Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/I2gLKGTlUdNymWaqyLeKSITELM0.roa
File:                     I2gLKGTlUdNymWaqyLeKSITELM0.roa (raw, json)
Hash identifier:          vHbR6rxvw5iedNNDMFjhVuBpFD8gLDemNTvVI3wJ8YA=
Subject key identifier:   23:68:0B:28:64:E5:51:D3:72:99:66:AA:C8:B7:8A:48:84:C4:2C:CD
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D0CD4D34878E1E0CA1C199C6214B
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/I2gLKGTlUdNymWaqyLeKSITELM0.roa
Signing time:             Thu 26 Mar 2026 14:18:29 +0000
ROA not before:           Thu 26 Mar 2026 14:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396599
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d0:cd:4d:34:87:8e:1e:0c:a1:c1:99:c6:21:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23680b2864e551d3729966aac8b78a4884c42ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b1:53:08:8d:77:f6:dc:45:bc:28:05:5d:96:
                    cd:5e:ff:c1:14:ef:9f:0a:3d:f0:91:18:39:9a:a4:
                    a3:c0:1e:1d:9e:74:c0:3b:1c:7e:23:84:5e:4c:a2:
                    0a:12:c7:54:49:52:38:43:4f:bd:91:f4:b1:24:60:
                    92:6b:73:ad:1c:18:c3:4f:4a:5b:92:31:9c:73:ba:
                    22:de:07:9f:84:83:95:36:fb:45:71:78:bf:cb:22:
                    16:64:13:50:41:54:a9:f1:e1:fa:b8:b5:d3:5a:1b:
                    5e:ee:fa:91:6b:64:63:41:a3:ad:95:95:16:47:b1:
                    c9:28:bf:bd:11:34:92:00:73:76:1f:0a:d6:21:b9:
                    bb:ee:68:8d:51:b6:a5:2d:1f:e1:50:be:da:e1:e4:
                    e9:24:69:92:30:4f:4d:56:31:72:e7:7e:aa:38:cb:
                    20:cc:49:fd:60:a8:0c:13:1c:98:b4:1b:e6:7c:5a:
                    e5:a0:e2:dd:e0:15:e9:d9:03:a0:bd:b2:da:e2:f1:
                    8d:c2:fa:74:36:4c:b9:f3:bb:ef:24:e4:f1:8a:cb:
                    f4:69:a8:a2:55:32:82:ed:94:7f:a8:d6:47:0c:a8:
                    80:0b:fc:88:dc:aa:9e:8f:ca:89:4a:4d:e9:ab:fe:
                    6b:21:41:18:21:12:11:aa:79:ca:1a:91:fa:aa:72:
                    0f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:68:0B:28:64:E5:51:D3:72:99:66:AA:C8:B7:8A:48:84:C4:2C:CD
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/I2gLKGTlUdNymWaqyLeKSITELM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:e1:70:76:b5:19:ce:62:cf:7b:e4:26:a3:49:26:2d:c6:db:
         ae:f1:d0:ea:f3:d0:9d:74:d8:42:60:14:38:ae:3d:71:af:3d:
         6c:64:d1:75:ed:dd:53:33:da:d4:1e:46:ee:b3:7e:2c:e5:66:
         f5:fb:a0:7a:f9:bc:97:b8:5d:4b:cf:04:eb:9f:17:b7:6e:95:
         66:b8:d8:98:cf:f6:46:ce:75:e2:6b:d6:6d:a3:d2:7a:76:a3:
         74:67:ce:6f:d0:0d:5a:4f:92:d9:54:90:83:25:67:1e:04:e0:
         b3:b6:18:79:77:ef:88:cc:b3:5d:31:c0:13:bb:e3:c6:62:ca:
         9f:ca:fc:dd:e3:7f:a6:b4:0d:43:03:73:0e:ed:39:63:e6:da:
         ab:c1:33:5c:a4:53:8e:39:ac:3b:35:b0:e8:61:41:98:25:6f:
         4d:53:19:6a:d8:ef:8d:0b:c0:6c:e0:87:84:b4:0f:f2:11:5c:
         19:50:b8:2c:1d:b0:d0:3f:f0:54:a1:d1:73:7c:8e:24:73:7f:
         f0:3a:15:cb:ed:a7:c7:f9:38:fe:e9:9e:35:a4:b5:36:45:55:
         14:36:13:97:dd:a6:c3:15:10:19:62:c1:71:d7:2c:af:cc:aa:
         e4:0c:ee:02:fa:91:a6:e9:1a:94:18:33:c1:0d:ef:74:bb:3f:
         67:28:d8:fa
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtDNTTSHjh4MocGZxiFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzY4MGIyODY0ZTU1MWQzNzI5OTY2YWFjOGI3OGE0ODg0YzQyY2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorFTCI139txFvCgFXZbNXv/BFO+f
Cj3wkRg5mqSjwB4dnnTAOxx+I4ReTKIKEsdUSVI4Q0+9kfSxJGCSa3OtHBjDT0pb
kjGcc7oi3gefhIOVNvtFcXi/yyIWZBNQQVSp8eH6uLXTWhte7vqRa2RjQaOtlZUW
R7HJKL+9ETSSAHN2HwrWIbm77miNUbalLR/hUL7a4eTpJGmSME9NVjFy536qOMsg
zEn9YKgMExyYtBvmfFrloOLd4BXp2QOgvbLa4vGNwvp0Nky587vvJOTxisv0aaii
VTKC7ZR/qNZHDKiAC/yI3Kqej8qJSk3pq/5rIUEYIRIRqnnKGpH6qnIPjQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFCNoCyhk5VHTcplmqsi3ikiExCzNMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvSTJnTEtHVGxVZE55bVdhcXlMZUtTSVRFTE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAKOFwdrUZzmLPe+Qmo0kmLcbbrvHQ6vPQ
nXTYQmAUOK49ca89bGTRde3dUzPa1B5G7rN+LOVm9fugevm8l7hdS88E658Xt26V
ZrjYmM/2Rs514mvWbaPSenajdGfOb9ANWk+S2VSQgyVnHgTgs7YYeXfviMyzXTHA
E7vjxmLKn8r83eN/prQNQwNzDu05Y+baq8EzXKRTjjmsOzWw6GFBmCVvTVMZatjv
jQvAbOCHhLQP8hFcGVC4LB2w0D/wVKHRc3yOJHN/8DoVy+2nx/k4/umeNaS1NkVV
FDYTl92mwxUQGWLBcdcsr8yq5AzuAvqRpukalBgzwQ3vdLs/ZyjY+g==
-----END CERTIFICATE-----