Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XSv2q8KOHScoYE9L2JzZFePRWbs.roa
File:                     XSv2q8KOHScoYE9L2JzZFePRWbs.roa (raw, json)
Hash identifier:          vb3PdfGG2sPTxiBQOXcEbJpeidwSMPAPpgzQC1QCwXk=
Subject key identifier:   5D:2B:F6:AB:C2:8E:1D:27:28:60:4F:4B:D8:9C:D9:15:E3:D1:59:BB
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82CEAC53BB87C10C4393F8DE4036B8
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XSv2q8KOHScoYE9L2JzZFePRWbs.roa
Signing time:             Thu 26 Mar 2026 14:18:28 +0000
ROA not before:           Thu 26 Mar 2026 14:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396594
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:ce:ac:53:bb:87:c1:0c:43:93:f8:de:40:36:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d2bf6abc28e1d2728604f4bd89cd915e3d159bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7a:16:75:19:e5:94:47:a1:db:52:a5:66:e6:
                    75:9a:93:2c:cb:95:94:45:b8:31:5c:d5:aa:36:51:
                    c8:ec:b3:b9:18:61:0e:38:bd:36:27:09:5f:ff:83:
                    61:e7:00:ab:b1:9b:65:b8:c1:55:c1:b9:fe:6d:b1:
                    19:f8:24:1e:a7:3d:53:89:05:c3:f8:f5:e0:d1:91:
                    01:91:4e:87:3d:65:43:f5:80:3d:36:c8:3f:86:17:
                    3f:a3:0a:91:e3:cf:55:86:1f:8f:d9:79:68:cb:27:
                    c3:41:1b:68:87:62:da:86:d8:3d:97:77:af:f4:69:
                    53:f4:15:14:ce:7b:7b:d6:58:c9:ba:43:4e:95:fe:
                    05:77:d5:66:36:ab:8c:1d:02:d1:80:cd:d8:85:ff:
                    c4:88:d4:ff:cf:67:ea:d4:77:50:bc:2a:c2:e7:9d:
                    ec:f0:f6:e2:83:cc:78:a6:ac:1b:e0:f5:c0:06:e5:
                    5d:84:f7:56:77:bf:25:d7:c1:57:b4:a5:56:f8:7a:
                    d5:af:6b:e0:47:06:76:6a:93:56:aa:68:eb:e2:4a:
                    3a:40:20:b7:34:4d:e7:51:64:aa:26:e4:6c:87:1f:
                    78:54:ac:4b:b7:8e:a7:1a:9d:cb:b3:8d:e1:7a:3c:
                    b7:07:ed:17:6a:ac:b5:c6:d4:13:a0:24:b9:42:d0:
                    ba:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:2B:F6:AB:C2:8E:1D:27:28:60:4F:4B:D8:9C:D9:15:E3:D1:59:BB
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XSv2q8KOHScoYE9L2JzZFePRWbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:52:90:71:dc:62:b5:ad:d5:07:8e:90:51:ca:a2:41:f5:35:
         ee:c2:ef:57:62:84:8f:fc:34:5c:2c:ba:f4:4d:06:03:a2:5f:
         21:3d:71:99:b6:fa:38:41:61:66:0a:cb:1b:6b:dd:6e:bf:03:
         c3:3f:80:05:91:5f:23:70:d7:e0:8b:69:7c:80:5d:53:a3:ff:
         ec:e4:12:09:96:13:c2:75:1f:3b:02:3c:d2:3d:b3:5f:ee:9e:
         c2:f3:7b:b9:3b:76:df:c6:0b:40:d4:c7:d2:d7:bf:75:da:13:
         d1:4c:ae:57:eb:97:e3:91:4d:f0:81:d7:61:0c:37:cd:4f:01:
         89:41:0f:6e:13:4d:e3:0b:76:e1:60:b2:ce:01:86:28:c0:22:
         50:ac:61:fb:7a:8b:2e:77:18:45:be:11:11:6e:46:c1:33:04:
         02:0d:f0:d8:c5:e2:ff:4d:7d:5e:df:1e:7e:8b:ee:3f:d4:05:
         cb:dd:f4:4f:19:be:1f:32:b0:05:3a:bb:fc:80:32:e6:fb:e3:
         9f:61:28:a8:b2:80:02:73:35:2b:0f:26:da:13:f8:1f:2d:c9:
         f1:96:26:16:10:10:35:9c:63:55:64:41:bd:90:6e:48:cb:56:
         bc:49:3f:5a:9c:a1:47:d0:8e:14:47:1d:1d:21:8b:af:25:72:
         73:be:b2:f2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgs6sU7uHwQxDk/jeQDa4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDJiZjZhYmMyOGUxZDI3Mjg2MDRmNGJkODljZDkxNWUzZDE1OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0noWdRnllEeh21KlZuZ1mpMsy5WU
RbgxXNWqNlHI7LO5GGEOOL02Jwlf/4Nh5wCrsZtluMFVwbn+bbEZ+CQepz1TiQXD
+PXg0ZEBkU6HPWVD9YA9Nsg/hhc/owqR489Vhh+P2XloyyfDQRtoh2Lahtg9l3ev
9GlT9BUUznt71ljJukNOlf4Fd9VmNquMHQLRgM3Yhf/EiNT/z2fq1HdQvCrC553s
8Pbig8x4pqwb4PXABuVdhPdWd78l18FXtKVW+HrVr2vgRwZ2apNWqmjr4ko6QCC3
NE3nUWSqJuRshx94VKxLt46nGp3Ls43hejy3B+0Xaqy1xtQToCS5QtC6sQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFF0r9qvCjh0nKGBPS9ic2RXj0Vm7MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWFN2MnE4S09IU2NvWUU5TDJKelpGZVBSV2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAQlKQcdxita3VB46QUcqiQfU17sLvV2KE
j/w0XCy69E0GA6JfIT1xmbb6OEFhZgrLG2vdbr8Dwz+ABZFfI3DX4ItpfIBdU6P/
7OQSCZYTwnUfOwI80j2zX+6ewvN7uTt238YLQNTH0te/ddoT0UyuV+uX45FN8IHX
YQw3zU8BiUEPbhNN4wt24WCyzgGGKMAiUKxh+3qLLncYRb4REW5GwTMEAg3w2MXi
/019Xt8efovuP9QFy930Txm+HzKwBTq7/IAy5vvjn2EoqLKAAnM1Kw8m2hP4Hy3J
8ZYmFhAQNZxjVWRBvZBuSMtWvEk/WpyhR9COFEcdHSGLryVyc76y8g==
-----END CERTIFICATE-----