Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KH3ylExoDUB_FaAMA-Nne_RGh6s.roa
File:                     KH3ylExoDUB_FaAMA-Nne_RGh6s.roa (raw, json)
Hash identifier:          N/SB/gZ/BscbYidhFhLLjeImV+pYz61c/benNxDARlc=
Subject key identifier:   28:7D:F2:94:4C:68:0D:40:7F:15:A0:0C:03:E3:67:7B:F4:46:87:AB
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82E0DD2BC1A9FEE6B2921D0A2CB7F6
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KH3ylExoDUB_FaAMA-Nne_RGh6s.roa
Signing time:             Thu 26 Mar 2026 14:18:33 +0000
ROA not before:           Thu 26 Mar 2026 14:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397210
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:e0:dd:2b:c1:a9:fe:e6:b2:92:1d:0a:2c:b7:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=287df2944c680d407f15a00c03e3677bf44687ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a9:e6:e0:53:67:05:7b:6c:83:a7:e0:87:66:
                    5c:65:03:40:f6:cf:5f:94:42:76:c1:d8:27:93:f1:
                    e1:39:8a:cf:8d:cf:51:0e:66:78:07:3f:3c:4f:76:
                    f7:0b:72:a3:fb:97:04:be:0e:e7:c3:a4:c0:d0:96:
                    9b:47:73:a9:33:4b:98:3d:da:79:cb:7c:b1:a0:59:
                    33:c8:6d:23:7f:cc:1e:ad:bc:a8:19:3a:e8:ac:56:
                    f3:2d:fd:79:e9:a6:b4:19:43:76:37:62:49:61:10:
                    59:77:e0:e7:c1:bb:af:5d:10:b5:65:de:57:dc:77:
                    43:bc:5b:04:29:61:ea:75:e0:be:83:d7:a4:e9:48:
                    d1:8b:2c:7b:84:a7:19:9e:d4:a1:18:c1:46:36:3f:
                    14:8f:88:fb:cc:52:7f:6f:92:56:a1:3a:81:f1:33:
                    01:42:aa:8e:ae:c6:a6:ab:d1:57:82:0c:c0:e6:96:
                    08:6c:81:b5:80:29:92:64:d4:39:88:ba:c9:ee:9d:
                    f5:1d:e2:f3:17:da:6e:e6:29:5e:f0:c5:7b:3c:78:
                    3a:53:50:e5:b2:77:02:56:2c:b1:cb:2e:56:35:32:
                    73:7b:34:be:e9:f8:4c:1e:55:3d:5c:ff:83:0c:a0:
                    a2:ad:b1:ae:30:e4:22:75:c2:93:f3:aa:6d:d1:7a:
                    64:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:7D:F2:94:4C:68:0D:40:7F:15:A0:0C:03:E3:67:7B:F4:46:87:AB
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KH3ylExoDUB_FaAMA-Nne_RGh6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:47:d2:ff:fc:f3:ec:b7:cd:78:e5:35:36:fa:d5:76:1b:7d:
         d1:55:95:a0:0f:d2:d2:40:a8:3c:2d:db:59:64:77:84:e6:98:
         a0:40:ee:a2:f9:0b:26:9f:5e:02:8e:c3:c2:64:48:dc:4a:66:
         3e:a7:92:81:d0:0b:d0:75:f8:e6:20:4e:17:47:b6:7b:cb:a2:
         0c:4c:df:22:75:ab:b8:77:04:a4:09:4e:43:44:8d:71:f4:97:
         78:59:40:80:41:2a:65:7e:86:68:70:32:69:5b:f9:51:51:1c:
         6f:b4:4a:4c:f6:a8:71:b5:3e:1d:63:d2:e7:f2:46:6d:af:08:
         52:cb:7b:99:bd:d2:10:37:b9:cf:13:c0:26:f4:95:65:82:c3:
         26:93:3c:ba:e7:33:3d:33:df:aa:f1:c3:07:e9:cd:5c:6f:16:
         22:ba:66:3f:b9:80:58:fe:62:85:ca:a6:f9:ff:16:2d:9f:b5:
         b9:f0:e3:d8:ca:bc:7a:3a:b7:0d:1a:0a:18:88:cf:4a:03:05:
         64:27:04:cc:0b:26:a5:f1:3d:5f:d5:db:40:db:b5:85:32:80:
         07:0e:33:f2:5d:7e:28:27:95:d1:18:c6:50:53:35:71:c2:0b:
         5c:74:a8:7c:d4:ee:7b:e4:b7:b3:7a:bf:16:c5:58:74:61:d8:
         70:f8:d7:b1
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qguDdK8Gp/uaykh0KLLf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODdkZjI5NDRjNjgwZDQwN2YxNWEwMGMwM2UzNjc3YmY0NDY4N2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Knm4FNnBXtsg6fgh2ZcZQNA9s9f
lEJ2wdgnk/HhOYrPjc9RDmZ4Bz88T3b3C3Kj+5cEvg7nw6TA0JabR3OpM0uYPdp5
y3yxoFkzyG0jf8werbyoGTrorFbzLf156aa0GUN2N2JJYRBZd+DnwbuvXRC1Zd5X
3HdDvFsEKWHqdeC+g9ek6UjRiyx7hKcZntShGMFGNj8Uj4j7zFJ/b5JWoTqB8TMB
QqqOrsamq9FXggzA5pYIbIG1gCmSZNQ5iLrJ7p31HeLzF9pu5ile8MV7PHg6U1Dl
sncCViyxyy5WNTJzezS+6fhMHlU9XP+DDKCirbGuMOQidcKT86pt0XpkXQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFCh98pRMaA1AfxWgDAPjZ3v0RoerMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvS0gzeWxFeG9EVUJfRmFBTUEtTm5lX1JHaDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAgEfS//zz7LfNeOU1NvrVdht90VWVoA/S
0kCoPC3bWWR3hOaYoEDuovkLJp9eAo7DwmRI3EpmPqeSgdAL0HX45iBOF0e2e8ui
DEzfInWruHcEpAlOQ0SNcfSXeFlAgEEqZX6GaHAyaVv5UVEcb7RKTPaocbU+HWPS
5/JGba8IUst7mb3SEDe5zxPAJvSVZYLDJpM8uuczPTPfqvHDB+nNXG8WIrpmP7mA
WP5ihcqm+f8WLZ+1ufDj2Mq8ejq3DRoKGIjPSgMFZCcEzAsmpfE9X9XbQNu1hTKA
Bw4z8l1+KCeV0RjGUFM1ccILXHSofNTue+S3s3q/FsVYdGHYcPjXsQ==
-----END CERTIFICATE-----