Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ra0vXy39_mGPzqEuPDZ63sweDps.roa
File:                     ra0vXy39_mGPzqEuPDZ63sweDps.roa (raw, json)
Hash identifier:          ZVw9KZtIWjlvWa7FVgHZR/NS2zCQAHX47YQ0TnPFRgE=
Subject key identifier:   AD:AD:2F:5F:2D:FD:FE:61:8F:CE:A1:2E:3C:36:7A:DE:CC:1E:0E:9B
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82B665FE3E11CBFA7C2EECA2C92F9A
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ra0vXy39_mGPzqEuPDZ63sweDps.roa
Signing time:             Thu 26 Mar 2026 14:18:22 +0000
ROA not before:           Thu 26 Mar 2026 14:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396541
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:b6:65:fe:3e:11:cb:fa:7c:2e:ec:a2:c9:2f:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=adad2f5f2dfdfe618fcea12e3c367adecc1e0e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1c:df:1e:f4:be:f7:39:63:0b:49:26:31:c9:
                    9f:31:92:47:44:c2:fc:50:3c:cf:dc:a1:aa:ed:ff:
                    94:be:69:2e:a4:b5:79:7a:b8:f8:e9:60:71:96:63:
                    d6:80:9e:b9:af:5e:45:0e:76:fa:02:7c:72:46:63:
                    9b:c0:39:ac:68:6d:fa:65:08:85:76:38:84:96:4b:
                    3e:53:35:50:28:a2:ee:63:c3:b9:c9:4b:2c:67:4b:
                    2e:80:98:ee:83:a7:af:2a:78:e5:37:77:80:aa:17:
                    23:94:75:6f:38:18:4b:3f:bf:09:4e:1a:b6:a5:5d:
                    9b:4b:bf:ac:66:d9:72:cd:81:1b:05:09:5d:bf:af:
                    d1:49:a6:c9:ef:7a:1e:2d:79:29:14:52:9c:22:81:
                    5b:c9:7d:17:44:7e:86:36:55:57:fe:06:36:ff:e0:
                    27:2a:83:4e:72:70:41:6d:8d:ac:c5:5d:0e:26:58:
                    d6:a3:01:ae:ee:18:7b:64:f4:e3:9a:58:94:42:10:
                    75:28:d2:78:0d:1d:5b:ca:58:2b:80:73:58:46:a9:
                    32:1a:69:c0:7b:a2:bd:a7:2e:b8:b6:ba:48:14:44:
                    a3:f4:21:cf:63:fa:f5:55:05:fe:49:35:a4:e4:39:
                    d8:49:61:87:f4:67:0c:9c:12:53:fd:d7:01:13:bf:
                    95:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:AD:2F:5F:2D:FD:FE:61:8F:CE:A1:2E:3C:36:7A:DE:CC:1E:0E:9B
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ra0vXy39_mGPzqEuPDZ63sweDps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:b3:76:08:a5:0e:35:d4:43:a1:a9:05:2d:89:c6:cb:33:ff:
         34:63:20:b9:f0:e9:8f:23:11:de:bf:76:06:6a:91:56:89:60:
         16:16:e2:7d:8e:3c:23:e4:cb:59:e5:a0:b1:ef:5a:f0:e7:39:
         d9:ef:ff:19:53:ee:c7:68:51:8d:d0:54:80:0f:56:01:0c:e1:
         42:b1:06:f8:d1:67:7c:cb:9d:e9:0d:ed:6c:6e:ff:a2:86:11:
         f7:7e:fb:01:1e:ef:d5:77:c5:d0:7b:43:d0:34:67:0d:d6:00:
         b5:0d:77:88:94:10:3c:75:71:0c:90:ee:87:38:d8:62:f4:c9:
         fb:17:4e:98:31:e4:3c:e4:68:a6:30:39:01:78:bc:39:eb:7e:
         80:b6:25:16:47:16:ce:08:56:16:12:99:e4:6c:6c:34:66:a8:
         59:8c:62:e0:f8:f7:fc:15:d0:fe:1b:0f:26:0f:9c:3f:13:cf:
         07:23:13:c3:9d:f4:2a:12:33:e0:2d:3c:81:37:cc:c4:c8:50:
         47:53:24:80:69:07:b8:84:66:0a:e5:76:79:bf:8b:98:6b:8a:
         88:df:46:bf:e3:41:62:66:a7:c8:61:86:39:91:9f:72:d7:b5:
         a2:5e:0a:94:6c:05:78:b0:69:47:f3:d1:08:57:d9:ac:46:b7:
         59:65:e4:17
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgrZl/j4Ry/p8LuyiyS+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGFkMmY1ZjJkZmRmZTYxOGZjZWExMmUzYzM2N2FkZWNjMWUwZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshzfHvS+9zljC0kmMcmfMZJHRML8
UDzP3KGq7f+UvmkupLV5erj46WBxlmPWgJ65r15FDnb6AnxyRmObwDmsaG36ZQiF
djiElks+UzVQKKLuY8O5yUssZ0sugJjug6evKnjlN3eAqhcjlHVvOBhLP78JThq2
pV2bS7+sZtlyzYEbBQldv6/RSabJ73oeLXkpFFKcIoFbyX0XRH6GNlVX/gY2/+An
KoNOcnBBbY2sxV0OJljWowGu7hh7ZPTjmliUQhB1KNJ4DR1bylgrgHNYRqkyGmnA
e6K9py64trpIFESj9CHPY/r1VQX+STWk5DnYSWGH9GcMnBJT/dcBE7+VwwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFK2tL18t/f5hj86hLjw2et7MHg6bMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvcmEwdlh5MzlfbUdQenFFdVBEWjYzc3dlRHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAI7N2CKUONdRDoakFLYnGyzP/NGMgufDp
jyMR3r92BmqRVolgFhbifY48I+TLWeWgse9a8Oc52e//GVPux2hRjdBUgA9WAQzh
QrEG+NFnfMud6Q3tbG7/ooYR9377AR7v1XfF0HtD0DRnDdYAtQ13iJQQPHVxDJDu
hzjYYvTJ+xdOmDHkPORopjA5AXi8Oet+gLYlFkcWzghWFhKZ5GxsNGaoWYxi4Pj3
/BXQ/hsPJg+cPxPPByMTw530KhIz4C08gTfMxMhQR1MkgGkHuIRmCuV2eb+LmGuK
iN9Gv+NBYmanyGGGOZGfcte1ol4KlGwFeLBpR/PRCFfZrEa3WWXkFw==
-----END CERTIFICATE-----