Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Jehd8IGEqhrhRUVarO_ljJqhiJ8.roa
File:                     Jehd8IGEqhrhRUVarO_ljJqhiJ8.roa (raw, json)
Hash identifier:          AJfsjr6vaZ88M62Pg+6LDlqaNnuOGUFFyAFBhHLG9aE=
Subject key identifier:   25:E8:5D:F0:81:84:AA:1A:E1:45:45:5A:AC:EF:E5:8C:9A:A1:88:9F
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D9D30F6CD34F4F130EF2A04DB0CB
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Jehd8IGEqhrhRUVarO_ljJqhiJ8.roa
Signing time:             Thu 26 Mar 2026 14:18:31 +0000
ROA not before:           Thu 26 Mar 2026 14:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397197
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d9:d3:0f:6c:d3:4f:4f:13:0e:f2:a0:4d:b0:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25e85df08184aa1ae145455aacefe58c9aa1889f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:4e:78:e0:cf:3b:6d:13:0f:aa:1c:31:40:2f:
                    87:b9:1a:dc:a9:7a:1e:11:e9:06:71:c7:13:4a:e6:
                    5d:bb:24:60:1f:6a:5e:3f:a9:54:7a:e9:2d:dd:eb:
                    46:e9:23:16:1c:00:8e:5b:7c:8f:ce:4b:31:3e:29:
                    c8:60:8d:97:04:dd:09:f2:d1:72:d8:90:9f:f0:61:
                    42:8f:54:e3:c9:92:e1:f1:61:33:85:9a:29:94:ad:
                    0d:4a:dd:0c:37:12:b1:f8:9b:d7:87:e5:12:ab:c8:
                    61:fe:d5:d8:d8:a1:a2:24:10:97:09:2b:aa:1f:dc:
                    2b:85:e6:49:1b:bb:a8:0e:68:72:54:aa:2a:b9:e8:
                    0b:46:2e:fc:4d:de:e9:f3:ae:c7:90:6f:1d:2e:00:
                    dc:66:68:7e:bf:8d:cd:46:96:96:84:69:bf:3f:6c:
                    e5:a3:c8:8d:91:c5:5f:ad:45:0b:4d:6f:35:66:47:
                    bf:5a:75:50:4f:ac:43:ec:d9:db:4a:2c:68:e5:c7:
                    09:1e:5c:47:89:77:23:8f:b7:79:d2:a6:58:ca:bb:
                    ce:12:cb:55:20:f6:fa:55:45:06:bb:ae:c8:a3:c0:
                    5d:ba:f3:1a:00:50:a7:04:55:93:c3:06:9b:22:90:
                    3d:b9:29:9d:9b:24:51:eb:db:8a:b3:19:28:99:3e:
                    dd:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:E8:5D:F0:81:84:AA:1A:E1:45:45:5A:AC:EF:E5:8C:9A:A1:88:9F
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Jehd8IGEqhrhRUVarO_ljJqhiJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:3c:86:a7:a9:a2:fa:13:f6:5d:1c:d4:d4:18:30:93:f9:8b:
         b3:20:a3:ac:a9:00:ff:cd:a7:fb:3e:48:27:39:e4:1a:84:c7:
         9f:ee:6e:e1:18:82:48:e7:ab:2e:77:0d:e3:5d:f9:f4:e0:f5:
         4d:24:33:b8:d9:5b:04:8d:1b:58:26:66:9f:9b:a3:a0:3a:2b:
         a5:d1:55:eb:d3:54:e3:2f:33:d3:d2:d1:a3:2e:39:9e:34:ca:
         4d:76:11:cc:ea:3c:d1:02:b1:e6:48:3f:4e:02:3e:99:08:7e:
         56:4b:e2:6a:96:c5:09:b2:0a:14:b6:99:4e:ce:0d:97:0f:55:
         85:77:b3:36:4f:00:ff:03:25:84:fe:81:12:16:90:80:02:50:
         96:49:80:f5:41:3b:f6:8c:e3:a1:07:c3:ef:96:d9:96:61:63:
         b3:2d:7e:58:9c:ae:7f:98:52:26:d6:1b:34:89:2c:f0:b0:aa:
         55:15:ec:da:70:05:1c:f7:c7:91:4c:4d:24:f9:3b:78:a9:03:
         91:79:27:cd:3f:67:2c:a0:3e:3a:c6:b4:ce:15:98:d9:10:b7:
         2a:88:6e:a4:48:61:07:6c:21:a4:04:01:9c:2a:0b:e1:55:70:
         b5:e0:5b:13:3d:c9:38:58:b0:1b:a0:69:02:57:60:1d:6d:be:
         54:36:07:4a
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtnTD2zTT08TDvKgTbDLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWU4NWRmMDgxODRhYTFhZTE0NTQ1NWFhY2VmZTU4YzlhYTE4ODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8E544M87bRMPqhwxQC+HuRrcqXoe
EekGcccTSuZduyRgH2peP6lUeukt3etG6SMWHACOW3yPzksxPinIYI2XBN0J8tFy
2JCf8GFCj1TjyZLh8WEzhZoplK0NSt0MNxKx+JvXh+USq8hh/tXY2KGiJBCXCSuq
H9wrheZJG7uoDmhyVKoquegLRi78Td7p867HkG8dLgDcZmh+v43NRpaWhGm/P2zl
o8iNkcVfrUULTW81Zke/WnVQT6xD7NnbSixo5ccJHlxHiXcjj7d50qZYyrvOEstV
IPb6VUUGu67Io8BduvMaAFCnBFWTwwabIpA9uSmdmyRR69uKsxkomT7dHQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFCXoXfCBhKoa4UVFWqzv5YyaoYifMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvSmVoZDhJR0VxaHJoUlVWYXJPX2xqSnFoaUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAdjyGp6mi+hP2XRzU1Bgwk/mLsyCjrKkA
/82n+z5IJznkGoTHn+5u4RiCSOerLncN41359OD1TSQzuNlbBI0bWCZmn5ujoDor
pdFV69NU4y8z09LRoy45njTKTXYRzOo80QKx5kg/TgI+mQh+VkviapbFCbIKFLaZ
Ts4Nlw9VhXezNk8A/wMlhP6BEhaQgAJQlkmA9UE79ozjoQfD75bZlmFjsy1+WJyu
f5hSJtYbNIks8LCqVRXs2nAFHPfHkUxNJPk7eKkDkXknzT9nLKA+Osa0zhWY2RC3
KohupEhhB2whpAQBnCoL4VVwteBbEz3JOFiwG6BpAldgHW2+VDYHSg==
-----END CERTIFICATE-----