Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/TbEcYSHGUJhWbnd6njOWFlm88XI.roa
File:                     TbEcYSHGUJhWbnd6njOWFlm88XI.roa (raw, json)
Hash identifier:          mNmSqiEU8iTI4DgycygwPc6K9UUI+jjDsfxkNyfbIlQ=
Subject key identifier:   4D:B1:1C:61:21:C6:50:98:56:6E:77:7A:9E:33:96:16:59:BC:F1:72
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82AE83E1194E1985632BFCDFE755A1
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/TbEcYSHGUJhWbnd6njOWFlm88XI.roa
Signing time:             Thu 26 Mar 2026 14:18:20 +0000
ROA not before:           Thu 26 Mar 2026 14:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36620
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:ae:83:e1:19:4e:19:85:63:2b:fc:df:e7:55:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4db11c6121c65098566e777a9e33961659bcf172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d2:4b:92:ce:28:61:4e:3b:ec:a3:18:39:db:
                    6f:57:b9:91:ee:78:c3:99:8d:0f:6d:22:98:7f:8d:
                    0f:4b:0a:a6:53:9f:58:74:f5:d8:57:d9:33:9b:dc:
                    e7:68:ea:07:bf:5a:e5:b0:2f:dc:3c:8d:38:9c:e1:
                    72:8b:c1:db:3d:b6:d8:24:5a:83:66:bc:bb:9d:d5:
                    da:74:64:f8:8d:40:6d:4a:6e:66:31:b4:fa:9a:d6:
                    f0:ce:09:86:bc:b2:69:f6:51:fb:10:eb:9c:99:ee:
                    8b:ef:96:d4:7a:35:08:cd:c1:45:7e:f2:0d:af:01:
                    ff:73:01:3e:09:ac:fd:97:28:ae:38:bb:f1:70:35:
                    c0:08:8a:49:8c:4e:29:5a:6e:ab:3c:02:80:d0:64:
                    0b:6b:67:97:c5:a9:b2:46:29:8f:0f:3f:5a:6b:0e:
                    97:b1:55:3f:fd:2f:ee:9e:61:95:e2:95:4d:70:2f:
                    be:0f:d0:03:95:14:12:42:89:b8:bc:d2:0b:79:ef:
                    56:20:11:b3:88:be:e2:13:bc:f3:f4:44:19:79:5a:
                    e9:d7:61:6f:bc:2e:87:24:72:af:40:aa:4b:f5:fb:
                    c0:0e:ad:17:8f:e7:f9:51:39:de:d0:6c:0b:34:50:
                    d3:3e:f4:45:f0:0e:53:7e:1f:b0:ae:a6:ba:ee:79:
                    b7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B1:1C:61:21:C6:50:98:56:6E:77:7A:9E:33:96:16:59:BC:F1:72
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/TbEcYSHGUJhWbnd6njOWFlm88XI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:24:58:f5:a1:68:fc:9d:fa:87:4f:be:1a:83:2b:74:47:28:
         11:f6:c0:7e:66:ae:94:58:e6:7c:88:c1:8a:58:d8:6b:9d:d5:
         6d:7d:ad:3a:86:8c:c7:cc:d6:31:ef:da:4d:63:98:08:73:8a:
         0b:ef:69:e1:0c:a8:f9:cb:ba:19:02:a6:79:74:4a:a4:b7:7f:
         a1:d0:57:11:84:38:6a:54:fe:72:4b:1f:c0:32:38:c1:9c:12:
         37:19:4c:3d:81:9f:9b:07:67:d3:d7:a6:5f:d7:02:ef:d5:1f:
         c3:d9:3d:c6:6f:89:f7:be:c0:37:30:4a:c2:ca:1a:0d:05:ad:
         3a:9f:28:f1:4a:c3:8e:41:5f:0e:f6:69:0e:cd:e1:ee:9a:95:
         e4:cd:ba:42:74:c1:88:4b:86:4b:ab:f8:90:50:6d:de:3d:25:
         2c:56:96:de:18:6d:38:b1:84:1c:66:85:03:ac:92:1d:28:82:
         fe:23:87:c2:6c:71:83:cd:29:d5:3d:8d:2b:22:ae:12:8a:64:
         89:89:ba:48:5a:53:41:e0:4a:30:2b:1f:6d:f2:4c:7f:31:18:
         49:b9:58:17:d0:50:cd:35:c6:5d:a7:a8:70:98:e4:b3:90:92:
         07:50:18:45:41:2e:fc:53:44:f4:8e:62:34:b6:f5:5a:8d:70:
         e7:d4:0b:89
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgq6D4RlOGYVjK/zf51WhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGIxMWM2MTIxYzY1MDk4NTY2ZTc3N2E5ZTMzOTYxNjU5YmNmMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9JLks4oYU477KMYOdtvV7mR7njD
mY0PbSKYf40PSwqmU59YdPXYV9kzm9znaOoHv1rlsC/cPI04nOFyi8HbPbbYJFqD
Zry7ndXadGT4jUBtSm5mMbT6mtbwzgmGvLJp9lH7EOucme6L75bUejUIzcFFfvIN
rwH/cwE+Caz9lyiuOLvxcDXACIpJjE4pWm6rPAKA0GQLa2eXxamyRimPDz9aaw6X
sVU//S/unmGV4pVNcC++D9ADlRQSQom4vNILee9WIBGziL7iE7zz9EQZeVrp12Fv
vC6HJHKvQKpL9fvADq0Xj+f5UTne0GwLNFDTPvRF8A5Tfh+wrqa67nm3xwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFE2xHGEhxlCYVm53ep4zlhZZvPFyMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvVGJFY1lTSEdVSmhXYm5kNm5qT1dGbG04OFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAXiRY9aFo/J36h0++GoMrdEcoEfbAfmau
lFjmfIjBiljYa53VbX2tOoaMx8zWMe/aTWOYCHOKC+9p4Qyo+cu6GQKmeXRKpLd/
odBXEYQ4alT+cksfwDI4wZwSNxlMPYGfmwdn09emX9cC79Ufw9k9xm+J977ANzBK
wsoaDQWtOp8o8UrDjkFfDvZpDs3h7pqV5M26QnTBiEuGS6v4kFBt3j0lLFaW3hht
OLGEHGaFA6ySHSiC/iOHwmxxg80p1T2NKyKuEopkiYm6SFpTQeBKMCsfbfJMfzEY
SblYF9BQzTXGXaeocJjks5CSB1AYRUEu/FNE9I5iNLb1Wo1w59QLiQ==
-----END CERTIFICATE-----