Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/psQ8eyNridHcrGMXp1lHn1s0hwU.roa
File:                     psQ8eyNridHcrGMXp1lHn1s0hwU.roa (raw, json)
Hash identifier:          SEHohbFtEQFaZt8l0DN24nxDPxt2cPwzm+RwLTbFJkk=
Subject key identifier:   A6:C4:3C:7B:23:6B:89:D1:DC:AC:63:17:A7:59:47:9F:5B:34:87:05
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82C24351A4012C6B525A9835D9F114
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/psQ8eyNridHcrGMXp1lHn1s0hwU.roa
Signing time:             Thu 26 Mar 2026 14:18:25 +0000
ROA not before:           Thu 26 Mar 2026 14:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396567
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:c2:43:51:a4:01:2c:6b:52:5a:98:35:d9:f1:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6c43c7b236b89d1dcac6317a759479f5b348705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2d:c0:fa:6d:00:99:9c:33:88:e7:16:41:94:
                    80:85:35:da:f3:56:7c:5d:76:3b:bc:2c:b9:ea:a9:
                    65:d8:32:72:36:35:93:7e:7f:bc:d0:73:91:61:47:
                    05:35:24:1c:b0:95:9e:31:5b:f1:e3:35:bb:19:40:
                    c1:69:e8:88:68:88:f9:1d:6d:9c:9f:29:b6:c8:b5:
                    ca:2e:0b:bf:be:2a:a5:cf:40:00:65:96:32:47:46:
                    90:f4:22:48:ee:4f:96:67:b9:73:56:b6:ce:28:c4:
                    d4:8d:90:96:4e:0e:f0:8b:21:67:04:f1:7a:59:a9:
                    9f:97:7a:17:83:38:1c:2f:d7:01:a5:ec:95:09:cb:
                    36:c0:1f:01:35:ac:b8:03:5b:98:82:a6:08:b9:a1:
                    c1:fa:9e:88:4f:09:e7:0c:67:ae:7e:e3:fc:4b:5d:
                    25:d1:08:d5:a4:8c:e5:86:f3:f1:36:97:27:10:cb:
                    cc:10:14:91:3b:44:15:d9:9e:2e:40:97:c5:70:2f:
                    89:33:de:5f:9c:0d:65:a9:9f:fc:31:d5:90:c6:c8:
                    84:e0:62:bc:2b:eb:d5:5d:fc:bf:92:c3:f0:a0:99:
                    63:92:eb:a8:08:a8:84:dc:65:bb:85:a6:07:4a:d3:
                    98:02:12:25:04:a9:03:78:e6:b1:bb:19:14:45:d7:
                    d2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:C4:3C:7B:23:6B:89:D1:DC:AC:63:17:A7:59:47:9F:5B:34:87:05
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/psQ8eyNridHcrGMXp1lHn1s0hwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:5e:b3:10:17:76:8b:a9:c7:0c:ab:f0:15:08:c6:f3:8e:d5:
         38:23:c8:10:d7:fa:69:5b:3c:6b:8d:0d:e0:7c:51:f1:6d:34:
         71:e2:64:eb:9d:3a:19:21:a6:a8:4d:ca:6b:4f:af:29:f2:bc:
         f0:fc:4b:e5:53:43:99:1d:e8:ac:41:85:de:6c:92:7b:26:03:
         17:01:6f:22:25:da:64:ea:dc:6e:86:90:6b:4a:7d:c0:e2:d6:
         38:53:3a:8e:96:28:3c:93:47:2c:f1:ce:72:1e:ab:5d:40:a1:
         4b:0c:03:0a:b6:d6:ba:cc:c9:d4:b5:f5:e6:95:37:c7:0a:b9:
         80:02:e7:d4:b7:1a:3f:48:6c:62:3d:78:82:6f:a5:92:dc:bc:
         28:fa:5c:c2:82:b5:85:61:2e:bb:3c:f6:07:d5:2f:47:32:05:
         43:e9:95:71:44:84:91:02:ec:0e:f6:ec:66:85:7e:c2:27:eb:
         37:28:76:88:f9:ce:e3:93:52:c5:1c:c7:56:38:22:f4:4b:89:
         87:3b:85:49:ec:04:d3:e9:12:5e:e1:1c:f3:3c:80:85:cf:42:
         38:97:e3:a9:8b:e4:94:89:fc:8f:dd:6d:96:e1:9d:f4:d1:ab:
         b9:c2:34:f5:1d:bd:4c:64:47:75:05:aa:51:18:22:6f:f9:b0:
         22:a8:59:b1
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgsJDUaQBLGtSWpg12fEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmM0M2M3YjIzNmI4OWQxZGNhYzYzMTdhNzU5NDc5ZjViMzQ4NzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzi3A+m0AmZwziOcWQZSAhTXa81Z8
XXY7vCy56qll2DJyNjWTfn+80HORYUcFNSQcsJWeMVvx4zW7GUDBaeiIaIj5HW2c
nym2yLXKLgu/viqlz0AAZZYyR0aQ9CJI7k+WZ7lzVrbOKMTUjZCWTg7wiyFnBPF6
Wamfl3oXgzgcL9cBpeyVCcs2wB8BNay4A1uYgqYIuaHB+p6ITwnnDGeufuP8S10l
0QjVpIzlhvPxNpcnEMvMEBSRO0QV2Z4uQJfFcC+JM95fnA1lqZ/8MdWQxsiE4GK8
K+vVXfy/ksPwoJljkuuoCKiE3GW7haYHStOYAhIlBKkDeOaxuxkURdfSkwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFKbEPHsja4nR3KxjF6dZR59bNIcFMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvcHNROGV5TnJpZEhjckdNWHAxbEhuMXMwaHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAvF6zEBd2i6nHDKvwFQjG847VOCPIENf6
aVs8a40N4HxR8W00ceJk6506GSGmqE3Ka0+vKfK88PxL5VNDmR3orEGF3mySeyYD
FwFvIiXaZOrcboaQa0p9wOLWOFM6jpYoPJNHLPHOch6rXUChSwwDCrbWuszJ1LX1
5pU3xwq5gALn1LcaP0hsYj14gm+lkty8KPpcwoK1hWEuuzz2B9UvRzIFQ+mVcUSE
kQLsDvbsZoV+wifrNyh2iPnO45NSxRzHVjgi9EuJhzuFSewE0+kSXuEc8zyAhc9C
OJfjqYvklIn8j91tluGd9NGrucI09R29TGRHdQWqURgib/mwIqhZsQ==
-----END CERTIFICATE-----