Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/F19JzeSxkPGeDUgG1RCHS_ESO48.roa
File:                     F19JzeSxkPGeDUgG1RCHS_ESO48.roa (raw, json)
Hash identifier:          8bZNZH4OYCMmGcwm3XbEf8TeKs08HIVwxV/BzEvwAcc=
Subject key identifier:   17:5F:49:CD:E4:B1:90:F1:9E:0D:48:06:D5:10:87:4B:F1:12:3B:8F
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82CBBE16240F5067D69466179E556D
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/F19JzeSxkPGeDUgG1RCHS_ESO48.roa
Signing time:             Thu 26 Mar 2026 14:18:28 +0000
ROA not before:           Thu 26 Mar 2026 14:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396589
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:cb:be:16:24:0f:50:67:d6:94:66:17:9e:55:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=175f49cde4b190f19e0d4806d510874bf1123b8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b3:5e:11:f0:df:42:2c:29:29:81:2b:c6:b5:
                    dd:a2:f2:d1:c9:f1:ae:4a:f3:2c:3c:1c:e4:76:2f:
                    1c:8e:05:8d:cd:07:2b:1c:a7:5e:16:dc:c0:c3:1d:
                    84:7d:49:ec:b5:4f:ec:b5:d2:1f:98:2b:de:d8:46:
                    93:e7:18:65:12:9f:0a:bc:4e:38:92:27:77:4b:6c:
                    03:4d:18:29:ea:70:35:4e:d4:e2:ca:24:53:df:7b:
                    0e:f5:e4:dd:d1:13:80:6e:c8:ee:12:08:37:eb:5e:
                    e2:7e:eb:c4:79:6d:6a:b5:6c:6f:56:1a:58:cc:35:
                    ac:05:2f:2b:0a:a1:96:3f:64:a0:8a:17:50:d1:bb:
                    fe:fa:0c:3e:a1:2a:14:5a:5b:e8:2f:81:df:0e:cd:
                    a9:f4:a4:e4:e3:a0:8f:cd:c6:d2:80:6e:ff:7b:da:
                    66:ff:f9:38:bc:5d:2b:45:a3:aa:26:2f:92:69:d6:
                    4e:eb:2a:41:67:21:5f:5f:1a:24:a0:53:3b:87:1c:
                    80:97:26:2a:f7:6f:da:8e:de:ff:e7:b8:ec:cd:f3:
                    26:aa:df:73:03:36:76:b7:fd:04:44:f3:5a:e1:a5:
                    41:96:73:d1:09:81:38:41:9b:4d:ab:6c:63:ad:19:
                    1a:40:5d:76:13:bb:ad:7b:88:f2:15:19:83:93:00:
                    78:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:5F:49:CD:E4:B1:90:F1:9E:0D:48:06:D5:10:87:4B:F1:12:3B:8F
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/F19JzeSxkPGeDUgG1RCHS_ESO48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:09:d4:38:71:86:0c:9d:c7:5e:9c:c8:78:c9:6c:aa:eb:20:
         36:7f:01:f5:ea:ac:df:3a:ea:a1:18:66:d5:e0:e5:5c:c0:68:
         69:80:7e:d2:d3:29:57:4e:6d:82:80:74:c8:9d:55:82:f9:6a:
         f0:e2:03:4a:4c:b7:fe:48:65:a9:c9:cf:22:28:4b:ce:10:be:
         c6:9f:fe:f5:25:29:53:f3:88:f9:65:0c:38:91:dd:bf:2b:19:
         83:77:7a:3c:3d:4d:45:80:70:d8:d6:09:74:5e:f8:78:f6:d5:
         26:78:83:a6:73:40:ed:9c:c7:5d:37:50:b1:1a:c9:19:35:d9:
         50:8c:80:f6:5c:a1:57:bb:f7:17:00:ed:b1:e1:fd:a0:4e:f6:
         98:b9:b1:58:53:1a:50:18:ae:d3:67:d4:66:77:e6:3d:a9:30:
         ca:13:71:50:cd:25:cf:e5:a8:24:64:2c:2f:cc:16:ce:68:fe:
         d3:f9:35:46:05:b5:da:6e:d5:fc:b1:a2:91:3f:b1:ab:c0:7d:
         c6:de:22:c7:fb:a2:16:f4:f7:91:5f:78:94:a9:1e:f3:e5:53:
         9a:93:3c:f1:47:41:7f:a7:6d:fe:b1:b9:a9:bf:ea:22:e3:01:
         51:6a:9e:96:49:4c:3b:82:a4:26:68:a0:9e:7c:a7:64:0f:7d:
         72:49:58:a2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgsu+FiQPUGfWlGYXnlVtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzVmNDljZGU0YjE5MGYxOWUwZDQ4MDZkNTEwODc0YmYxMTIzYjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbNeEfDfQiwpKYErxrXdovLRyfGu
SvMsPBzkdi8cjgWNzQcrHKdeFtzAwx2EfUnstU/stdIfmCve2EaT5xhlEp8KvE44
kid3S2wDTRgp6nA1TtTiyiRT33sO9eTd0ROAbsjuEgg3617ifuvEeW1qtWxvVhpY
zDWsBS8rCqGWP2SgihdQ0bv++gw+oSoUWlvoL4HfDs2p9KTk46CPzcbSgG7/e9pm
//k4vF0rRaOqJi+SadZO6ypBZyFfXxokoFM7hxyAlyYq92/ajt7/57jszfMmqt9z
AzZ2t/0ERPNa4aVBlnPRCYE4QZtNq2xjrRkaQF12E7ute4jyFRmDkwB4vQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFBdfSc3ksZDxng1IBtUQh0vxEjuPMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvRjE5SnplU3hrUEdlRFVnRzFSQ0hTX0VTTzQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAJwnUOHGGDJ3HXpzIeMlsqusgNn8B9eqs
3zrqoRhm1eDlXMBoaYB+0tMpV05tgoB0yJ1Vgvlq8OIDSky3/khlqcnPIihLzhC+
xp/+9SUpU/OI+WUMOJHdvysZg3d6PD1NRYBw2NYJdF74ePbVJniDpnNA7ZzHXTdQ
sRrJGTXZUIyA9lyhV7v3FwDtseH9oE72mLmxWFMaUBiu02fUZnfmPakwyhNxUM0l
z+WoJGQsL8wWzmj+0/k1RgW12m7V/LGikT+xq8B9xt4ix/uiFvT3kV94lKke8+VT
mpM88UdBf6dt/rG5qb/qIuMBUWqelklMO4KkJmignnynZA99cklYog==
-----END CERTIFICATE-----