:a0:b5:f9:00:e9:57:8b:9a:2f:de:35:70:
         89:b7:6e:54:d9:ca:d7:a8:3a:d4:84:11:b1:e0:73:d1:57:82:
         14:00:64:0a:f1:dc:a6:ed:4b:ef:d6:e1:91:26:b2:20:17:b0:
         6b:8e:39:ec:04:6c:f3:ae:f7:d1:4b:4f:e8:bc:9d:a3:9a:82:
         9b:47:87:3f:19:44:42:af:b9:39:73:fe:1e:f7:ae:e4:7f:e5:
         13:d5:bf:e7
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgr+Lbo4+ONbtzKLAzCLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmY2YTEzMDViM2Y2MDljZTA1ZjY5NGU4YjBhMjliMTA4OWVhNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuII19Km2FYIPa8AUPm61Nkfupq6J
lGW867y0ztAglQW6QsjUh6L3InCninjB7pEKSYnVHOdXspfVGXmaY+akOX3ociEv
8o4ArQQ/kWg0sl7M4KxkzRaCuKer1Xz9xiSdHwookUg621/SQQlebaVLSyu7ez+z
2wlcrmkwqBwWHBKoIYq04KT6cP95gfTE9xG40G3FQgmH2cR2gQe1Itk2+sZPHvVy
Zs+0UDCUwqB5v6xcT+TR4a8S7HrZdyOA+Bx0j+TD0Jywb4jiFygazqmB8MahkRfT
uTlMDFmQ2gL/xEaiF3Gd9aNXzpNI4481EoYbnOZ77imlvHzdFMcpsXlYtwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFAb2oTBbP2Cc4F9pTosKKbEInqatMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvQnZhaE1Gc19ZSnpnWDJsT2l3b3BzUWllcHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAZwikpr519G8F7LoTIQeUh3e/Xknun8tH
Us6QNO7RzWVvmVSXzPqx+DZVPUPOnUkgzAqBXqIfsg+pBhW4RMmd/WmArgePdQkO
LnSVTRDz35EqetARxc3roptLFT59PxAAOOREJS4+OXWHO7/qN4BRa/EkStwNBL1h
puwywdSUe0+8Al7ux5yA+2CeCUwX8U3FWeR+zMp9D1OAk8R0W8mPVfimTT7YZGeY
oLX5AOlXi5ov3jVwibduVNnK16g61IQRseBz0VeCFABkCvHcpu1L79bhkSayIBew
a4457ARs86730UtP6Lydo5qCm0eHPxlEQq+5OXP+Hveu5H/lE9W/5w==
-----END CERTIFICATE-----