Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hPXWjIXDX7Ej0H2AeCNhPb-OMew.roa
File:                     hPXWjIXDX7Ej0H2AeCNhPb-OMew.roa (raw, json)
Hash identifier:          Hu00ZKmRns3jS+NJnJQpV8EIHTrS7C7RwisOEt6tQ0E=
Subject key identifier:   84:F5:D6:8C:85:C3:5F:B1:23:D0:7D:80:78:23:61:3D:BF:8E:31:EC
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82C902EC12A12C32AC124984E1D55A
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hPXWjIXDX7Ej0H2AeCNhPb-OMew.roa
Signing time:             Thu 26 Mar 2026 14:18:27 +0000
ROA not before:           Thu 26 Mar 2026 14:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396585
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:c9:02:ec:12:a1:2c:32:ac:12:49:84:e1:d5:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84f5d68c85c35fb123d07d807823613dbf8e31ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:01:8c:fb:f6:90:12:b5:c6:b4:90:99:d2:d7:
                    32:28:f5:e6:39:b6:05:df:2f:f2:cd:9b:86:0d:c6:
                    be:57:42:b6:07:dc:d3:c3:07:50:ac:fd:f7:11:12:
                    ca:42:06:52:f9:a0:be:82:5d:84:06:66:a5:30:72:
                    fe:2a:c9:0a:9c:89:e7:2a:d2:5f:c8:eb:0b:21:51:
                    88:69:50:33:c9:3f:fd:27:83:59:c5:3a:83:22:6e:
                    57:85:e0:33:e5:ab:2b:17:89:99:59:c5:de:fd:80:
                    20:9b:ef:0f:34:d6:9c:39:b9:f9:d7:f2:fd:64:26:
                    8d:a0:3b:4f:92:f9:e7:f4:f9:3e:a9:fa:e7:66:2c:
                    f4:ea:85:8c:04:03:cf:c8:7a:f2:fa:79:46:4a:c8:
                    9f:94:95:3e:cd:0d:64:2d:5a:21:de:27:b0:aa:94:
                    fa:e0:b6:0c:0a:25:db:e0:cf:26:0b:ec:18:f5:ad:
                    d9:c8:e8:ac:01:a4:6e:da:9c:a8:22:6b:12:82:b2:
                    3d:e7:a5:3f:35:9f:9d:01:51:4f:ca:ff:f9:bc:fd:
                    1a:69:21:56:c3:19:18:8d:d3:25:3b:02:a9:4c:20:
                    6b:ad:57:b2:48:3e:0d:58:d5:b9:4c:78:28:40:5e:
                    01:c6:9f:2e:02:3f:24:07:16:23:6d:ad:e9:39:dd:
                    86:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F5:D6:8C:85:C3:5F:B1:23:D0:7D:80:78:23:61:3D:BF:8E:31:EC
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hPXWjIXDX7Ej0H2AeCNhPb-OMew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:9c:da:ca:8f:33:b3:7c:b9:f6:71:d9:a9:fd:ce:76:42:f6:
         4b:18:b5:a4:cf:ad:2f:9f:cb:72:6b:46:42:57:a4:85:a4:f6:
         55:0f:83:6d:d4:77:65:50:bc:6f:f6:60:7a:f6:e1:1b:d9:a8:
         f0:38:e6:2b:ef:db:3f:cc:5a:85:24:e7:02:bd:e5:96:b0:b3:
         11:ed:e7:a4:d0:c7:32:e2:eb:fb:d5:cb:85:1c:3c:92:90:ef:
         ea:65:be:ed:89:f1:5a:4e:a4:27:fa:84:ee:b9:fd:bd:41:fb:
         72:6b:27:72:53:f5:fa:5d:f3:25:e0:62:27:0a:f3:7b:cc:fe:
         0f:4f:ee:1e:c0:e2:82:15:13:b0:75:49:7c:e8:ff:a7:15:b7:
         47:93:5e:f1:dd:07:d0:15:c3:05:bd:9e:30:56:2d:8f:ee:81:
         83:9f:70:fd:d6:71:64:16:a1:73:bf:c1:11:3a:41:f0:3f:77:
         75:dc:95:08:9d:66:b7:56:48:e1:57:4b:5d:b1:74:dc:ad:d3:
         dc:8e:93:c9:e0:aa:f3:38:29:a0:e0:45:61:0c:f8:65:3d:eb:
         bb:b9:0a:cf:bb:c3:e6:33:95:6d:26:52:da:a1:05:c7:a7:ea:
         ee:dd:a5:9e:45:0b:88:cf:31:ad:3a:ef:31:84:f4:d7:46:8a:
         0b:44:b4:bd
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgskC7BKhLDKsEkmE4dVaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGY1ZDY4Yzg1YzM1ZmIxMjNkMDdkODA3ODIzNjEzZGJmOGUzMWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgGM+/aQErXGtJCZ0tcyKPXmObYF
3y/yzZuGDca+V0K2B9zTwwdQrP33ERLKQgZS+aC+gl2EBmalMHL+KskKnInnKtJf
yOsLIVGIaVAzyT/9J4NZxTqDIm5XheAz5asrF4mZWcXe/YAgm+8PNNacObn51/L9
ZCaNoDtPkvnn9Pk+qfrnZiz06oWMBAPPyHry+nlGSsiflJU+zQ1kLVoh3iewqpT6
4LYMCiXb4M8mC+wY9a3ZyOisAaRu2pyoImsSgrI956U/NZ+dAVFPyv/5vP0aaSFW
wxkYjdMlOwKpTCBrrVeySD4NWNW5THgoQF4Bxp8uAj8kBxYjba3pOd2GwwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIT11oyFw1+xI9B9gHgjYT2/jjHsMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvaFBYV2pJWERYN0VqMEgyQWVDTmhQYi1PTWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAVZzayo8zs3y59nHZqf3OdkL2Sxi1pM+t
L5/LcmtGQlekhaT2VQ+DbdR3ZVC8b/ZgevbhG9mo8DjmK+/bP8xahSTnAr3llrCz
Ee3npNDHMuLr+9XLhRw8kpDv6mW+7YnxWk6kJ/qE7rn9vUH7cmsnclP1+l3zJeBi
Jwrze8z+D0/uHsDighUTsHVJfOj/pxW3R5Ne8d0H0BXDBb2eMFYtj+6Bg59w/dZx
ZBahc7/BETpB8D93ddyVCJ1mt1ZI4VdLXbF03K3T3I6TyeCq8zgpoOBFYQz4ZT3r
u7kKz7vD5jOVbSZS2qEFx6fq7t2lnkULiM8xrTrvMYT010aKC0S0vQ==
-----END CERTIFICATE-----