Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Es0lEKb_bp6kjCJguyVL4GOL6a4.roa
File:                     Es0lEKb_bp6kjCJguyVL4GOL6a4.roa (raw, json)
Hash identifier:          eZ5VQyRhfknorXOkUqSXwbNNo512MdwjBfVbAa+DweQ=
Subject key identifier:   12:CD:25:10:A6:FF:6E:9E:A4:8C:22:60:BB:25:4B:E0:63:8B:E9:AE
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82C92C1DB23DE8032BE9645B882D3A
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Es0lEKb_bp6kjCJguyVL4GOL6a4.roa
Signing time:             Thu 26 Mar 2026 14:18:27 +0000
ROA not before:           Thu 26 Mar 2026 14:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396586
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:c9:2c:1d:b2:3d:e8:03:2b:e9:64:5b:88:2d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=12cd2510a6ff6e9ea48c2260bb254be0638be9ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:86:e7:62:5f:13:99:4d:95:89:a1:17:e0:8a:
                    5a:ae:8f:f7:7a:9a:1d:65:bc:5c:48:bf:04:09:be:
                    bf:fc:68:48:a1:6f:21:72:71:c9:fe:a4:e0:7e:de:
                    d5:32:e2:f2:c0:0a:e9:61:68:fe:d7:30:31:60:ba:
                    5d:b4:3e:7c:b1:e8:78:36:7e:c8:06:64:9b:8d:a8:
                    e1:e0:fd:98:3b:c7:80:96:b1:76:7a:26:bd:72:30:
                    77:40:8e:be:62:10:3a:a2:c6:ae:fd:6f:1c:4c:7c:
                    1d:a5:bd:bd:c8:b5:d3:0e:da:a5:e2:a1:20:6a:4f:
                    e3:b6:ea:ec:04:e7:02:43:be:04:c0:19:03:90:6f:
                    06:28:c4:b5:11:dc:a5:12:40:1f:b0:70:b9:05:80:
                    63:4d:2f:b1:71:4c:50:33:d7:b7:f0:4f:98:19:5a:
                    b7:f3:aa:c3:dd:6f:95:1d:73:24:27:58:99:8b:90:
                    1d:b1:b8:59:83:7f:a3:28:f6:a6:87:01:e2:3e:41:
                    67:87:e7:86:60:81:44:52:08:9d:dd:44:69:df:ad:
                    a8:eb:cc:a4:2d:9b:1c:06:fd:c0:99:d6:e3:cc:3c:
                    44:87:70:f5:88:b7:14:42:bb:79:07:85:0d:ff:fc:
                    b4:78:6a:80:10:2a:1e:22:c9:5c:d6:32:a4:72:83:
                    7a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:CD:25:10:A6:FF:6E:9E:A4:8C:22:60:BB:25:4B:E0:63:8B:E9:AE
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Es0lEKb_bp6kjCJguyVL4GOL6a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:3f:72:49:bf:08:ce:d1:bd:6c:00:29:20:ff:9f:da:6c:1d:
         22:6a:d3:26:ef:96:8d:fe:f7:f8:3e:f1:1d:3a:b2:fb:50:3a:
         f7:e7:69:1e:e2:a3:eb:a7:75:dd:3b:83:f0:56:8a:15:ad:14:
         63:9b:1e:df:ea:f6:fc:8a:d5:6e:cf:7b:bc:c2:e9:61:f7:09:
         80:ab:32:d1:ea:8b:26:d1:39:d0:6e:f6:51:7c:1a:12:b7:4a:
         c9:54:bf:c3:a7:1c:fc:19:fd:b4:08:db:fc:73:57:37:71:96:
         36:3d:13:92:c4:91:df:81:84:79:42:15:cb:4a:e2:d4:06:af:
         65:da:53:11:94:7f:46:73:d0:bb:ad:d6:53:d7:8a:3b:ee:10:
         56:39:fc:9f:21:92:99:21:19:dc:70:c6:40:ea:cb:41:50:72:
         18:96:24:4f:b4:fa:a0:fa:ea:7c:72:41:5d:50:63:a2:b5:7a:
         96:c7:3c:fa:93:63:54:04:53:d4:bc:ec:e8:06:c1:91:c4:cc:
         9e:8c:66:e0:75:80:df:ba:05:b4:1c:93:e1:5c:6d:92:78:df:
         c0:7a:7f:f9:06:0c:8c:4a:93:75:5c:4c:a2:c1:ff:67:09:bb:
         ca:64:b4:02:29:c2:de:16:13:ab:25:5e:6a:ac:d0:1e:db:02:
         88:25:8d:5c
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgsksHbI96AMr6WRbiC06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmNkMjUxMGE2ZmY2ZTllYTQ4YzIyNjBiYjI1NGJlMDYzOGJlOWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YbnYl8TmU2ViaEX4Iparo/3epod
ZbxcSL8ECb6//GhIoW8hcnHJ/qTgft7VMuLywArpYWj+1zAxYLpdtD58seh4Nn7I
BmSbjajh4P2YO8eAlrF2eia9cjB3QI6+YhA6osau/W8cTHwdpb29yLXTDtql4qEg
ak/jtursBOcCQ74EwBkDkG8GKMS1EdylEkAfsHC5BYBjTS+xcUxQM9e38E+YGVq3
86rD3W+VHXMkJ1iZi5AdsbhZg3+jKPamhwHiPkFnh+eGYIFEUgid3URp362o68yk
LZscBv3AmdbjzDxEh3D1iLcUQrt5B4UN//y0eGqAECoeIslc1jKkcoN6wwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFBLNJRCm/26epIwiYLslS+Bji+muMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvRXMwbEVLYl9icDZrakNKZ3V5Vkw0R09MNmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAAz9ySb8IztG9bAApIP+f2mwdImrTJu+W
jf73+D7xHTqy+1A69+dpHuKj66d13TuD8FaKFa0UY5se3+r2/IrVbs97vMLpYfcJ
gKsy0eqLJtE50G72UXwaErdKyVS/w6cc/Bn9tAjb/HNXN3GWNj0TksSR34GEeUIV
y0ri1AavZdpTEZR/RnPQu63WU9eKO+4QVjn8nyGSmSEZ3HDGQOrLQVByGJYkT7T6
oPrqfHJBXVBjorV6lsc8+pNjVART1Lzs6AbBkcTMnoxm4HWA37oFtByT4Vxtknjf
wHp/+QYMjEqTdVxMosH/Zwm7ymS0AinC3hYTqyVeaqzQHtsCiCWNXA==
-----END CERTIFICATE-----