Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Fnj43LQn8xok2L4n9p927R4cxZY.roa
File:                     Fnj43LQn8xok2L4n9p927R4cxZY.roa (raw, json)
Hash identifier:          1pmGZHt8BCX907faN5xeNJUKO6Df378IT4VIc69RVq8=
Subject key identifier:   16:78:F8:DC:B4:27:F3:1A:24:D8:BE:27:F6:9F:76:ED:1E:1C:C5:96
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82C5869DF83843D87442A846D98569
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Fnj43LQn8xok2L4n9p927R4cxZY.roa
Signing time:             Thu 26 Mar 2026 14:18:26 +0000
ROA not before:           Thu 26 Mar 2026 14:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396578
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:c5:86:9d:f8:38:43:d8:74:42:a8:46:d9:85:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1678f8dcb427f31a24d8be27f69f76ed1e1cc596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:25:a6:7b:e2:34:a3:ef:29:ae:55:33:ae:ef:
                    65:4d:cd:a2:3f:8f:a7:2a:a4:d0:de:c9:2e:52:e8:
                    8f:35:81:70:e7:8a:6b:0c:01:07:13:a5:30:f7:75:
                    ec:6c:d1:38:37:56:97:f3:ec:16:d4:84:54:f1:97:
                    1d:84:bc:27:2c:d6:b3:e6:4a:33:95:82:b3:e2:f2:
                    b7:64:d3:c7:0b:b7:19:f4:6c:7b:27:31:33:7c:b5:
                    c8:7d:10:3c:61:d6:5a:b4:77:32:10:b9:6f:55:3f:
                    33:71:1c:ed:04:d1:e8:fd:00:2e:56:0a:0e:c4:de:
                    95:48:e5:fb:d1:54:3c:27:84:78:f8:12:7a:f6:61:
                    32:d0:8a:78:c5:ca:c6:bc:e4:18:8c:2c:a6:b8:51:
                    ab:fa:e5:99:4a:65:d1:27:02:49:2e:95:a1:5a:d4:
                    02:c7:db:7b:4c:c6:bd:d7:d7:d1:4e:7a:b5:23:22:
                    34:b0:69:bf:54:4d:ee:14:0d:19:11:ec:97:df:30:
                    24:48:00:c8:a8:13:a7:23:55:98:31:0b:56:ce:51:
                    21:95:b1:b3:a3:0c:01:5a:83:e8:2c:9a:1c:d1:17:
                    51:ae:d4:5d:97:29:86:ef:fc:78:b6:cd:bc:f4:71:
                    ac:f9:a5:f4:cf:42:24:bc:59:06:a0:e4:b7:e5:fd:
                    43:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:78:F8:DC:B4:27:F3:1A:24:D8:BE:27:F6:9F:76:ED:1E:1C:C5:96
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Fnj43LQn8xok2L4n9p927R4cxZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:63:2f:75:22:18:11:b7:57:3d:8e:52:cc:b9:b3:82:52:50:
         84:05:6c:79:ed:fa:d4:b1:63:2f:11:f2:62:4c:09:3b:6a:38:
         b3:a7:96:f9:a8:f2:3f:4d:ce:01:17:56:5e:7c:ee:7e:29:94:
         f1:81:6a:5b:ec:58:d7:90:b4:16:d5:49:50:1d:76:2a:5d:bd:
         81:73:4a:80:ff:45:25:dd:a3:7c:fb:f5:13:9a:c4:d7:b7:20:
         2b:a1:bb:2e:30:24:a4:34:bd:fe:05:4b:00:ab:68:1b:4a:73:
         33:e9:00:0a:e4:3a:26:7e:42:69:25:65:7e:3c:16:94:84:7b:
         60:4d:49:70:6c:33:15:a0:95:47:a3:65:1c:54:22:32:3e:01:
         31:2a:bf:f1:85:e8:f0:bb:45:ec:92:47:04:ff:c4:8f:71:94:
         60:8f:3c:38:05:cc:b9:88:04:00:5e:dc:bf:6d:1d:59:3a:0c:
         6b:7f:88:49:f9:4b:cd:ed:8c:5b:6f:c1:45:3e:c2:4e:f4:5a:
         5e:bd:a7:ff:f3:3b:13:b1:88:8c:c4:d7:25:63:d6:5e:47:a5:
         01:2b:00:ed:87:a3:dd:45:7e:f0:27:83:4d:dd:4c:ed:a3:fd:
         42:e0:7c:53:d8:6a:4d:7a:8a:42:02:3f:01:33:63:4f:26:8c:
         5a:60:c1:c5
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgsWGnfg4Q9h0QqhG2YVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjc4ZjhkY2I0MjdmMzFhMjRkOGJlMjdmNjlmNzZlZDFlMWNjNTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yWme+I0o+8prlUzru9lTc2iP4+n
KqTQ3skuUuiPNYFw54prDAEHE6Uw93XsbNE4N1aX8+wW1IRU8ZcdhLwnLNaz5koz
lYKz4vK3ZNPHC7cZ9Gx7JzEzfLXIfRA8YdZatHcyELlvVT8zcRztBNHo/QAuVgoO
xN6VSOX70VQ8J4R4+BJ69mEy0Ip4xcrGvOQYjCymuFGr+uWZSmXRJwJJLpWhWtQC
x9t7TMa919fRTnq1IyI0sGm/VE3uFA0ZEeyX3zAkSADIqBOnI1WYMQtWzlEhlbGz
owwBWoPoLJoc0RdRrtRdlymG7/x4ts289HGs+aX0z0IkvFkGoOS35f1DGwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFBZ4+Ny0J/MaJNi+J/afdu0eHMWWMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvRm5qNDNMUW44eG9rMkw0bjlwOTI3UjRjeFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAUGMvdSIYEbdXPY5SzLmzglJQhAVsee36
1LFjLxHyYkwJO2o4s6eW+ajyP03OARdWXnzufimU8YFqW+xY15C0FtVJUB12Kl29
gXNKgP9FJd2jfPv1E5rE17cgK6G7LjAkpDS9/gVLAKtoG0pzM+kACuQ6Jn5CaSVl
fjwWlIR7YE1JcGwzFaCVR6NlHFQiMj4BMSq/8YXo8LtF7JJHBP/Ej3GUYI88OAXM
uYgEAF7cv20dWToMa3+ISflLze2MW2/BRT7CTvRaXr2n//M7E7GIjMTXJWPWXkel
ASsA7Yej3UV+8CeDTd1M7aP9QuB8U9hqTXqKQgI/ATNjTyaMWmDBxQ==
-----END CERTIFICATE-----