Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/W_SB4P38o9CDNclYOZNBluerLnE.roa
File:                     W_SB4P38o9CDNclYOZNBluerLnE.roa (raw, json)
Hash identifier:          cuvSxaPgfjO6joicsDoF8JjvDiSB1yRYpBig6Oby4cY=
Subject key identifier:   5B:F4:81:E0:FD:FC:A3:D0:83:35:C9:58:39:93:41:96:E7:AB:2E:71
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82C27205A6E2E76B343E75391C7F25
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/W_SB4P38o9CDNclYOZNBluerLnE.roa
Signing time:             Thu 26 Mar 2026 14:18:25 +0000
ROA not before:           Thu 26 Mar 2026 14:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396571
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:c2:72:05:a6:e2:e7:6b:34:3e:75:39:1c:7f:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5bf481e0fdfca3d08335c95839934196e7ab2e71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:eb:fa:e5:45:7a:6e:9d:44:fd:f8:e8:54:1f:
                    c8:ab:f7:fc:cf:b9:f6:0b:0c:33:45:2b:97:05:89:
                    f9:c1:a4:2f:d6:6c:4e:41:b7:ac:48:15:39:bc:d3:
                    99:8a:2b:3d:27:c5:ef:62:18:57:ac:46:d5:88:b0:
                    a2:83:6f:ad:0e:89:ab:11:5a:26:61:02:b4:28:da:
                    69:f5:45:dc:a5:07:12:c1:00:aa:86:e0:b4:fe:1b:
                    d7:b6:96:21:2b:2a:6f:26:e6:4a:c2:0b:99:44:10:
                    5a:e1:aa:bf:76:06:67:c3:1b:4e:71:e0:b3:b3:61:
                    fc:38:25:a6:fa:30:83:a7:0f:18:98:59:89:66:10:
                    19:b9:e0:19:7f:3c:86:30:07:05:f7:21:74:8a:c9:
                    11:30:02:f6:74:c7:27:74:80:d7:84:d1:60:56:72:
                    c3:b1:51:1e:ff:3f:13:8e:5a:75:41:0c:85:02:41:
                    94:d9:1c:91:1e:62:47:51:4c:fc:f0:a7:59:73:bc:
                    d6:6e:9d:01:55:20:71:ab:b1:7a:0f:06:a7:00:b1:
                    29:90:84:ae:f5:a1:4c:f0:1f:b1:6c:54:8b:30:08:
                    9f:7e:91:f5:d3:c1:a6:b3:7b:3a:36:53:44:09:4a:
                    13:2c:1f:89:0d:de:bf:28:a8:65:b7:60:84:91:4a:
                    ef:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F4:81:E0:FD:FC:A3:D0:83:35:C9:58:39:93:41:96:E7:AB:2E:71
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/W_SB4P38o9CDNclYOZNBluerLnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:41:0a:7e:59:43:e9:7f:55:b3:5e:72:4b:d2:11:74:34:77:
         f6:92:8f:7e:fe:49:01:8f:ed:0c:63:a9:3b:7d:26:26:c0:ea:
         54:4b:b4:81:09:7c:dd:76:0c:00:14:e6:a7:24:8f:91:a0:fd:
         29:62:f0:64:2c:f7:e6:e0:d9:de:95:03:36:4e:26:0e:03:2f:
         1e:c4:07:10:bc:c1:31:c8:32:17:0b:7d:f6:61:6c:ec:74:e3:
         82:04:5f:a8:aa:61:8e:76:51:86:66:36:64:70:d7:78:84:78:
         03:f5:02:c9:26:6a:8d:94:8f:86:7d:ce:cd:8d:a0:97:99:48:
         74:76:b7:e2:5d:9f:a6:42:fa:5c:cb:cf:f2:0a:2d:1d:b6:97:
         4b:d6:11:a3:0d:18:d6:86:36:26:ee:69:3f:38:97:25:a2:01:
         b5:ea:b6:26:2d:32:5a:d4:f2:e1:33:e9:09:95:dc:41:f7:88:
         a0:0b:18:52:b2:5f:6f:2b:fc:25:41:1f:a8:41:cc:68:b5:0f:
         35:a1:37:1c:01:af:42:e5:78:f8:dd:33:00:e8:c4:74:e4:17:
         f8:18:e2:be:ed:b4:94:7a:7d:7a:cc:8d:a1:8d:97:68:31:86:
         e9:f0:29:0c:64:02:44:84:87:a1:44:f7:87:c0:22:e0:2f:f5:
         78:6d:fa:54
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgsJyBabi52s0PnU5HH8lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmY0ODFlMGZkZmNhM2QwODMzNWM5NTgzOTkzNDE5NmU3YWIyZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmev65UV6bp1E/fjoVB/Iq/f8z7n2
CwwzRSuXBYn5waQv1mxOQbesSBU5vNOZiis9J8XvYhhXrEbViLCig2+tDomrEVom
YQK0KNpp9UXcpQcSwQCqhuC0/hvXtpYhKypvJuZKwguZRBBa4aq/dgZnwxtOceCz
s2H8OCWm+jCDpw8YmFmJZhAZueAZfzyGMAcF9yF0iskRMAL2dMcndIDXhNFgVnLD
sVEe/z8Tjlp1QQyFAkGU2RyRHmJHUUz88KdZc7zWbp0BVSBxq7F6DwanALEpkISu
9aFM8B+xbFSLMAiffpH108Gms3s6NlNECUoTLB+JDd6/KKhlt2CEkUrvyQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFFv0geD9/KPQgzXJWDmTQZbnqy5xMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvV19TQjRQMzhvOUNETmNsWU9aTkJsdWVyTG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAA0EKfllD6X9Vs15yS9IRdDR39pKPfv5J
AY/tDGOpO30mJsDqVEu0gQl83XYMABTmpySPkaD9KWLwZCz35uDZ3pUDNk4mDgMv
HsQHELzBMcgyFwt99mFs7HTjggRfqKphjnZRhmY2ZHDXeIR4A/UCySZqjZSPhn3O
zY2gl5lIdHa34l2fpkL6XMvP8gotHbaXS9YRow0Y1oY2Ju5pPziXJaIBteq2Ji0y
WtTy4TPpCZXcQfeIoAsYUrJfbyv8JUEfqEHMaLUPNaE3HAGvQuV4+N0zAOjEdOQX
+Bjivu20lHp9esyNoY2XaDGG6fApDGQCRISHoUT3h8Ai4C/1eG36VA==
-----END CERTIFICATE-----