Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/g_lhUeEuWdEbmmFPgmBKP1ibayg.roa
File:                     g_lhUeEuWdEbmmFPgmBKP1ibayg.roa (raw, json)
Hash identifier:          0oKQXuWLVqZmnFDnCmEnpDAl2Gr1Po9b5FGVhbf68/w=
Subject key identifier:   83:F9:61:51:E1:2E:59:D1:1B:9A:61:4F:82:60:4A:3F:58:9B:6B:28
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D2D6FB002D0307781DAD46BE99C3
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/g_lhUeEuWdEbmmFPgmBKP1ibayg.roa
Signing time:             Thu 26 Mar 2026 14:18:29 +0000
ROA not before:           Thu 26 Mar 2026 14:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396604
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d2:d6:fb:00:2d:03:07:78:1d:ad:46:be:99:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83f96151e12e59d11b9a614f82604a3f589b6b28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f6:b7:e5:1e:aa:60:8b:22:6d:08:04:38:7d:
                    ac:9d:7a:03:2c:03:8a:4f:d3:cf:b2:ec:68:3e:50:
                    8e:77:98:33:e2:6e:94:15:31:87:bb:a2:f9:c3:77:
                    cc:55:a3:ca:fc:33:0a:cc:86:50:b6:b6:eb:07:1e:
                    45:8c:68:b8:0c:e1:c6:3b:de:e5:26:79:eb:a4:f0:
                    2d:df:54:31:c4:79:6f:68:aa:85:2a:6f:bd:34:8c:
                    00:77:1c:26:0d:b0:3d:44:3c:db:12:cd:5f:fa:d1:
                    f8:e5:0f:5a:1a:fe:a6:75:e9:d4:c5:17:6c:03:e2:
                    1b:3d:62:4d:5e:f8:ac:84:51:31:92:00:8d:3a:aa:
                    fb:7c:06:f4:02:8d:ba:6c:4d:db:2d:7a:42:70:7d:
                    14:7e:5b:c4:1c:12:67:86:37:d4:fc:bd:97:c3:e5:
                    2a:bc:8a:99:e1:57:0b:5e:6a:6c:6a:03:2a:35:98:
                    ac:f0:90:20:18:9b:67:df:01:07:85:9b:3d:e9:64:
                    8c:ca:26:d9:25:25:8d:d7:a0:ae:a7:88:e0:f8:26:
                    35:a5:02:cf:bd:b3:46:28:b1:e0:9b:b3:f7:88:0b:
                    cb:94:70:b0:d7:17:cd:b7:f6:19:36:f1:3c:8e:51:
                    75:ca:37:f1:d7:be:54:96:e6:cf:02:01:ea:c0:e7:
                    f8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F9:61:51:E1:2E:59:D1:1B:9A:61:4F:82:60:4A:3F:58:9B:6B:28
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/g_lhUeEuWdEbmmFPgmBKP1ibayg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:6e:8a:29:3a:80:d0:22:29:e3:dd:b8:99:0f:ae:27:cd:b6:
         05:e1:7d:19:79:1e:94:b9:06:61:4a:06:c4:9a:42:a4:10:9f:
         9e:e0:3e:99:71:5d:6d:ca:58:9f:c3:3e:21:13:d8:38:f4:8d:
         df:9d:01:cb:56:1d:92:5f:75:08:2f:9b:88:3a:ff:e9:c8:a6:
         1d:ea:94:c8:f8:20:59:df:40:a7:d9:6f:b3:05:7d:42:bd:79:
         bf:0a:02:ec:e0:67:81:71:ec:d2:e2:aa:76:32:1e:6d:2f:c9:
         a4:0c:c6:35:dc:2b:b7:e3:79:da:03:a7:e4:e0:95:06:13:38:
         ac:2e:36:a0:51:ac:11:c9:be:37:77:2e:97:2b:d1:05:fa:49:
         e6:b7:1e:d3:eb:c9:b8:e6:73:ad:8f:92:8c:af:52:c0:09:eb:
         48:79:c1:31:bd:59:c7:90:27:91:73:6e:32:ba:05:9b:98:96:
         dd:05:84:72:d9:e4:d0:12:1e:6e:10:9c:e0:0c:1f:bc:48:a3:
         e9:dd:e5:04:6f:6d:a0:6d:3e:0f:8e:90:a8:31:80:89:f5:ac:
         14:89:a3:77:73:c2:47:93:bc:95:46:e0:b9:a1:fa:32:3b:9d:
         15:7c:d3:8b:69:65:50:f0:f8:e7:7f:69:76:2a:96:e5:6d:fd:
         f9:12:f7:dc
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtLW+wAtAwd4Ha1GvpnDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Y5NjE1MWUxMmU1OWQxMWI5YTYxNGY4MjYwNGEzZjU4OWI2YjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfa35R6qYIsibQgEOH2snXoDLAOK
T9PPsuxoPlCOd5gz4m6UFTGHu6L5w3fMVaPK/DMKzIZQtrbrBx5FjGi4DOHGO97l
JnnrpPAt31QxxHlvaKqFKm+9NIwAdxwmDbA9RDzbEs1f+tH45Q9aGv6mdenUxRds
A+IbPWJNXvishFExkgCNOqr7fAb0Ao26bE3bLXpCcH0UflvEHBJnhjfU/L2Xw+Uq
vIqZ4VcLXmpsagMqNZis8JAgGJtn3wEHhZs96WSMyibZJSWN16Cup4jg+CY1pQLP
vbNGKLHgm7P3iAvLlHCw1xfNt/YZNvE8jlF1yjfx175UlubPAgHqwOf4NQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIP5YVHhLlnRG5phT4JgSj9Ym2soMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvZ19saFVlRXVXZEVibW1GUGdtQktQMWliYXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAKW6KKTqA0CIp4924mQ+uJ822BeF9GXke
lLkGYUoGxJpCpBCfnuA+mXFdbcpYn8M+IRPYOPSN350By1Ydkl91CC+biDr/6cim
HeqUyPggWd9Ap9lvswV9Qr15vwoC7OBngXHs0uKqdjIebS/JpAzGNdwrt+N52gOn
5OCVBhM4rC42oFGsEcm+N3culyvRBfpJ5rce0+vJuOZzrY+SjK9SwAnrSHnBMb1Z
x5AnkXNuMroFm5iW3QWEctnk0BIebhCc4AwfvEij6d3lBG9toG0+D46QqDGAifWs
FImjd3PCR5O8lUbguaH6MjudFXzTi2llUPD4539pdiqW5W39+RL33A==
-----END CERTIFICATE-----