Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/gln2jXarlCXzGrLQdDQfg5QnpSU.roa
File:                     gln2jXarlCXzGrLQdDQfg5QnpSU.roa (raw, json)
Hash identifier:          EPR39VOQfNlwkV2g4rA39f9Xqz/lI5R3ppqh6u+/2Es=
Subject key identifier:   82:59:F6:8D:76:AB:94:25:F3:1A:B2:D0:74:34:1F:83:94:27:A5:25
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82A83E3E73365BB4878F17D081E853
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/gln2jXarlCXzGrLQdDQfg5QnpSU.roa
Signing time:             Thu 26 Mar 2026 14:18:18 +0000
ROA not before:           Thu 26 Mar 2026 14:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19836
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:a8:3e:3e:73:36:5b:b4:87:8f:17:d0:81:e8:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8259f68d76ab9425f31ab2d074341f839427a525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:87:84:f9:ee:73:d3:8b:9f:1d:be:fd:fc:b1:
                    7f:dc:fe:a4:f4:09:5f:9c:38:f0:b6:74:75:87:8e:
                    05:a4:93:30:8d:c6:c0:78:67:9b:67:a2:65:9c:5d:
                    d5:e2:8a:56:cf:66:b5:99:74:c7:54:0f:6f:03:64:
                    08:4a:9c:a1:39:97:37:d2:dc:e4:59:99:01:2c:12:
                    0d:f5:e0:ce:15:cd:5f:f0:65:9a:a2:72:9d:95:f6:
                    eb:84:b9:49:ab:15:49:f2:81:8f:1a:95:d7:6b:27:
                    d6:94:93:87:c7:42:99:5e:ea:9d:58:69:04:22:0e:
                    1a:17:3d:ee:d7:da:ee:c8:e7:13:3d:f6:67:3b:93:
                    c8:4d:58:a1:de:a1:c2:76:ab:98:ce:c3:d0:d7:1f:
                    97:68:91:d4:bd:99:3b:96:c3:a3:1c:54:08:23:39:
                    d8:ab:c2:5c:29:21:a7:e9:52:ad:92:d5:65:d5:66:
                    9b:99:f9:7b:a0:2a:94:f9:b6:87:4b:21:62:62:06:
                    25:73:6a:5d:76:0a:cb:db:2b:11:d1:1f:04:b0:9b:
                    cd:3b:9f:8d:78:e0:ff:57:74:77:37:a5:0e:c9:2f:
                    63:19:e4:f0:c2:a1:1f:09:a4:e2:17:7b:f3:c2:49:
                    1a:00:ee:f8:87:08:9c:c9:a1:25:13:b5:05:3f:7f:
                    64:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:59:F6:8D:76:AB:94:25:F3:1A:B2:D0:74:34:1F:83:94:27:A5:25
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/gln2jXarlCXzGrLQdDQfg5QnpSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:87:79:21:c2:98:d0:5a:11:18:10:da:c8:16:cc:35:c4:b9:
         44:21:49:21:c3:9a:88:79:4e:f4:81:3c:99:f9:bb:63:ad:81:
         6c:8a:cf:6b:09:43:f1:18:af:0a:a9:9a:f5:b9:f3:e2:82:51:
         7d:56:2d:59:56:7a:29:88:78:1f:49:b4:00:c4:a9:a4:b3:9c:
         76:bc:a3:80:20:2c:ce:d3:df:db:ba:b5:88:f5:15:a6:13:04:
         cb:5c:4a:43:00:f5:0c:1b:b5:eb:24:7d:8a:6f:f4:cd:08:20:
         ff:c4:e2:e4:99:7b:18:9f:85:2d:66:2e:d6:40:d7:99:9a:52:
         e9:9f:0e:69:07:b3:cc:5f:62:b1:f3:49:ca:50:e0:b7:41:3d:
         0b:86:42:7c:9e:76:5e:0e:2f:ee:d7:cd:56:e0:a7:91:68:64:
         56:45:5b:79:72:aa:4f:d6:eb:4f:c9:12:99:2f:6a:b9:46:74:
         1a:aa:38:14:20:7e:43:ee:44:5c:0e:6e:98:e3:e1:7a:8a:bf:
         79:40:3f:34:a3:b7:80:0a:64:f4:41:39:b1:01:dd:37:f0:54:
         21:3d:a3:52:8a:32:0f:4a:1a:33:ba:63:0f:68:20:69:a5:6b:
         1d:2f:8d:0b:3e:d8:c4:45:4f:54:29:28:bb:16:ed:e8:5c:56:
         13:cd:69:95
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgqg+PnM2W7SHjxfQgehTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjU5ZjY4ZDc2YWI5NDI1ZjMxYWIyZDA3NDM0MWY4Mzk0MjdhNTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYeE+e5z04ufHb79/LF/3P6k9Alf
nDjwtnR1h44FpJMwjcbAeGebZ6JlnF3V4opWz2a1mXTHVA9vA2QISpyhOZc30tzk
WZkBLBIN9eDOFc1f8GWaonKdlfbrhLlJqxVJ8oGPGpXXayfWlJOHx0KZXuqdWGkE
Ig4aFz3u19ruyOcTPfZnO5PITVih3qHCdquYzsPQ1x+XaJHUvZk7lsOjHFQIIznY
q8JcKSGn6VKtktVl1Wabmfl7oCqU+baHSyFiYgYlc2pddgrL2ysR0R8EsJvNO5+N
eOD/V3R3N6UOyS9jGeTwwqEfCaTiF3vzwkkaAO74hwicyaElE7UFP39k9QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIJZ9o12q5Ql8xqy0HQ0H4OUJ6UlMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvZ2xuMmpYYXJsQ1h6R3JMUWREUWZnNVFucFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAiYd5IcKY0FoRGBDayBbMNcS5RCFJIcOa
iHlO9IE8mfm7Y62BbIrPawlD8RivCqma9bnz4oJRfVYtWVZ6KYh4H0m0AMSppLOc
dryjgCAsztPf27q1iPUVphMEy1xKQwD1DBu16yR9im/0zQgg/8Ti5Jl7GJ+FLWYu
1kDXmZpS6Z8OaQezzF9isfNJylDgt0E9C4ZCfJ52Xg4v7tfNVuCnkWhkVkVbeXKq
T9brT8kSmS9quUZ0Gqo4FCB+Q+5EXA5umOPheoq/eUA/NKO3gApk9EE5sQHdN/BU
IT2jUooyD0oaM7pjD2ggaaVrHS+NCz7YxEVPVCkouxbt6FxWE81plQ==
-----END CERTIFICATE-----