Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hyqIV65c0jEidYIIjSO5SEKkEbk.roa
File:                     hyqIV65c0jEidYIIjSO5SEKkEbk.roa (raw, json)
Hash identifier:          M+yEcMDpUbRAy1N6KgtoJz8lMhaVacTjg3TFQ+urL98=
Subject key identifier:   87:2A:88:57:AE:5C:D2:31:22:75:82:08:8D:23:B9:48:42:A4:11:B9
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82BADCF65152996DFE514B5830DDA9
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hyqIV65c0jEidYIIjSO5SEKkEbk.roa
Signing time:             Thu 26 Mar 2026 14:18:23 +0000
ROA not before:           Thu 26 Mar 2026 14:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396551
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:ba:dc:f6:51:52:99:6d:fe:51:4b:58:30:dd:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=872a8857ae5cd231227582088d23b94842a411b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d0:ae:86:89:ae:07:d8:a1:a3:ab:d8:30:58:
                    66:cb:a7:99:4b:85:8b:83:6a:2e:2a:b1:7d:09:95:
                    a1:b1:3e:eb:03:4b:5a:f9:9b:57:1f:d9:a8:4c:04:
                    5a:76:64:33:b2:c9:34:0b:a9:a6:cf:7c:5c:85:9e:
                    c5:81:0f:10:26:13:19:d7:95:3b:73:b4:83:0a:c9:
                    81:41:ea:15:d8:c1:c1:a3:fa:b0:1a:f4:12:da:d3:
                    5a:2e:2e:7a:f6:21:43:36:84:9e:d6:ce:0d:7e:fb:
                    fa:a5:53:c8:8b:4a:fa:c0:be:9a:e2:a8:e8:e6:9f:
                    ac:c2:a8:2b:46:fd:11:ea:b7:a4:27:ab:5c:f8:48:
                    44:f7:ae:10:92:39:b3:64:53:f8:21:5d:29:cf:98:
                    81:c4:dd:6e:e0:a1:4c:d0:1e:d7:9f:10:f0:53:78:
                    c6:72:a2:d8:6f:87:c6:7d:07:f8:2e:e8:43:e0:32:
                    fb:93:18:0a:a9:d8:62:7b:21:81:fd:7a:48:f9:99:
                    f2:c3:65:b4:40:bc:26:04:cb:e1:9d:7c:87:c3:ed:
                    fa:68:1c:40:d1:c5:37:fd:24:89:95:8f:0b:14:9e:
                    59:3a:65:e8:dd:a6:db:ba:f1:ab:b9:83:83:87:df:
                    a0:0d:be:dc:0f:30:ba:f5:ef:02:0f:10:d4:df:23:
                    f1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2A:88:57:AE:5C:D2:31:22:75:82:08:8D:23:B9:48:42:A4:11:B9
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hyqIV65c0jEidYIIjSO5SEKkEbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:26:7a:f8:41:44:e2:35:77:86:bb:f9:a5:f5:46:63:18:5a:
         b1:7e:9b:74:f0:38:8c:e7:0d:bd:6d:1b:b8:27:21:c7:27:2c:
         4e:69:4b:68:ba:a2:3e:4f:bb:7e:99:36:eb:5e:a5:26:73:61:
         a5:8d:89:69:9a:f3:fc:16:ba:1e:15:50:cd:93:8a:1e:9a:84:
         40:96:b4:2c:d2:06:b5:a8:4c:b1:10:40:b6:3c:aa:4a:12:7b:
         1d:69:c4:54:dc:97:42:8e:e1:f6:0f:b3:13:cc:be:87:75:e0:
         3f:54:f0:91:ce:ca:f4:36:86:6d:ca:80:76:e7:3c:59:87:ec:
         59:5c:36:9c:2f:c6:a4:22:db:54:a3:7d:1e:dd:10:5e:b8:a7:
         47:2f:a6:bb:14:63:96:7d:19:96:e8:a5:88:da:5f:ee:62:e9:
         e9:78:be:9f:9d:13:fd:3e:43:99:76:9a:58:af:c3:09:66:4d:
         03:a9:02:0e:59:71:cb:69:bb:60:68:ef:cc:29:22:d5:b5:03:
         4f:31:e2:2a:7a:19:fd:52:a1:44:8e:dc:90:a7:82:17:04:7c:
         d4:25:46:e2:1f:17:73:21:90:e2:e0:5c:82:f4:2d:77:d5:7f:
         7e:f2:81:38:8f:d4:fb:97:78:85:11:9a:84:df:3b:e4:f0:5d:
         6f:fd:e7:ff
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgrrc9lFSmW3+UUtYMN2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJhODg1N2FlNWNkMjMxMjI3NTgyMDg4ZDIzYjk0ODQyYTQxMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9CuhomuB9iho6vYMFhmy6eZS4WL
g2ouKrF9CZWhsT7rA0ta+ZtXH9moTARadmQzssk0C6mmz3xchZ7FgQ8QJhMZ15U7
c7SDCsmBQeoV2MHBo/qwGvQS2tNaLi569iFDNoSe1s4Nfvv6pVPIi0r6wL6a4qjo
5p+swqgrRv0R6rekJ6tc+EhE964QkjmzZFP4IV0pz5iBxN1u4KFM0B7XnxDwU3jG
cqLYb4fGfQf4LuhD4DL7kxgKqdhieyGB/XpI+Znyw2W0QLwmBMvhnXyHw+36aBxA
0cU3/SSJlY8LFJ5ZOmXo3abbuvGruYODh9+gDb7cDzC69e8CDxDU3yPxZwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIcqiFeuXNIxInWCCI0juUhCpBG5MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvaHlxSVY2NWMwakVpZFlJSWpTTzVTRUtrRWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAWyZ6+EFE4jV3hrv5pfVGYxhasX6bdPA4
jOcNvW0buCchxycsTmlLaLqiPk+7fpk2616lJnNhpY2JaZrz/Ba6HhVQzZOKHpqE
QJa0LNIGtahMsRBAtjyqShJ7HWnEVNyXQo7h9g+zE8y+h3XgP1Twkc7K9DaGbcqA
duc8WYfsWVw2nC/GpCLbVKN9Ht0QXrinRy+muxRjln0ZluiliNpf7mLp6Xi+n50T
/T5DmXaaWK/DCWZNA6kCDllxy2m7YGjvzCki1bUDTzHiKnoZ/VKhRI7ckKeCFwR8
1CVG4h8XcyGQ4uBcgvQtd9V/fvKBOI/U+5d4hRGahN875PBdb/3n/w==
-----END CERTIFICATE-----