Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/S9k1OEJZlQDfc0lnMElKemF7Ypw.roa
File:                     S9k1OEJZlQDfc0lnMElKemF7Ypw.roa (raw, json)
Hash identifier:          KDFHp6EE5mCjkoHLweyN30A1CHZ8F1mEm4ogj6MTbsY=
Subject key identifier:   4B:D9:35:38:42:59:95:00:DF:73:49:67:30:49:4A:7A:61:7B:62:9C
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D3AFBCEEBA3396D81DBAEEBC69CF
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/S9k1OEJZlQDfc0lnMElKemF7Ypw.roa
Signing time:             Thu 26 Mar 2026 14:18:30 +0000
ROA not before:           Thu 26 Mar 2026 14:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396606
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d3:af:bc:ee:ba:33:96:d8:1d:ba:ee:bc:69:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bd9353842599500df73496730494a7a617b629c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a7:65:99:4a:2c:ce:4e:b6:6e:01:63:d2:02:
                    0a:28:b9:87:e7:24:e9:41:de:3c:8f:7f:e5:6f:6a:
                    cd:37:70:ca:48:8c:03:ac:72:3a:b1:97:4c:43:9d:
                    70:b0:01:d5:fe:55:b4:8d:2e:10:b9:ee:5d:2f:64:
                    de:f2:86:e7:a7:b7:b3:25:96:3d:eb:76:03:81:48:
                    e2:0d:a5:a8:4b:59:76:87:85:e9:bf:33:00:3d:c1:
                    e0:62:dd:e7:ed:6f:ed:17:8c:6a:a6:f9:e6:41:77:
                    cc:5e:a1:01:54:82:96:65:4d:70:db:d7:48:c2:5a:
                    2a:62:bc:15:d2:ad:19:cf:28:82:e8:41:c5:05:d8:
                    81:5f:91:19:4e:e3:8a:e0:04:34:83:5d:4d:c0:26:
                    f8:c9:3a:bb:5f:c0:4d:98:82:13:56:f5:d8:77:c5:
                    8c:a2:4c:96:0f:e4:8f:a7:37:4c:b1:03:c7:43:09:
                    5b:9a:be:93:5a:ed:f2:c2:d9:f8:3a:07:52:b5:7b:
                    37:30:58:7a:8c:de:b0:88:bb:20:92:63:7b:f3:36:
                    0d:18:d9:e3:4c:57:52:ca:23:82:29:e5:64:ff:c8:
                    63:0d:3e:f5:eb:3f:b7:f1:6a:62:2d:81:c6:1d:74:
                    9d:e1:0b:7b:d7:d6:5b:e6:3b:da:4f:a7:10:d9:c1:
                    e4:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D9:35:38:42:59:95:00:DF:73:49:67:30:49:4A:7A:61:7B:62:9C
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/S9k1OEJZlQDfc0lnMElKemF7Ypw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:3b:b4:76:54:b7:e2:a6:38:14:9a:3c:f9:e3:97:44:48:40:
         ac:69:c5:16:a9:26:46:e7:c0:27:20:48:99:04:c4:b7:82:df:
         fc:41:c2:b7:52:eb:9b:b3:56:f4:fd:ff:e5:17:3f:53:2f:37:
         2a:6a:96:11:cd:f0:99:75:4f:5e:d4:ad:ed:c7:74:5d:cc:e6:
         2a:21:a4:a5:20:5e:7b:50:c3:82:7e:3e:d3:8b:79:70:f3:d0:
         c3:41:59:a2:15:a9:fc:ba:26:30:72:ed:0d:e8:79:03:e1:7e:
         13:88:6c:ee:48:68:d0:32:4f:0e:ea:0e:ba:72:b9:d5:5b:4f:
         d7:2e:fb:0b:e1:a4:b9:de:a1:26:2c:8a:27:46:67:47:80:a7:
         d7:fb:69:ca:4f:f1:73:1e:6d:65:9f:ab:a8:d3:d3:2c:ef:3d:
         ca:d7:cc:72:db:f2:18:49:17:4b:9c:7d:38:a1:55:72:6f:f0:
         0e:d7:46:8c:b4:42:a1:c6:5d:31:58:f9:c2:db:12:73:24:7d:
         00:4d:ee:04:48:e4:67:30:f2:93:76:d9:e6:7a:27:4f:4e:dc:
         a7:ae:68:41:47:19:f1:d0:55:cf:02:1a:2f:cf:7e:2d:2c:93:
         5b:44:87:e5:f3:49:e3:16:3a:18:b9:19:22:d1:82:ef:00:7b:
         a6:23:17:d7
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtOvvO66M5bYHbruvGnPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQ5MzUzODQyNTk5NTAwZGY3MzQ5NjczMDQ5NGE3YTYxN2I2MjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyadlmUoszk62bgFj0gIKKLmH5yTp
Qd48j3/lb2rNN3DKSIwDrHI6sZdMQ51wsAHV/lW0jS4Que5dL2Te8obnp7ezJZY9
63YDgUjiDaWoS1l2h4XpvzMAPcHgYt3n7W/tF4xqpvnmQXfMXqEBVIKWZU1w29dI
wloqYrwV0q0ZzyiC6EHFBdiBX5EZTuOK4AQ0g11NwCb4yTq7X8BNmIITVvXYd8WM
okyWD+SPpzdMsQPHQwlbmr6TWu3ywtn4OgdStXs3MFh6jN6wiLsgkmN78zYNGNnj
TFdSyiOCKeVk/8hjDT716z+38WpiLYHGHXSd4Qt719Zb5jvaT6cQ2cHk+QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFEvZNThCWZUA33NJZzBJSnphe2KcMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvUzlrMU9FSlpsUURmYzBsbk1FbEtlbUY3WXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAwju0dlS34qY4FJo8+eOXREhArGnFFqkm
RufAJyBImQTEt4Lf/EHCt1Lrm7NW9P3/5Rc/Uy83KmqWEc3wmXVPXtSt7cd0Xczm
KiGkpSBee1DDgn4+04t5cPPQw0FZohWp/LomMHLtDeh5A+F+E4hs7kho0DJPDuoO
unK51VtP1y77C+Gkud6hJiyKJ0ZnR4Cn1/tpyk/xcx5tZZ+rqNPTLO89ytfMctvy
GEkXS5x9OKFVcm/wDtdGjLRCocZdMVj5wtsScyR9AE3uBEjkZzDyk3bZ5nonT07c
p65oQUcZ8dBVzwIaL89+LSyTW0SH5fNJ4xY6GLkZItGC7wB7piMX1w==
-----END CERTIFICATE-----