Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/PrV_f9CFMc4I-kRP6-7cHQPj9LA.roa
File:                     PrV_f9CFMc4I-kRP6-7cHQPj9LA.roa (raw, json)
Hash identifier:          U3Sx7HVtHDH4+ariBnnzInQ2K9fxR4yXiMRl2kqRUhY=
Subject key identifier:   3E:B5:7F:7F:D0:85:31:CE:08:FA:44:4F:EB:EE:DC:1D:03:E3:F4:B0
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D36DADB02AC415E359E2E7007CEA
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/PrV_f9CFMc4I-kRP6-7cHQPj9LA.roa
Signing time:             Thu 26 Mar 2026 14:18:29 +0000
ROA not before:           Thu 26 Mar 2026 14:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396605
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d3:6d:ad:b0:2a:c4:15:e3:59:e2:e7:00:7c:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3eb57f7fd08531ce08fa444febeedc1d03e3f4b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:67:80:0e:c9:4a:06:26:99:53:5d:f2:dc:0a:
                    c2:11:23:17:1e:7e:30:87:af:e8:a0:d9:c3:4a:65:
                    da:ea:dd:af:e0:48:0a:28:47:7e:76:c1:f5:76:64:
                    66:3b:48:c7:8e:da:f9:cf:39:c6:8d:5f:18:e9:a8:
                    e3:f4:3a:c1:7c:c9:01:ad:ba:94:c1:15:ae:48:21:
                    d9:89:bb:eb:8e:2d:0a:cd:0b:c6:a0:ff:c8:6b:dc:
                    a9:73:ed:9b:38:32:40:29:ed:82:68:a5:ff:12:46:
                    6c:b5:4f:d2:f7:94:91:7b:cb:2d:40:be:b1:a5:00:
                    50:34:49:74:a7:a0:5c:11:cc:85:05:7c:23:92:c6:
                    1b:8e:63:e7:6b:ad:a1:2a:51:eb:4a:2f:0d:e7:8b:
                    f7:16:da:fc:1c:e2:5f:b4:fd:1c:71:8b:db:bf:9b:
                    30:14:af:9e:e0:ac:fa:f2:d4:5e:f5:82:9f:87:52:
                    c4:58:3a:84:b0:b9:ae:50:06:99:39:a2:7f:ea:2d:
                    ac:1a:b0:0b:58:78:79:85:49:ba:27:c7:c5:76:f8:
                    d5:90:14:74:ed:4e:ae:f9:d8:c6:23:2b:59:22:32:
                    03:ac:89:0b:99:6c:a8:bb:44:3c:11:ba:86:2b:c7:
                    65:ef:81:32:4c:0d:e0:f6:e3:f9:d3:dc:d2:f1:7b:
                    c3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B5:7F:7F:D0:85:31:CE:08:FA:44:4F:EB:EE:DC:1D:03:E3:F4:B0
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/PrV_f9CFMc4I-kRP6-7cHQPj9LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:94:28:3e:dd:d7:f2:f5:b4:49:cd:c4:28:67:a7:43:65:1a:
         58:16:56:ab:79:34:b7:72:1c:de:d2:32:92:97:88:f2:92:76:
         ce:78:66:79:fd:2e:f8:0f:2c:1e:cd:69:33:55:77:90:37:5a:
         9e:ed:2c:db:6a:85:f8:aa:03:17:27:0b:08:5a:6b:ee:9c:e2:
         c2:da:28:3b:83:b4:cf:0b:5d:f7:98:e9:b6:c5:68:dc:20:50:
         f7:68:36:46:d6:c1:a2:02:94:f7:a0:96:f5:8d:26:0e:65:73:
         98:6b:98:f1:cd:09:aa:17:42:aa:f6:e3:d0:9f:04:d2:1d:da:
         cb:e3:2b:55:7b:71:a9:69:7b:93:b7:77:78:cd:3c:9d:59:27:
         e6:9c:81:75:2b:ca:70:86:41:f0:13:6d:74:59:65:d7:c2:c3:
         9d:d8:0f:71:a3:b5:66:9c:7d:4c:19:20:bc:df:9e:01:b2:b4:
         1f:83:b5:21:3b:8c:11:0f:8a:78:10:56:bc:e0:4a:ab:06:77:
         e9:b2:fb:74:c1:d4:6b:69:4b:b3:c7:de:64:68:40:3c:b7:5e:
         1a:5c:e6:06:6f:23:ab:79:04:29:4b:3d:3a:7c:2f:87:e2:fd:
         0d:4f:bc:4e:a8:29:30:03:0f:b9:f2:bc:e9:b0:26:c2:c2:36:
         45:02:ab:03
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtNtrbAqxBXjWeLnAHzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI1N2Y3ZmQwODUzMWNlMDhmYTQ0NGZlYmVlZGMxZDAzZTNmNGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGeADslKBiaZU13y3ArCESMXHn4w
h6/ooNnDSmXa6t2v4EgKKEd+dsH1dmRmO0jHjtr5zznGjV8Y6ajj9DrBfMkBrbqU
wRWuSCHZibvrji0KzQvGoP/Ia9ypc+2bODJAKe2CaKX/EkZstU/S95SRe8stQL6x
pQBQNEl0p6BcEcyFBXwjksYbjmPna62hKlHrSi8N54v3Ftr8HOJftP0ccYvbv5sw
FK+e4Kz68tRe9YKfh1LEWDqEsLmuUAaZOaJ/6i2sGrALWHh5hUm6J8fFdvjVkBR0
7U6u+djGIytZIjIDrIkLmWyou0Q8EbqGK8dl74EyTA3g9uP509zS8XvDywIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFD61f3/QhTHOCPpET+vu3B0D4/SwMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvUHJWX2Y5Q0ZNYzRJLWtSUDYtN2NIUVBqOUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAr5QoPt3X8vW0Sc3EKGenQ2UaWBZWq3k0
t3Ic3tIykpeI8pJ2znhmef0u+A8sHs1pM1V3kDdanu0s22qF+KoDFycLCFpr7pzi
wtooO4O0zwtd95jptsVo3CBQ92g2RtbBogKU96CW9Y0mDmVzmGuY8c0JqhdCqvbj
0J8E0h3ay+MrVXtxqWl7k7d3eM08nVkn5pyBdSvKcIZB8BNtdFll18LDndgPcaO1
Zpx9TBkgvN+eAbK0H4O1ITuMEQ+KeBBWvOBKqwZ36bL7dMHUa2lLs8feZGhAPLde
GlzmBm8jq3kEKUs9Onwvh+L9DU+8TqgpMAMPufK86bAmwsI2RQKrAw==
-----END CERTIFICATE-----