Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/aNbnIJb17Dp0VHUtqIlm-fMStbM.roa
File:                     aNbnIJb17Dp0VHUtqIlm-fMStbM.roa (raw, json)
Hash identifier:          Xb3qHQGtAh1+LAkIxbZ/TkozDG6sRwJ+siUFWRQqAgU=
Subject key identifier:   68:D6:E7:20:96:F5:EC:3A:74:54:75:2D:A8:89:66:F9:F3:12:B5:B3
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82B700324FA55BC96157C934E72D89
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/aNbnIJb17Dp0VHUtqIlm-fMStbM.roa
Signing time:             Thu 26 Mar 2026 14:18:22 +0000
ROA not before:           Thu 26 Mar 2026 14:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396542
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:b7:00:32:4f:a5:5b:c9:61:57:c9:34:e7:2d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68d6e72096f5ec3a7454752da88966f9f312b5b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:eb:99:17:d6:15:99:ed:0f:7b:29:f1:cf:17:
                    ea:7e:f8:61:d6:f4:81:37:42:6a:42:ec:ea:9e:74:
                    53:11:af:19:ca:13:80:91:32:7c:57:94:52:66:4a:
                    cb:c1:d3:38:c2:da:a5:50:85:e5:e3:f3:9c:8d:38:
                    5e:31:15:fd:dc:0a:d5:8b:88:98:01:41:1a:d1:25:
                    27:42:50:df:66:64:54:66:5d:6e:78:6c:f1:7e:7b:
                    9b:2c:92:d0:95:6d:f2:28:3d:41:9c:93:cb:29:1e:
                    eb:f8:ef:26:0e:09:f4:be:78:d1:36:8f:28:84:dc:
                    d1:a9:05:1f:aa:a1:6b:3c:32:52:41:49:42:e6:a4:
                    ca:93:4f:7a:fb:30:25:5d:27:8d:9c:f8:8e:0d:2d:
                    f3:73:ff:b0:10:5a:ff:3c:87:41:3a:e5:84:07:a0:
                    1d:f3:46:ea:a2:ca:a3:19:11:f7:c4:7f:99:93:56:
                    ba:f2:3f:d9:d3:b3:41:22:7d:f5:0c:15:2b:42:08:
                    a2:24:bc:47:3a:9f:4a:5b:3f:84:b2:b5:de:fc:e4:
                    d8:52:70:93:66:b1:f5:5c:9f:74:9d:b0:2d:8e:5e:
                    0b:33:39:0c:19:1f:a1:35:0c:98:30:ff:97:4f:a3:
                    81:22:13:7e:03:84:e5:09:21:71:8b:9f:b3:25:62:
                    7f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D6:E7:20:96:F5:EC:3A:74:54:75:2D:A8:89:66:F9:F3:12:B5:B3
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/aNbnIJb17Dp0VHUtqIlm-fMStbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:4e:c3:7b:c9:a2:d0:a3:fa:63:1b:36:a3:96:ee:ed:e6:d5:
         bd:a4:31:90:e4:a4:f3:da:76:34:c2:60:b4:9a:17:79:e4:74:
         b2:9d:c9:1c:6e:13:f3:08:a7:19:c0:59:e3:6d:6c:d7:1d:32:
         25:08:3d:c1:b9:87:b9:17:72:7e:50:5e:ee:c7:5a:43:cc:d2:
         00:0f:2f:9a:68:59:cc:7a:41:f5:fb:d7:19:13:01:db:ef:a5:
         5f:78:6d:99:81:94:d9:08:22:82:28:c7:6a:d0:65:9c:06:f8:
         f2:5b:fc:2f:f8:59:1b:ac:35:e8:38:95:ea:c1:61:e4:c4:e0:
         70:4f:0b:e4:8a:fb:ea:6d:7c:e2:33:02:0b:d1:b5:6d:ff:a8:
         9f:18:a6:7c:e7:78:cf:e3:a6:f5:00:b1:33:14:20:86:6d:d1:
         ad:a2:13:09:35:eb:84:a3:8e:fb:19:ba:86:d3:38:6e:9f:a8:
         ba:f2:a8:0d:94:75:ab:c8:43:68:62:46:70:2f:c3:da:a9:f2:
         17:34:2c:ba:2c:72:e4:e5:60:34:cf:32:8a:73:1b:8f:00:0b:
         42:b2:d1:01:13:5b:7f:e6:f1:b7:a1:81:97:2f:ad:f5:b3:b7:
         4e:6c:2f:c9:9c:45:35:1b:03:57:72:4e:72:35:39:3b:e3:87:
         51:82:71:ae
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgrcAMk+lW8lhV8k05y2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ2ZTcyMDk2ZjVlYzNhNzQ1NDc1MmRhODg5NjZmOWYzMTJiNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+uZF9YVme0Peynxzxfqfvhh1vSB
N0JqQuzqnnRTEa8ZyhOAkTJ8V5RSZkrLwdM4wtqlUIXl4/OcjTheMRX93ArVi4iY
AUEa0SUnQlDfZmRUZl1ueGzxfnubLJLQlW3yKD1BnJPLKR7r+O8mDgn0vnjRNo8o
hNzRqQUfqqFrPDJSQUlC5qTKk096+zAlXSeNnPiODS3zc/+wEFr/PIdBOuWEB6Ad
80bqosqjGRH3xH+Zk1a68j/Z07NBIn31DBUrQgiiJLxHOp9KWz+EsrXe/OTYUnCT
ZrH1XJ90nbAtjl4LMzkMGR+hNQyYMP+XT6OBIhN+A4TlCSFxi5+zJWJ/BQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFGjW5yCW9ew6dFR1LaiJZvnzErWzMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvYU5ibklKYjE3RHAwVkhVdHFJbG0tZk1TdGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAKk7De8mi0KP6Yxs2o5bu7ebVvaQxkOSk
89p2NMJgtJoXeeR0sp3JHG4T8winGcBZ421s1x0yJQg9wbmHuRdyflBe7sdaQ8zS
AA8vmmhZzHpB9fvXGRMB2++lX3htmYGU2QgigijHatBlnAb48lv8L/hZG6w16DiV
6sFh5MTgcE8L5Ir76m184jMCC9G1bf+onximfOd4z+Om9QCxMxQghm3RraITCTXr
hKOO+xm6htM4bp+ouvKoDZR1q8hDaGJGcC/D2qnyFzQsuixy5OVgNM8yinMbjwAL
QrLRARNbf+bxt6GBly+t9bO3TmwvyZxFNRsDV3JOcjU5O+OHUYJxrg==
-----END CERTIFICATE-----