Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/mErDUQ0SVqt9FEWQKqUtROSnaHM.roa
File:                     mErDUQ0SVqt9FEWQKqUtROSnaHM.roa (raw, json)
Hash identifier:          N59p14Dlym71ixqfFB15xYjzEg0P+v1aCPinwe8hmKo=
Subject key identifier:   98:4A:C3:51:0D:12:56:AB:7D:14:45:90:2A:A5:2D:44:E4:A7:68:73
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82ABF58911E9A32A8D93284BC024F3
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/mErDUQ0SVqt9FEWQKqUtROSnaHM.roa
Signing time:             Thu 26 Mar 2026 14:18:19 +0000
ROA not before:           Thu 26 Mar 2026 14:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     27544
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:ab:f5:89:11:e9:a3:2a:8d:93:28:4b:c0:24:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=984ac3510d1256ab7d1445902aa52d44e4a76873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8d:1c:b7:5f:db:c3:1b:e8:a3:d4:34:69:83:
                    08:00:5a:ec:a1:74:9d:56:ae:58:70:47:61:da:c4:
                    7d:0d:55:81:19:80:16:0c:0f:2f:5e:75:70:ac:47:
                    10:00:8b:1d:f7:db:67:dc:69:56:a6:28:8b:ed:61:
                    3b:43:0a:bb:84:25:f3:ef:17:31:96:00:9d:11:cd:
                    1e:e0:34:97:2b:cc:5a:78:91:d2:95:9f:d9:31:e8:
                    d1:e3:b7:7e:25:d0:ff:ad:61:77:f5:d0:cb:bd:96:
                    b6:c3:f2:46:3f:b3:74:69:14:9c:d2:ec:f1:2d:de:
                    2f:4c:49:bc:84:a0:10:66:a6:21:eb:bc:46:65:f0:
                    e4:f5:d8:b5:a0:bd:df:40:6a:0e:f6:38:61:ae:15:
                    35:7e:6e:92:8f:7a:a1:19:8f:3e:bd:f2:97:39:38:
                    1f:39:8a:e0:8b:4f:4b:9f:d5:a3:61:de:e1:f1:62:
                    94:a2:dc:7d:3f:e8:94:ee:d6:9b:2b:6a:62:83:65:
                    4a:7b:f7:cc:dd:c0:ec:c6:1c:e1:ae:55:28:ea:90:
                    c8:40:08:99:ad:01:96:af:45:d5:a8:03:b3:84:c4:
                    e9:45:97:c0:b9:33:ec:1a:20:47:d8:b5:ff:b8:d8:
                    a3:84:c1:35:16:ee:72:04:7e:dc:65:47:50:68:02:
                    39:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:4A:C3:51:0D:12:56:AB:7D:14:45:90:2A:A5:2D:44:E4:A7:68:73
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/mErDUQ0SVqt9FEWQKqUtROSnaHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:9c:f4:e4:2c:76:5b:b1:d5:90:5d:8b:73:4e:93:8a:36:c8:
         61:79:9c:dd:61:75:ea:52:c9:e7:da:33:cb:9a:30:55:51:95:
         4d:7c:f7:11:56:33:0d:8b:b9:eb:14:d7:b9:3c:e7:ac:8a:98:
         70:c6:3b:a7:92:0c:7c:c8:f5:9f:45:df:b7:e8:4d:3a:29:c8:
         b8:d7:e5:0a:67:ac:1c:be:83:d8:6b:87:4b:22:7d:ff:cd:d5:
         00:72:34:c1:4f:fc:bd:c0:73:26:bb:d0:f5:1b:70:a9:37:a8:
         f1:cd:70:43:bf:d0:e0:6d:9e:f5:6b:e0:d8:d6:72:80:d7:5e:
         ce:45:96:0b:a6:05:9a:d2:60:3b:bd:d7:ca:d2:0d:c3:70:12:
         d8:12:ec:a5:49:f7:4f:aa:aa:c8:36:c7:0b:5f:9b:6c:68:af:
         a2:09:4d:a2:72:0f:49:4b:c8:75:5c:4b:f0:39:cd:bc:5b:36:
         4c:eb:19:a5:e0:89:62:5f:f0:3d:8b:ce:4c:1e:30:fe:6b:ef:
         82:f6:29:75:68:e0:96:ee:37:34:ff:b7:37:c0:55:0e:a0:f4:
         69:bf:6d:ff:a4:bc:33:a0:55:7e:ad:57:43:d6:f5:d5:37:8d:
         b9:56:54:34:03:74:58:b7:c7:2f:38:24:97:96:de:89:c9:ad:
         0d:4c:b6:61
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgqv1iRHpoyqNkyhLwCTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODRhYzM1MTBkMTI1NmFiN2QxNDQ1OTAyYWE1MmQ0NGU0YTc2ODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Y0ct1/bwxvoo9Q0aYMIAFrsoXSd
Vq5YcEdh2sR9DVWBGYAWDA8vXnVwrEcQAIsd99tn3GlWpiiL7WE7Qwq7hCXz7xcx
lgCdEc0e4DSXK8xaeJHSlZ/ZMejR47d+JdD/rWF39dDLvZa2w/JGP7N0aRSc0uzx
Ld4vTEm8hKAQZqYh67xGZfDk9di1oL3fQGoO9jhhrhU1fm6Sj3qhGY8+vfKXOTgf
OYrgi09Ln9WjYd7h8WKUotx9P+iU7tabK2pig2VKe/fM3cDsxhzhrlUo6pDIQAiZ
rQGWr0XVqAOzhMTpRZfAuTPsGiBH2LX/uNijhME1Fu5yBH7cZUdQaAI5wwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFJhKw1ENElarfRRFkCqlLUTkp2hzMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvbUVyRFVRMFNWcXQ5RkVXUUtxVXRST1NuYUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAVZz05Cx2W7HVkF2Lc06TijbIYXmc3WF1
6lLJ59ozy5owVVGVTXz3EVYzDYu56xTXuTznrIqYcMY7p5IMfMj1n0Xft+hNOinI
uNflCmesHL6D2GuHSyJ9/83VAHI0wU/8vcBzJrvQ9RtwqTeo8c1wQ7/Q4G2e9Wvg
2NZygNdezkWWC6YFmtJgO73XytINw3AS2BLspUn3T6qqyDbHC1+bbGivoglNonIP
SUvIdVxL8DnNvFs2TOsZpeCJYl/wPYvOTB4w/mvvgvYpdWjglu43NP+3N8BVDqD0
ab9t/6S8M6BVfq1XQ9b11TeNuVZUNAN0WLfHLzgkl5beicmtDUy2YQ==
-----END CERTIFICATE-----