Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/kKrttq1lNdgWaojRIpyRXH5Cdf8.roa
File:                     kKrttq1lNdgWaojRIpyRXH5Cdf8.roa (raw, json)
Hash identifier:          aEo7undtkeauhqjLeorTWnag/NfWKzA7B9lzqlzZUvU=
Subject key identifier:   90:AA:ED:B6:AD:65:35:D8:16:6A:88:D1:22:9C:91:5C:7E:42:75:FF
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82AB87A768820D13F705D747984FA2
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/kKrttq1lNdgWaojRIpyRXH5Cdf8.roa
Signing time:             Thu 26 Mar 2026 14:18:19 +0000
ROA not before:           Thu 26 Mar 2026 14:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25485
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:ab:87:a7:68:82:0d:13:f7:05:d7:47:98:4f:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90aaedb6ad6535d8166a88d1229c915c7e4275ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:6e:22:8f:f7:8d:ef:b0:3c:55:38:13:b5:33:
                    98:4c:df:36:1c:ae:db:e5:99:7f:05:b0:5e:ad:72:
                    89:d9:55:9e:7a:70:a6:70:5f:93:38:25:b3:e7:70:
                    69:6c:ac:ab:81:d6:95:81:d9:e2:90:13:12:15:51:
                    f8:bb:84:e0:2f:b2:4a:1c:56:b3:8f:c9:0e:37:18:
                    35:29:bb:a9:3a:fd:d8:2a:1a:a7:c9:a7:e9:65:3b:
                    6b:9b:0f:97:1a:90:e1:d8:40:b9:71:e5:af:32:ae:
                    f7:ce:ef:7e:8b:3a:18:55:01:9b:e4:73:6a:21:4f:
                    fe:69:4d:46:a9:ad:e8:ac:ff:1e:4e:cf:c2:11:ec:
                    f1:13:dc:54:e1:ea:45:9a:4f:f8:f1:48:1a:45:66:
                    7f:67:db:6a:08:75:5c:cf:9c:fb:7e:f7:7f:46:93:
                    ee:17:5e:a1:44:07:33:0f:bb:9a:9c:2d:bc:80:78:
                    a4:81:5b:c8:77:34:bd:59:81:8e:fb:e9:0a:6f:3f:
                    58:99:36:5a:0d:48:34:97:b9:b9:25:6b:a9:52:84:
                    bc:4b:23:87:f0:b7:72:e3:38:c8:be:3b:64:6b:70:
                    9d:3c:b6:47:b8:ee:02:49:52:e2:aa:42:47:8a:74:
                    4a:ab:cb:3a:1d:ef:25:58:98:6a:79:a5:c5:36:f9:
                    94:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:AA:ED:B6:AD:65:35:D8:16:6A:88:D1:22:9C:91:5C:7E:42:75:FF
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/kKrttq1lNdgWaojRIpyRXH5Cdf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:5a:4c:fa:97:a8:5a:c2:58:ec:5b:7c:1b:b9:02:d8:4d:71:
         52:ce:71:75:36:d2:6e:1f:51:f6:fe:3f:7f:39:30:9d:78:49:
         4f:6d:94:f9:97:c0:1f:37:cb:77:4e:ee:7b:42:99:1b:4d:3f:
         e0:cd:b4:0e:a5:9b:bc:15:e7:64:05:5d:27:e0:c6:fc:fa:a6:
         db:e3:56:fb:4a:00:7b:da:11:41:19:5a:ab:0a:01:ba:f5:71:
         4f:95:8f:5f:86:ef:03:1a:c8:b7:ea:f8:84:72:53:5d:ea:d7:
         46:03:d4:47:76:25:ea:ea:4e:38:1e:ac:d3:de:aa:f2:86:7f:
         42:e8:92:7b:c8:53:41:9f:4c:18:18:0a:65:46:e7:93:2e:5b:
         fa:57:ee:9b:a5:af:c8:03:9c:e2:62:63:6a:b5:45:68:55:e9:
         c4:be:48:fe:08:74:58:bf:32:92:51:f2:90:3b:dd:a5:1e:c9:
         55:31:0b:2e:53:ac:30:b3:80:61:09:c2:75:c6:5d:de:26:75:
         ca:22:23:a5:50:ee:d4:e8:04:25:b2:d1:4f:ed:f4:c2:9d:3f:
         89:26:0e:84:58:5b:ff:68:d4:01:79:3c:ae:42:e1:d5:23:04:
         bc:e0:d0:25:67:4b:3d:41:c3:4e:7c:28:c4:5c:2a:01:cf:98:
         e4:c9:60:b4
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgquHp2iCDRP3BddHmE+iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGFhZWRiNmFkNjUzNWQ4MTY2YTg4ZDEyMjljOTE1YzdlNDI3NWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+24ij/eN77A8VTgTtTOYTN82HK7b
5Zl/BbBerXKJ2VWeenCmcF+TOCWz53BpbKyrgdaVgdnikBMSFVH4u4TgL7JKHFaz
j8kONxg1KbupOv3YKhqnyafpZTtrmw+XGpDh2EC5ceWvMq73zu9+izoYVQGb5HNq
IU/+aU1Gqa3orP8eTs/CEezxE9xU4epFmk/48UgaRWZ/Z9tqCHVcz5z7fvd/RpPu
F16hRAczD7uanC28gHikgVvIdzS9WYGO++kKbz9YmTZaDUg0l7m5JWupUoS8SyOH
8Ldy4zjIvjtka3CdPLZHuO4CSVLiqkJHinRKq8s6He8lWJhqeaXFNvmUAQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFJCq7batZTXYFmqI0SKckVx+QnX/MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEva0tydHRxMWxOZGdXYW9qUklweVJYSDVDZGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAl1pM+peoWsJY7Ft8G7kC2E1xUs5xdTbS
bh9R9v4/fzkwnXhJT22U+ZfAHzfLd07ue0KZG00/4M20DqWbvBXnZAVdJ+DG/Pqm
2+NW+0oAe9oRQRlaqwoBuvVxT5WPX4bvAxrIt+r4hHJTXerXRgPUR3Yl6upOOB6s
096q8oZ/QuiSe8hTQZ9MGBgKZUbnky5b+lfum6WvyAOc4mJjarVFaFXpxL5I/gh0
WL8yklHykDvdpR7JVTELLlOsMLOAYQnCdcZd3iZ1yiIjpVDu1OgEJbLRT+30wp0/
iSYOhFhb/2jUAXk8rkLh1SMEvODQJWdLPUHDTnwoxFwqAc+Y5MlgtA==
-----END CERTIFICATE-----