Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZemBlmzKMW6rrvL-tqp0s9YIW-M.roa
File:                     ZemBlmzKMW6rrvL-tqp0s9YIW-M.roa (raw, json)
Hash identifier:          spDkpyc4OHfNCXOEpVcC4Rqe+vpC6W2xpwek0vr7RmQ=
Subject key identifier:   65:E9:81:96:6C:CA:31:6E:AB:AE:F2:FE:B6:AA:74:B3:D6:08:5B:E3
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82ACFE7D8C2C98409B8C97F8E4642A
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZemBlmzKMW6rrvL-tqp0s9YIW-M.roa
Signing time:             Thu 26 Mar 2026 14:18:20 +0000
ROA not before:           Thu 26 Mar 2026 14:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36616
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:ac:fe:7d:8c:2c:98:40:9b:8c:97:f8:e4:64:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65e981966cca316eabaef2feb6aa74b3d6085be3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b1:fe:b9:7e:96:1f:6c:05:19:f3:a9:78:a1:
                    bf:a2:ed:31:97:2d:83:8a:58:8f:7c:2e:2a:06:90:
                    b1:5a:9b:f6:ae:f6:26:c4:96:17:3f:9f:39:ba:a5:
                    9d:ff:66:af:58:36:93:b4:9b:93:cb:4e:b8:d1:4e:
                    fc:09:90:97:6e:c4:32:d7:c8:d5:28:f0:df:c6:0e:
                    85:e6:fb:04:5a:24:24:0a:cb:97:89:e3:d9:1e:3e:
                    6e:4e:5c:29:99:89:64:0f:4f:1a:de:c6:fc:2d:d1:
                    6d:7a:ea:c4:7a:09:fc:5d:a3:ca:79:b8:2a:60:f4:
                    14:6d:bf:15:2d:5f:ab:b6:dd:82:cd:1d:5f:3e:8a:
                    be:ea:0d:4a:76:f8:f7:85:ad:6e:8a:d9:af:3c:2d:
                    0d:e3:ea:a3:21:ae:23:18:5d:01:b1:80:e0:7e:eb:
                    40:bd:39:ca:a4:6a:67:ea:0b:c1:e2:05:97:95:23:
                    ce:a0:9e:66:2f:58:cb:96:e5:32:80:f4:51:39:d6:
                    fd:e2:7e:45:55:cf:49:8c:e6:34:ec:3c:44:e4:9c:
                    5a:dd:de:a5:0f:6d:5e:f1:a1:c8:28:2f:f1:42:dd:
                    36:5e:2c:cf:2d:36:cf:f6:22:96:e1:e1:67:e0:61:
                    17:48:2b:d3:b8:aa:88:0d:04:3a:2e:98:3c:ab:2d:
                    35:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E9:81:96:6C:CA:31:6E:AB:AE:F2:FE:B6:AA:74:B3:D6:08:5B:E3
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ZemBlmzKMW6rrvL-tqp0s9YIW-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:04:ec:29:b1:17:6a:2b:b3:8a:12:e3:27:b3:ab:56:33:3b:
         63:5b:74:2e:72:dc:a1:94:c1:7c:e1:d7:c4:16:da:f3:15:ea:
         e4:8e:93:69:12:de:a7:da:af:3c:47:55:8c:30:f2:b8:b2:52:
         2a:c5:44:ab:17:65:78:c3:86:fb:03:d4:1a:9f:c5:9a:df:d4:
         cb:31:fa:e2:f7:47:8d:c5:42:21:bd:ca:e5:e7:3e:22:c9:49:
         59:8c:ac:80:72:b6:6b:42:e8:a6:95:aa:57:44:44:55:54:a2:
         68:b9:fe:2a:d3:88:c4:74:73:3c:f1:82:71:cf:b9:ac:39:4b:
         b1:51:eb:d2:f4:c7:25:b8:42:66:5c:9f:24:b5:fb:6d:90:0f:
         62:85:77:13:a5:4e:86:8c:fd:2f:ac:b4:70:49:f3:18:45:ba:
         48:6c:c4:f1:77:c1:28:11:ff:29:0b:5d:7e:8c:e5:a0:f3:38:
         2e:8b:e7:f3:8f:79:0b:27:18:ba:3f:7f:1b:f9:a2:a8:60:ba:
         84:97:67:7d:21:96:79:e1:65:b8:1d:37:ca:6f:2d:1c:ff:9e:
         ef:3a:f0:72:78:f1:bf:b0:1c:1d:5f:db:e4:2d:be:1d:9b:53:
         d5:4e:2c:12:8b:b8:6d:89:32:d9:ab:70:c6:14:92:3f:b2:3a:
         b1:9c:ad:fa
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgqz+fYwsmECbjJf45GQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWU5ODE5NjZjY2EzMTZlYWJhZWYyZmViNmFhNzRiM2Q2MDg1YmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7H+uX6WH2wFGfOpeKG/ou0xly2D
iliPfC4qBpCxWpv2rvYmxJYXP585uqWd/2avWDaTtJuTy0640U78CZCXbsQy18jV
KPDfxg6F5vsEWiQkCsuXiePZHj5uTlwpmYlkD08a3sb8LdFteurEegn8XaPKebgq
YPQUbb8VLV+rtt2CzR1fPoq+6g1Kdvj3ha1uitmvPC0N4+qjIa4jGF0BsYDgfutA
vTnKpGpn6gvB4gWXlSPOoJ5mL1jLluUygPRROdb94n5FVc9JjOY07DxE5Jxa3d6l
D21e8aHIKC/xQt02XizPLTbP9iKW4eFn4GEXSCvTuKqIDQQ6Lpg8qy01JQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFGXpgZZsyjFuq67y/raqdLPWCFvjMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWmVtQmxtektNVzZycnZMLXRxcDBzOVlJVy1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAXQTsKbEXaiuzihLjJ7OrVjM7Y1t0LnLc
oZTBfOHXxBba8xXq5I6TaRLep9qvPEdVjDDyuLJSKsVEqxdleMOG+wPUGp/Fmt/U
yzH64vdHjcVCIb3K5ec+IslJWYysgHK2a0LoppWqV0REVVSiaLn+KtOIxHRzPPGC
cc+5rDlLsVHr0vTHJbhCZlyfJLX7bZAPYoV3E6VOhoz9L6y0cEnzGEW6SGzE8XfB
KBH/KQtdfozloPM4Lovn8495CycYuj9/G/miqGC6hJdnfSGWeeFluB03ym8tHP+e
7zrwcnjxv7AcHV/b5C2+HZtT1U4sEou4bYky2atwxhSSP7I6sZyt+g==
-----END CERTIFICATE-----