Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/m1TVzhmaUZPv0rq-ma9dD1hG7Qg.roa
File:                     m1TVzhmaUZPv0rq-ma9dD1hG7Qg.roa (raw, json)
Hash identifier:          kJkWqROdUUz6Yygv1X7Whwapac/3AEkHlmOP8pd+yTY=
Subject key identifier:   9B:54:D5:CE:19:9A:51:93:EF:D2:BA:BE:99:AF:5D:0F:58:46:ED:08
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82DE0FA044CCA014644D42307A40BC
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/m1TVzhmaUZPv0rq-ma9dD1hG7Qg.roa
Signing time:             Thu 26 Mar 2026 14:18:32 +0000
ROA not before:           Thu 26 Mar 2026 14:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397205
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:de:0f:a0:44:cc:a0:14:64:4d:42:30:7a:40:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b54d5ce199a5193efd2babe99af5d0f5846ed08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1c:b3:8a:35:06:91:a8:a2:b8:87:6f:c9:e8:
                    f7:c0:ae:9c:8b:1a:4b:95:bf:b2:21:fd:34:46:fa:
                    6b:57:d3:37:37:6f:2e:24:be:5b:fe:bd:7d:e6:84:
                    d2:a0:b5:96:cf:9b:4e:c9:3a:a8:1f:65:f8:bf:ec:
                    c2:2a:bd:79:d6:0f:19:67:f3:6d:54:d1:6f:ef:d4:
                    c6:fe:cd:d9:b9:68:e6:08:bd:60:23:8d:bc:9c:1e:
                    ef:12:55:af:fe:1c:87:a6:02:2e:7c:af:b4:0d:67:
                    27:22:91:63:17:ab:e6:59:6a:c2:ec:47:26:db:da:
                    86:39:dd:eb:c0:5f:41:ba:15:e3:e1:c4:b1:fa:f4:
                    e1:5a:23:16:51:bf:a3:bf:7e:ce:a3:8f:80:06:f8:
                    51:52:d1:2f:fb:24:e4:9f:ca:23:36:e0:9b:b4:47:
                    07:c9:83:43:8a:7a:02:c3:cf:0c:e8:bc:cb:93:06:
                    c8:9f:40:c7:99:00:fb:2a:74:e7:be:24:fe:3a:1a:
                    30:50:5c:16:6d:78:35:ae:e2:3e:33:04:7f:76:7e:
                    66:c9:b9:27:65:c4:2e:e6:a7:01:d7:f1:52:00:6b:
                    76:f0:4f:c2:89:44:d8:39:f8:12:a4:ca:78:b0:f3:
                    bb:bf:61:12:c8:60:3a:db:cb:0f:41:3d:6c:c6:d4:
                    b5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:54:D5:CE:19:9A:51:93:EF:D2:BA:BE:99:AF:5D:0F:58:46:ED:08
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/m1TVzhmaUZPv0rq-ma9dD1hG7Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:45:48:cc:75:51:86:79:bd:68:85:90:0e:59:8d:0a:a3:d3:
         f4:1b:ea:e8:5f:a1:1c:48:88:ef:e1:d8:12:53:61:e9:e6:ae:
         04:f1:78:64:7e:4b:a4:02:ab:56:7b:66:78:e2:8a:ef:6e:f4:
         5e:4e:2e:39:f8:6c:25:ce:8b:4d:75:97:22:1b:f6:b9:53:91:
         7e:89:3d:61:ab:e3:33:92:4e:a2:c1:bf:cd:a3:74:2d:0c:b7:
         8e:5c:c0:0e:b8:39:56:db:d8:bc:59:5d:32:e9:54:fa:94:6e:
         48:41:ab:ee:fa:f8:50:4c:03:f6:9b:95:84:4a:94:f0:b1:c3:
         a7:60:9c:c1:0c:b7:51:cc:6a:66:fb:e1:6f:54:1b:f8:7b:2f:
         fb:6b:a7:24:7f:c6:3a:cd:ba:b9:7f:ab:64:8b:b3:49:94:3e:
         c4:5c:b2:68:6a:a1:64:94:27:dc:5e:48:de:b1:a6:3e:57:1d:
         60:a9:9c:e0:49:34:6f:ba:bf:97:91:e3:30:f2:78:ee:3b:c6:
         c9:c9:16:3d:35:c8:e8:3d:8c:63:70:5c:3b:62:62:57:24:e3:
         3e:12:a3:8b:d8:a9:9f:7a:8a:68:11:8d:dc:3c:e6:d7:6d:4c:
         f6:3b:db:d4:a6:5b:a9:c2:7b:93:e8:82:8f:a6:a3:8b:3d:01:
         27:f9:6e:61
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgt4PoETMoBRkTUIwekC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjU0ZDVjZTE5OWE1MTkzZWZkMmJhYmU5OWFmNWQwZjU4NDZlZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhyzijUGkaiiuIdvyej3wK6cixpL
lb+yIf00RvprV9M3N28uJL5b/r195oTSoLWWz5tOyTqoH2X4v+zCKr151g8ZZ/Nt
VNFv79TG/s3ZuWjmCL1gI428nB7vElWv/hyHpgIufK+0DWcnIpFjF6vmWWrC7Ecm
29qGOd3rwF9BuhXj4cSx+vThWiMWUb+jv37Oo4+ABvhRUtEv+yTkn8ojNuCbtEcH
yYNDinoCw88M6LzLkwbIn0DHmQD7KnTnviT+OhowUFwWbXg1ruI+MwR/dn5mybkn
ZcQu5qcB1/FSAGt28E/CiUTYOfgSpMp4sPO7v2ESyGA628sPQT1sxtS12wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFJtU1c4ZmlGT79K6vpmvXQ9YRu0IMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvbTFUVnpobWFVWlB2MHJxLW1hOWREMWhHN1FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAI0VIzHVRhnm9aIWQDlmNCqPT9Bvq6F+h
HEiI7+HYElNh6eauBPF4ZH5LpAKrVntmeOKK7270Xk4uOfhsJc6LTXWXIhv2uVOR
fok9YavjM5JOosG/zaN0LQy3jlzADrg5VtvYvFldMulU+pRuSEGr7vr4UEwD9puV
hEqU8LHDp2CcwQy3UcxqZvvhb1Qb+Hsv+2unJH/GOs26uX+rZIuzSZQ+xFyyaGqh
ZJQn3F5I3rGmPlcdYKmc4Ek0b7q/l5HjMPJ47jvGyckWPTXI6D2MY3BcO2JiVyTj
PhKji9ipn3qKaBGN3Dzm121M9jvb1KZbqcJ7k+iCj6ajiz0BJ/luYQ==
-----END CERTIFICATE-----