Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZRIID4Q_duESj67r0yTD0668yXE.roa
File:                     ZRIID4Q_duESj67r0yTD0668yXE.roa (raw, json)
Hash identifier:          Rur3zOaXJg+/RoIHqWFoaPjDB7nGQrECQ8J718PdnQ0=
Subject key identifier:   65:12:08:0F:84:3F:76:E1:12:8F:AE:EB:D3:24:C3:D3:AE:BC:C9:71
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82BDB697F811BF1425B5473720DF36
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZRIID4Q_duESj67r0yTD0668yXE.roa
Signing time:             Thu 26 Mar 2026 14:18:24 +0000
ROA not before:           Thu 26 Mar 2026 14:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396555
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:bd:b6:97:f8:11:bf:14:25:b5:47:37:20:df:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6512080f843f76e1128faeebd324c3d3aebcc971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a6:75:45:ee:cf:bc:1a:12:a2:11:6a:ea:5a:
                    e2:64:31:52:1d:df:04:60:8c:0b:ef:6e:66:61:4a:
                    0e:59:ff:fe:9a:f1:c3:b6:59:75:94:26:8e:3b:7c:
                    47:89:a4:12:0f:7c:03:a3:a8:5d:df:be:33:8a:2b:
                    28:fd:48:12:e6:61:7b:83:b4:14:1d:40:6f:d0:d0:
                    53:2a:00:55:18:c0:76:b9:22:e0:75:cf:6b:8f:5a:
                    aa:9f:b6:b2:53:18:53:15:cc:45:eb:2c:5d:7a:b2:
                    32:cc:11:13:ff:87:e6:b8:c0:fc:18:75:96:e3:fa:
                    61:35:f0:5a:50:fb:52:e8:c1:7e:02:65:3e:a1:0c:
                    f8:9f:84:ba:d1:b5:c4:9a:ee:bb:30:ee:b4:9d:42:
                    09:3d:45:3c:fe:9b:32:01:64:27:a5:76:f0:8e:58:
                    4f:bb:a4:6c:b5:b8:b6:cf:ba:4c:ae:ce:c5:35:fe:
                    f8:aa:46:33:1f:80:a3:51:6b:95:7f:99:50:26:01:
                    96:d2:df:e9:34:25:4f:b4:c2:6d:70:1a:b9:76:4b:
                    0e:4c:23:63:27:35:67:40:b4:34:48:5c:9b:dd:b4:
                    7e:6c:d5:a1:be:f3:39:3a:0a:0a:e8:bf:28:ac:46:
                    5f:7d:8d:27:c7:07:7f:5f:45:07:61:ee:ac:cb:93:
                    4d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:12:08:0F:84:3F:76:E1:12:8F:AE:EB:D3:24:C3:D3:AE:BC:C9:71
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZRIID4Q_duESj67r0yTD0668yXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:21:93:cd:57:58:bc:9b:0e:8d:87:b6:f2:f6:76:55:88:29:
         14:69:5f:9d:7f:07:a5:d9:3d:82:02:d3:2f:cf:2d:6b:94:82:
         81:4d:93:8b:46:d7:c9:6a:db:32:39:13:54:5d:ad:f8:80:f2:
         0e:0a:74:d2:66:10:70:99:b8:97:d6:63:2e:d9:db:14:e2:59:
         29:51:67:6e:12:f7:0b:d5:d9:0d:18:d2:3f:e3:08:67:db:2f:
         a8:ba:fa:af:95:3c:8f:95:53:12:98:4f:1f:b3:16:67:39:a5:
         80:09:37:94:05:b7:f8:35:fc:34:05:9f:71:42:90:b8:0d:21:
         75:bb:4a:17:d4:42:3e:0f:45:f5:d3:5d:a8:ec:1e:bc:f9:f1:
         e1:64:98:5c:bb:93:2f:49:65:ff:77:21:d0:bc:a0:eb:88:8b:
         30:3b:92:6d:0c:22:1a:89:e0:77:a5:d1:b2:b2:7f:46:7b:08:
         b2:83:e2:9b:39:5f:29:cf:d3:d1:8a:0c:78:81:38:41:b1:22:
         6c:d4:03:92:0e:6a:c7:59:f6:f7:2a:14:0f:15:0f:40:e7:05:
         80:d5:3a:2c:85:75:1f:b4:b8:49:c5:22:0c:c3:1e:1c:b9:53:
         c3:a7:75:fd:ad:a3:26:3d:d8:36:b5:c6:84:d1:17:52:9c:78:
         e7:c2:3e:0e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgr22l/gRvxQltUc3IN82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTEyMDgwZjg0M2Y3NmUxMTI4ZmFlZWJkMzI0YzNkM2FlYmNjOTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6Z1Re7PvBoSohFq6lriZDFSHd8E
YIwL725mYUoOWf/+mvHDtll1lCaOO3xHiaQSD3wDo6hd374ziiso/UgS5mF7g7QU
HUBv0NBTKgBVGMB2uSLgdc9rj1qqn7ayUxhTFcxF6yxderIyzBET/4fmuMD8GHWW
4/phNfBaUPtS6MF+AmU+oQz4n4S60bXEmu67MO60nUIJPUU8/psyAWQnpXbwjlhP
u6Rstbi2z7pMrs7FNf74qkYzH4CjUWuVf5lQJgGW0t/pNCVPtMJtcBq5dksOTCNj
JzVnQLQ0SFyb3bR+bNWhvvM5OgoK6L8orEZffY0nxwd/X0UHYe6sy5NNIQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFGUSCA+EP3bhEo+u69Mkw9OuvMlxMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWlJJSUQ0UV9kdUVTajY3cjB5VEQwNjY4eVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAnCGTzVdYvJsOjYe28vZ2VYgpFGlfnX8H
pdk9ggLTL88ta5SCgU2Ti0bXyWrbMjkTVF2t+IDyDgp00mYQcJm4l9ZjLtnbFOJZ
KVFnbhL3C9XZDRjSP+MIZ9svqLr6r5U8j5VTEphPH7MWZzmlgAk3lAW3+DX8NAWf
cUKQuA0hdbtKF9RCPg9F9dNdqOwevPnx4WSYXLuTL0ll/3ch0Lyg64iLMDuSbQwi
Gongd6XRsrJ/RnsIsoPimzlfKc/T0YoMeIE4QbEibNQDkg5qx1n29yoUDxUPQOcF
gNU6LIV1H7S4ScUiDMMeHLlTw6d1/a2jJj3YNrXGhNEXUpx458I+Dg==
-----END CERTIFICATE-----