Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iA7jRjFkZqKgTBNd1VbWn_e205U.roa
File:                     iA7jRjFkZqKgTBNd1VbWn_e205U.roa (raw, json)
Hash identifier:          povAfxKUEUfmJXPJRto6GeWZ1YwfSz8Kw2rB5c/xTeM=
Subject key identifier:   88:0E:E3:46:31:64:66:A2:A0:4C:13:5D:D5:56:D6:9F:F7:B6:D3:95
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82DAB4656E51AD9A4959A0B04970EC
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iA7jRjFkZqKgTBNd1VbWn_e205U.roa
Signing time:             Thu 26 Mar 2026 14:18:31 +0000
ROA not before:           Thu 26 Mar 2026 14:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397199
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:da:b4:65:6e:51:ad:9a:49:59:a0:b0:49:70:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=880ee346316466a2a04c135dd556d69ff7b6d395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f5:90:b2:5f:25:bd:4f:38:16:86:68:23:0b:
                    0f:6d:ee:12:68:9f:02:86:52:c4:00:2b:bd:f1:ee:
                    c7:c7:8e:c9:49:5e:cc:7a:17:d8:2c:cf:97:a6:6f:
                    18:73:87:76:88:d7:96:4b:15:4f:d6:ea:5a:8d:48:
                    e6:e9:24:8b:ff:24:32:bc:d6:2d:6d:4a:8d:94:c6:
                    33:70:1c:3a:32:c2:d2:d1:2c:77:87:d9:da:27:c1:
                    30:26:b3:0b:12:7c:1e:d1:22:b8:f2:f0:b4:74:0c:
                    23:fc:c3:6b:a7:37:91:54:81:bd:64:d5:c1:66:9c:
                    57:ae:26:88:15:10:31:21:77:7d:ae:36:8b:5f:b5:
                    c8:48:8f:6e:6d:fb:c2:6a:01:0b:d0:74:72:05:71:
                    4f:c7:c6:f6:b0:61:e4:aa:91:59:f8:78:4b:e4:0d:
                    fc:ba:fb:e8:18:7f:e3:eb:52:9d:4a:0f:87:ed:fa:
                    89:05:60:a1:04:f7:9c:b0:54:6a:d6:00:1e:ef:2f:
                    fd:74:77:e1:59:24:8c:93:05:7d:48:64:75:c9:e1:
                    42:b2:cf:df:33:1e:d5:5f:1f:3d:de:39:09:f3:82:
                    dc:43:58:7a:15:69:6d:b6:60:38:64:31:fa:77:5e:
                    13:dc:bb:b1:9a:2a:4f:ee:a2:6b:31:c6:8f:07:2d:
                    19:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:0E:E3:46:31:64:66:A2:A0:4C:13:5D:D5:56:D6:9F:F7:B6:D3:95
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iA7jRjFkZqKgTBNd1VbWn_e205U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:be:88:19:8c:cc:a2:3a:ea:7a:56:07:0e:f9:87:5f:49:8a:
         19:a7:6a:bd:ac:e8:c7:23:62:c8:e4:c5:6c:fd:be:d4:5f:2a:
         31:ae:7e:1d:5b:21:16:96:64:86:1a:02:34:c0:a4:e2:82:f4:
         8c:81:9d:54:3e:7f:af:80:4a:0c:2a:b2:7d:8e:2f:3a:ed:42:
         58:56:71:4a:bf:57:e3:b3:e7:b7:3b:2d:da:82:d5:d7:b3:98:
         c0:d1:35:6f:9a:85:58:61:f0:77:7f:ed:84:90:4a:e6:3e:0e:
         08:37:b6:d2:20:07:0f:17:72:c8:00:44:d9:be:7e:cf:ed:88:
         28:32:35:7f:06:27:d5:17:bb:37:60:e1:2b:62:c3:a7:7f:f5:
         e4:a0:1e:6e:36:75:22:b7:6f:01:c6:20:80:06:e1:e7:89:76:
         a0:9d:3c:71:e9:51:40:47:20:38:3c:93:5d:17:79:c0:8b:6d:
         c9:e8:75:e2:c2:45:ee:b2:0a:66:04:76:79:53:1b:af:b1:0f:
         57:27:88:37:b9:ec:60:30:16:26:e1:7d:b4:6f:ea:55:be:14:
         c6:e1:18:31:e2:14:ab:40:14:ac:71:50:8b:b8:0c:d5:47:64:
         05:58:64:85:9b:79:27:96:5f:8f:79:1b:2d:64:f0:be:b0:cf:
         c3:9f:f7:20
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtq0ZW5RrZpJWaCwSXDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODBlZTM0NjMxNjQ2NmEyYTA0YzEzNWRkNTU2ZDY5ZmY3YjZkMzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvWQsl8lvU84FoZoIwsPbe4SaJ8C
hlLEACu98e7Hx47JSV7MehfYLM+Xpm8Yc4d2iNeWSxVP1upajUjm6SSL/yQyvNYt
bUqNlMYzcBw6MsLS0Sx3h9naJ8EwJrMLEnwe0SK48vC0dAwj/MNrpzeRVIG9ZNXB
ZpxXriaIFRAxIXd9rjaLX7XISI9ubfvCagEL0HRyBXFPx8b2sGHkqpFZ+HhL5A38
uvvoGH/j61KdSg+H7fqJBWChBPecsFRq1gAe7y/9dHfhWSSMkwV9SGR1yeFCss/f
Mx7VXx893jkJ84LcQ1h6FWlttmA4ZDH6d14T3LuxmipP7qJrMcaPBy0ZOwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIgO40YxZGaioEwTXdVW1p/3ttOVMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvaUE3alJqRmtacUtnVEJOZDFWYlduX2UyMDVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAOb6IGYzMojrqelYHDvmHX0mKGadqvazo
xyNiyOTFbP2+1F8qMa5+HVshFpZkhhoCNMCk4oL0jIGdVD5/r4BKDCqyfY4vOu1C
WFZxSr9X47Pntzst2oLV17OYwNE1b5qFWGHwd3/thJBK5j4OCDe20iAHDxdyyABE
2b5+z+2IKDI1fwYn1Re7N2DhK2LDp3/15KAebjZ1IrdvAcYggAbh54l2oJ08celR
QEcgODyTXRd5wIttyeh14sJF7rIKZgR2eVMbr7EPVyeIN7nsYDAWJuF9tG/qVb4U
xuEYMeIUq0AUrHFQi7gM1UdkBVhkhZt5J5Zfj3kbLWTwvrDPw5/3IA==
-----END CERTIFICATE-----