Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/bHbCazmSRBZ7VWkWCAsK4e2mcpc.roa
File:                     bHbCazmSRBZ7VWkWCAsK4e2mcpc.roa (raw, json)
Hash identifier:          mx1nuAsf8/Z4W6MGI0cyLZUhpF389N0JcQY6iQKgE6c=
Subject key identifier:   6C:76:C2:6B:39:92:44:16:7B:55:69:16:08:0B:0A:E1:ED:A6:72:97
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82BE30156CCE3DB614109A9F91DC1F
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/bHbCazmSRBZ7VWkWCAsK4e2mcpc.roa
Signing time:             Thu 26 Mar 2026 14:18:24 +0000
ROA not before:           Thu 26 Mar 2026 14:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396560
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:be:30:15:6c:ce:3d:b6:14:10:9a:9f:91:dc:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c76c26b399244167b556916080b0ae1eda67297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8a:78:f4:0f:0b:cd:1e:d6:1f:52:00:2a:21:
                    03:1d:27:73:3b:45:be:db:69:85:ce:87:24:15:17:
                    a4:a2:86:6c:77:f8:3c:42:36:26:a4:85:25:8c:19:
                    63:4d:13:5f:03:6f:d0:ea:33:6c:3f:4e:78:b2:7e:
                    6b:6c:2e:42:66:c8:5e:aa:8e:99:3e:47:cd:ae:00:
                    1a:9a:59:fc:c5:63:86:41:53:ed:77:6a:6d:c2:bf:
                    25:8f:39:45:fe:73:de:00:14:af:28:1c:1a:8d:55:
                    8b:80:49:e2:4a:2e:c9:da:6e:60:ed:b5:b6:08:31:
                    68:4c:b4:68:12:a7:c3:14:a7:27:2b:7f:97:af:2f:
                    f7:b6:16:35:b4:ea:b6:b1:37:6a:45:27:ae:04:d6:
                    37:38:be:8c:ff:54:3e:51:ec:ea:00:11:a7:87:b1:
                    01:62:67:a6:05:6b:cb:ff:bb:67:c6:e6:2f:d3:78:
                    13:fd:28:45:e5:75:9a:21:e9:43:25:c2:8b:8d:4d:
                    76:25:a9:3e:f0:4e:b4:fc:b7:1e:b5:29:65:4d:d5:
                    19:a2:04:a5:44:7f:f1:f2:fe:c9:1f:6e:9c:27:00:
                    41:63:f4:97:1c:60:d9:ae:d4:af:54:36:51:9c:15:
                    12:d9:89:61:d5:a1:f4:bc:a5:45:53:62:91:0d:2f:
                    cf:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:76:C2:6B:39:92:44:16:7B:55:69:16:08:0B:0A:E1:ED:A6:72:97
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/bHbCazmSRBZ7VWkWCAsK4e2mcpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:64:d0:5a:eb:d9:a1:de:71:cd:41:d0:59:40:bd:a4:51:d1:
         a0:6f:58:d4:98:04:66:00:aa:af:78:5d:6d:47:7a:c7:28:61:
         66:64:d7:bc:70:a6:2a:43:f8:c7:ad:16:88:64:6b:89:5b:aa:
         12:4e:d4:e9:a9:6f:14:76:9f:46:3b:49:55:dc:a4:a1:bf:ed:
         f8:f1:27:a6:3c:f4:2a:74:61:07:ff:a7:44:ce:74:10:94:bd:
         d3:0a:4e:28:be:b4:4a:1f:0e:a1:cd:63:82:20:13:88:46:a4:
         7f:dd:0b:7e:1b:1a:b8:b2:81:70:4f:7e:78:2a:79:f8:81:ed:
         b3:dc:17:08:d0:39:ab:ff:36:5d:a4:55:7e:8e:f7:04:12:29:
         71:08:79:89:76:77:81:1b:b3:0f:3a:b1:3b:75:b1:5f:33:7d:
         4b:50:98:96:4f:ee:15:a4:9d:02:b9:93:a0:94:f5:18:e3:b6:
         7e:30:a3:0c:b9:89:14:0c:61:4e:1c:a3:b9:95:21:f8:d9:c1:
         56:1c:e8:5f:5d:34:59:bc:c7:64:a7:c5:3a:30:d7:4a:a9:f1:
         0e:29:ad:a3:03:74:90:15:10:db:b1:5a:cb:1e:37:52:a5:2d:
         82:be:09:ce:ff:26:12:45:dc:46:51:16:67:47:d7:c1:a7:ed:
         d9:d8:ef:f8
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgr4wFWzOPbYUEJqfkdwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzc2YzI2YjM5OTI0NDE2N2I1NTY5MTYwODBiMGFlMWVkYTY3Mjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqop49A8LzR7WH1IAKiEDHSdzO0W+
22mFzockFRekooZsd/g8QjYmpIUljBljTRNfA2/Q6jNsP054sn5rbC5CZsheqo6Z
PkfNrgAamln8xWOGQVPtd2ptwr8ljzlF/nPeABSvKBwajVWLgEniSi7J2m5g7bW2
CDFoTLRoEqfDFKcnK3+Xry/3thY1tOq2sTdqRSeuBNY3OL6M/1Q+UezqABGnh7EB
YmemBWvL/7tnxuYv03gT/ShF5XWaIelDJcKLjU12Jak+8E60/LcetSllTdUZogSl
RH/x8v7JH26cJwBBY/SXHGDZrtSvVDZRnBUS2Ylh1aH0vKVFU2KRDS/PDQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFGx2wms5kkQWe1VpFggLCuHtpnKXMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvYkhiQ2F6bVNSQlo3VldrV0NBc0s0ZTJtY3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAOGTQWuvZod5xzUHQWUC9pFHRoG9Y1JgE
ZgCqr3hdbUd6xyhhZmTXvHCmKkP4x60WiGRriVuqEk7U6alvFHafRjtJVdykob/t
+PEnpjz0KnRhB/+nRM50EJS90wpOKL60Sh8Ooc1jgiATiEakf90LfhsauLKBcE9+
eCp5+IHts9wXCNA5q/82XaRVfo73BBIpcQh5iXZ3gRuzDzqxO3WxXzN9S1CYlk/u
FaSdArmToJT1GOO2fjCjDLmJFAxhThyjuZUh+NnBVhzoX100WbzHZKfFOjDXSqnx
DimtowN0kBUQ27Fayx43UqUtgr4Jzv8mEkXcRlEWZ0fXwaft2djv+A==
-----END CERTIFICATE-----