Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hqFrLsTJ5b9D0cf4BuFb7UTqniU.roa
File:                     hqFrLsTJ5b9D0cf4BuFb7UTqniU.roa (raw, json)
Hash identifier:          Ow/soLgHkmhAJk1p6TzBFC2SFYbYFhAOfv1Ji9eZ/tw=
Subject key identifier:   86:A1:6B:2E:C4:C9:E5:BF:43:D1:C7:F8:06:E1:5B:ED:44:EA:9E:25
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82BCE16673A8DCE567965EE7F4E3D8
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hqFrLsTJ5b9D0cf4BuFb7UTqniU.roa
Signing time:             Thu 26 Mar 2026 14:18:24 +0000
ROA not before:           Thu 26 Mar 2026 14:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396553
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:bc:e1:66:73:a8:dc:e5:67:96:5e:e7:f4:e3:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86a16b2ec4c9e5bf43d1c7f806e15bed44ea9e25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:cf:13:a6:e4:d2:ff:a5:9e:53:d8:6f:e5:86:
                    ad:2c:55:a8:24:04:fb:8a:9e:50:45:01:ec:dc:35:
                    05:bd:ec:8b:56:77:c7:36:f1:0a:57:55:55:8f:75:
                    c8:0a:22:b8:38:3e:11:01:de:51:f4:8d:55:a5:84:
                    7f:cd:5f:e6:17:f6:1e:16:f9:9e:d3:eb:01:6a:87:
                    57:a4:85:29:04:91:c5:c9:a6:b9:f2:ee:96:20:60:
                    55:8e:2b:73:4a:3a:c5:1a:67:1a:de:fe:9b:4d:d7:
                    ca:06:07:f2:ae:1a:01:56:29:8a:fc:3c:92:f0:47:
                    01:5e:8c:91:7e:b9:13:c5:c6:d3:df:04:70:30:ca:
                    65:ff:e8:50:1e:d9:a8:5d:4c:a6:cc:4f:95:a5:0d:
                    90:fa:1d:db:fb:52:b8:34:d3:13:9b:59:86:e6:de:
                    74:a3:39:e3:dc:63:81:29:05:b3:a9:0d:a7:5c:e5:
                    93:30:76:c4:47:23:60:8c:7d:50:af:fe:21:69:32:
                    93:34:26:b6:a4:de:49:ab:5f:83:ab:63:ed:c4:fc:
                    bc:73:c9:4d:17:74:56:24:11:93:3f:96:24:b4:4c:
                    63:9d:5f:82:d7:3d:36:3f:7b:29:5b:c8:7d:ce:70:
                    0d:a1:e5:4b:87:92:6d:08:a5:bf:44:55:e0:2b:b2:
                    cc:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:A1:6B:2E:C4:C9:E5:BF:43:D1:C7:F8:06:E1:5B:ED:44:EA:9E:25
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hqFrLsTJ5b9D0cf4BuFb7UTqniU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:1d:5b:96:2e:85:2a:aa:6f:63:66:2c:3f:1c:38:a2:9a:c5:
         1a:3b:2f:b0:42:16:4d:91:ad:db:a4:d7:c7:c5:b3:69:08:45:
         35:32:0c:7c:d3:a0:98:c7:93:4c:86:d5:a0:2a:1d:d1:f6:2e:
         18:b0:95:73:b8:35:86:a0:3e:94:6d:92:e5:b3:38:59:f6:e0:
         f7:57:36:0e:ea:ac:41:38:44:2e:3c:bb:f5:f4:c0:25:65:1c:
         a0:9e:91:2e:f7:ca:9e:d2:87:ef:96:73:3b:46:0b:e0:ff:c6:
         d9:a7:3c:ee:16:99:02:99:f1:8c:61:e8:2d:57:95:80:67:14:
         af:84:a2:4a:93:7f:a7:82:eb:97:f6:b8:f8:f8:14:91:51:ec:
         fe:ec:06:b9:6f:ba:9c:43:40:bf:b3:2e:14:3b:27:9f:89:3e:
         8c:77:15:fd:fa:ba:f2:da:43:9a:45:90:28:5f:31:88:a0:42:
         84:b2:e3:e4:ca:46:57:74:06:a7:5e:a5:8b:86:0b:26:2d:74:
         d5:34:6c:af:8c:16:c6:bf:cd:42:1d:14:c8:b4:71:58:41:1f:
         8f:e0:ec:f8:d2:f0:62:34:da:9b:df:7e:36:01:23:22:aa:10:
         b9:d8:64:5d:6a:e6:fd:5d:51:b2:f6:8a:00:f6:f5:27:9a:22:
         bd:a5:c9:a8
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgrzhZnOo3OVnll7n9OPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmExNmIyZWM0YzllNWJmNDNkMWM3ZjgwNmUxNWJlZDQ0ZWE5ZTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxs8TpuTS/6WeU9hv5YatLFWoJAT7
ip5QRQHs3DUFveyLVnfHNvEKV1VVj3XICiK4OD4RAd5R9I1VpYR/zV/mF/YeFvme
0+sBaodXpIUpBJHFyaa58u6WIGBVjitzSjrFGmca3v6bTdfKBgfyrhoBVimK/DyS
8EcBXoyRfrkTxcbT3wRwMMpl/+hQHtmoXUymzE+VpQ2Q+h3b+1K4NNMTm1mG5t50
oznj3GOBKQWzqQ2nXOWTMHbERyNgjH1Qr/4haTKTNCa2pN5Jq1+Dq2PtxPy8c8lN
F3RWJBGTP5YktExjnV+C1z02P3spW8h9znANoeVLh5JtCKW/RFXgK7LMZQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIahay7EyeW/Q9HH+AbhW+1E6p4lMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvaHFGckxzVEo1YjlEMGNmNEJ1RmI3VVRxbmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAWx1bli6FKqpvY2YsPxw4oprFGjsvsEIW
TZGt26TXx8WzaQhFNTIMfNOgmMeTTIbVoCod0fYuGLCVc7g1hqA+lG2S5bM4Wfbg
91c2DuqsQThELjy79fTAJWUcoJ6RLvfKntKH75ZzO0YL4P/G2ac87haZApnxjGHo
LVeVgGcUr4SiSpN/p4Lrl/a4+PgUkVHs/uwGuW+6nENAv7MuFDsnn4k+jHcV/fq6
8tpDmkWQKF8xiKBChLLj5MpGV3QGp16li4YLJi101TRsr4wWxr/NQh0UyLRxWEEf
j+Ds+NLwYjTam99+NgEjIqoQudhkXWrm/V1RsvaKAPb1J5oivaXJqA==
-----END CERTIFICATE-----