Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/dR5OEUexM_iIYfPm6s0XVnzJ2CE.roa
File:                     dR5OEUexM_iIYfPm6s0XVnzJ2CE.roa (raw, json)
Hash identifier:          PKjaRgi1OGTHXhABjPsxUxnStIjnFHQ/40g/y6dlFS8=
Subject key identifier:   75:1E:4E:11:47:B1:33:F8:88:61:F3:E6:EA:CD:17:56:7C:C9:D8:21
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D584D3ECE1306E40CBD330796C07
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/dR5OEUexM_iIYfPm6s0XVnzJ2CE.roa
Signing time:             Thu 26 Mar 2026 14:18:30 +0000
ROA not before:           Thu 26 Mar 2026 14:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396613
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d5:84:d3:ec:e1:30:6e:40:cb:d3:30:79:6c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=751e4e1147b133f88861f3e6eacd17567cc9d821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1f:54:f9:d6:6d:01:e2:83:72:1c:d3:3b:b1:
                    99:55:33:bb:13:f3:b8:79:95:a6:1b:d2:4c:58:8f:
                    24:3e:ad:4d:c9:68:9e:3b:72:df:c6:8c:02:48:34:
                    ef:3e:e7:a4:22:17:d2:87:d3:48:d0:7f:72:50:8a:
                    36:90:d7:32:b4:f8:6e:e6:07:55:52:db:a7:44:fc:
                    26:9e:72:98:7e:57:f0:fa:40:3e:ab:2a:ad:c8:7a:
                    85:42:7c:23:44:08:0e:13:3f:02:a5:62:62:66:16:
                    07:7a:c6:ce:6f:f6:55:64:2e:cf:1d:d5:83:2c:c0:
                    f4:c6:8b:2d:28:d9:d3:b7:37:b6:f6:c3:61:e7:ac:
                    7a:5f:92:bc:02:85:ea:84:bb:db:cf:42:5c:27:c0:
                    5c:2b:01:10:f5:49:30:63:7b:72:cf:d6:ad:96:cf:
                    d5:15:bf:a5:46:68:85:79:6c:70:c2:a0:c2:43:81:
                    9a:61:e9:9f:60:87:c9:12:2c:9a:79:48:c1:98:bd:
                    40:f3:87:ac:45:aa:e6:38:2a:54:6a:e2:8d:50:89:
                    41:9f:32:d6:d7:40:73:14:81:8c:65:85:39:c5:e5:
                    f2:19:38:76:32:71:cc:34:06:d6:23:67:ed:4b:15:
                    6c:e2:26:c5:31:65:92:27:26:ee:8b:79:54:7c:bc:
                    c7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:1E:4E:11:47:B1:33:F8:88:61:F3:E6:EA:CD:17:56:7C:C9:D8:21
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/dR5OEUexM_iIYfPm6s0XVnzJ2CE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:81:3a:7c:a8:79:ba:5d:48:04:cd:bb:c4:50:75:ca:72:e0:
         8e:cd:ed:a1:27:c9:84:c3:7c:9c:27:3a:75:56:de:8e:05:24:
         a7:c3:1f:0d:e9:5c:c1:22:ca:6d:ec:19:0f:2b:fb:1c:38:76:
         4f:d0:2b:4c:16:13:fa:72:1e:ae:a9:f5:47:a1:94:47:88:f8:
         5d:8c:d1:cb:15:74:5c:ea:0b:aa:1b:e0:22:e3:d1:9b:51:37:
         69:5c:6c:9f:c9:d4:f8:03:18:3e:39:7d:17:a1:24:38:2a:8d:
         eb:ab:85:0f:db:f8:4b:65:9a:6f:79:73:39:fe:1d:9a:61:a2:
         44:3d:4c:a7:ff:c1:c5:67:2f:44:9a:3b:35:c2:e7:fb:3f:16:
         ea:06:7c:ec:e3:ad:05:38:41:ef:ba:93:94:bd:7e:e5:cc:b4:
         62:ba:ec:33:29:36:a5:a9:03:5a:96:80:e2:f0:4f:a1:d9:82:
         d2:10:e6:c7:e1:10:ee:b5:c1:23:22:fa:48:3f:00:38:7a:82:
         a4:a7:06:5a:e9:c9:5d:15:5e:45:91:9f:82:3a:cb:e0:a4:2f:
         7f:8a:cd:d5:52:09:1f:c4:37:b1:04:e1:51:f4:be:c5:ed:d6:
         e7:fd:f2:70:0e:e4:df:35:ec:75:35:3f:86:28:4d:03:ad:be:
         3c:a6:cd:20
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtWE0+zhMG5Ay9MweWwHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTFlNGUxMTQ3YjEzM2Y4ODg2MWYzZTZlYWNkMTc1NjdjYzlkODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlh9U+dZtAeKDchzTO7GZVTO7E/O4
eZWmG9JMWI8kPq1NyWieO3LfxowCSDTvPuekIhfSh9NI0H9yUIo2kNcytPhu5gdV
UtunRPwmnnKYflfw+kA+qyqtyHqFQnwjRAgOEz8CpWJiZhYHesbOb/ZVZC7PHdWD
LMD0xostKNnTtze29sNh56x6X5K8AoXqhLvbz0JcJ8BcKwEQ9UkwY3tyz9atls/V
Fb+lRmiFeWxwwqDCQ4GaYemfYIfJEiyaeUjBmL1A84esRarmOCpUauKNUIlBnzLW
10BzFIGMZYU5xeXyGTh2MnHMNAbWI2ftSxVs4ibFMWWSJybui3lUfLzHzQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFHUeThFHsTP4iGHz5urNF1Z8ydghMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvZFI1T0VVZXhNX2lJWWZQbTZzMFhWbnpKMkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAc4E6fKh5ul1IBM27xFB1ynLgjs3toSfJ
hMN8nCc6dVbejgUkp8MfDelcwSLKbewZDyv7HDh2T9ArTBYT+nIerqn1R6GUR4j4
XYzRyxV0XOoLqhvgIuPRm1E3aVxsn8nU+AMYPjl9F6EkOCqN66uFD9v4S2Wab3lz
Of4dmmGiRD1Mp//BxWcvRJo7NcLn+z8W6gZ87OOtBThB77qTlL1+5cy0YrrsMyk2
pakDWpaA4vBPodmC0hDmx+EQ7rXBIyL6SD8AOHqCpKcGWunJXRVeRZGfgjrL4KQv
f4rN1VIJH8Q3sQThUfS+xe3W5/3ycA7k3zXsdTU/hihNA62+PKbNIA==
-----END CERTIFICATE-----