Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iPTKoXPCoNBS1NnA_WRRzLOFF00.roa
File:                     iPTKoXPCoNBS1NnA_WRRzLOFF00.roa (raw, json)
Hash identifier:          sQNNq3rYPE9gr8QsQoov99jcds/YbTbC9EoIgjaa7pA=
Subject key identifier:   88:F4:CA:A1:73:C2:A0:D0:52:D4:D9:C0:FD:64:51:CC:B3:85:17:4D
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D50DF950914FD785EE27883DA991
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iPTKoXPCoNBS1NnA_WRRzLOFF00.roa
Signing time:             Thu 26 Mar 2026 14:18:30 +0000
ROA not before:           Thu 26 Mar 2026 14:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396611
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d5:0d:f9:50:91:4f:d7:85:ee:27:88:3d:a9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88f4caa173c2a0d052d4d9c0fd6451ccb385174d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:26:4b:10:04:5e:a4:5c:d7:26:ff:72:28:9c:
                    69:1d:ed:cf:12:07:97:f4:b3:81:07:ab:c1:2d:b6:
                    90:67:e1:3d:b1:5a:db:a1:68:45:bd:fa:4d:f5:28:
                    eb:4c:ff:f2:ef:12:ba:65:f6:25:c6:21:a0:a7:88:
                    ae:40:58:64:ad:06:72:de:08:dd:89:c0:71:4c:39:
                    4b:e9:41:d0:63:68:89:f5:e8:0e:81:9d:66:70:c1:
                    da:09:5b:fa:0c:4c:75:a4:2a:fe:05:78:da:93:bd:
                    52:78:66:5b:b6:ee:e1:cd:a8:50:23:9c:9f:92:ee:
                    b6:bd:65:5d:e4:a2:e6:84:d8:40:7f:af:ad:44:aa:
                    6c:80:5f:b9:38:f5:7e:7d:21:8e:7e:b8:75:9e:ff:
                    30:ac:58:38:12:19:e0:4e:d4:03:a2:1a:5c:6a:28:
                    b9:e7:68:bb:44:f1:bb:ad:ab:4a:f6:86:7a:72:84:
                    e9:59:5a:9e:ab:a1:9a:88:5b:eb:b9:c7:43:fc:29:
                    3c:f1:05:2d:00:b7:7a:2d:c6:c5:48:81:d4:0a:09:
                    24:36:f3:e2:fb:8f:7a:bd:2e:0b:fb:26:fe:95:71:
                    38:75:ce:c1:27:07:17:5e:9b:8e:3b:83:b4:f6:bf:
                    c0:f7:ff:e8:5c:f0:24:35:e5:ac:5a:32:13:9a:e6:
                    27:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F4:CA:A1:73:C2:A0:D0:52:D4:D9:C0:FD:64:51:CC:B3:85:17:4D
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/iPTKoXPCoNBS1NnA_WRRzLOFF00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:fd:02:b8:6a:0c:d9:ab:bc:92:38:36:e6:be:ae:9e:6b:b5:
         2d:71:5e:ff:d1:d9:49:82:3f:5b:fd:a3:70:7c:60:cd:30:cb:
         f7:16:48:ea:54:b0:fe:6e:71:e1:5c:dd:9b:9e:c3:84:ea:25:
         3a:6a:9a:67:fe:0d:25:91:4c:75:6e:2a:61:db:5a:30:74:18:
         c3:29:5a:b9:47:ef:6c:35:98:a4:95:33:d9:72:2f:95:29:73:
         7f:e3:3c:0d:ff:00:8d:91:f3:82:30:ad:bc:3b:ca:38:29:4f:
         d8:b0:b1:fb:9b:b8:3d:46:c4:cb:ca:e5:a2:db:73:6e:3b:cc:
         c0:dc:6a:34:7f:e7:46:ea:3a:7d:25:0a:0e:48:57:74:e8:71:
         79:1b:81:96:9f:fe:57:d4:7d:db:fc:ce:80:fd:67:67:3b:90:
         37:ff:f9:12:da:47:b1:2f:14:65:8a:e3:86:5b:27:8e:35:f3:
         b1:7b:32:8d:45:38:3a:38:37:04:9c:5d:99:c6:1e:83:7c:cf:
         9d:45:7e:89:33:4f:17:85:8f:75:83:5b:ea:b6:48:d0:e9:70:
         03:13:b2:98:13:5c:df:c1:8f:72:9a:90:bc:aa:41:eb:99:a1:
         4e:0c:c1:ff:e1:ee:c3:4a:ec:d9:a9:b3:6f:8d:85:02:14:e7:
         f1:13:0f:26
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtUN+VCRT9eF7ieIPamRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGY0Y2FhMTczYzJhMGQwNTJkNGQ5YzBmZDY0NTFjY2IzODUxNzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSZLEARepFzXJv9yKJxpHe3PEgeX
9LOBB6vBLbaQZ+E9sVrboWhFvfpN9SjrTP/y7xK6ZfYlxiGgp4iuQFhkrQZy3gjd
icBxTDlL6UHQY2iJ9egOgZ1mcMHaCVv6DEx1pCr+BXjak71SeGZbtu7hzahQI5yf
ku62vWVd5KLmhNhAf6+tRKpsgF+5OPV+fSGOfrh1nv8wrFg4EhngTtQDohpcaii5
52i7RPG7ratK9oZ6coTpWVqeq6GaiFvrucdD/Ck88QUtALd6LcbFSIHUCgkkNvPi
+496vS4L+yb+lXE4dc7BJwcXXpuOO4O09r/A9//oXPAkNeWsWjITmuYndQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIj0yqFzwqDQUtTZwP1kUcyzhRdNMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvaVBUS29YUENvTkJTMU5uQV9XUlJ6TE9GRjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAi/0CuGoM2au8kjg25r6unmu1LXFe/9HZ
SYI/W/2jcHxgzTDL9xZI6lSw/m5x4Vzdm57DhOolOmqaZ/4NJZFMdW4qYdtaMHQY
wylauUfvbDWYpJUz2XIvlSlzf+M8Df8AjZHzgjCtvDvKOClP2LCx+5u4PUbEy8rl
ottzbjvMwNxqNH/nRuo6fSUKDkhXdOhxeRuBlp/+V9R92/zOgP1nZzuQN//5EtpH
sS8UZYrjhlsnjjXzsXsyjUU4Ojg3BJxdmcYeg3zPnUV+iTNPF4WPdYNb6rZI0Olw
AxOymBNc38GPcpqQvKpB65mhTgzB/+Huw0rs2amzb42FAhTn8RMPJg==
-----END CERTIFICATE-----