Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/sUEOn86khI-VluPL5w0SPrejk98.roa
File:                     sUEOn86khI-VluPL5w0SPrejk98.roa (raw, json)
Hash identifier:          JG2kE3vezem53dKHnPfX4VUCU8zLySb4kL5G43INQi4=
Subject key identifier:   B1:41:0E:9F:CE:A4:84:8F:95:96:E3:CB:E7:0D:12:3E:B7:A3:93:DF
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82B5796463A51B37A23A35CFF04958
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/sUEOn86khI-VluPL5w0SPrejk98.roa
Signing time:             Thu 26 Mar 2026 14:18:22 +0000
ROA not before:           Thu 26 Mar 2026 14:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40717
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:b5:79:64:63:a5:1b:37:a2:3a:35:cf:f0:49:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1410e9fcea4848f9596e3cbe70d123eb7a393df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b7:c1:c0:8b:7c:22:65:87:24:36:47:c4:15:
                    0a:0b:54:8b:f7:30:d2:37:dd:11:e3:ef:34:c8:68:
                    ea:2f:9e:e4:90:62:a4:88:90:20:03:8d:b7:05:38:
                    38:5c:a6:0e:e6:87:95:aa:4e:e3:77:8b:a7:18:1a:
                    bd:16:a4:0e:04:53:c6:3d:64:f1:c3:bb:cd:2d:9d:
                    d2:3e:94:12:e6:63:4b:6f:ab:2b:0e:f8:a4:25:e7:
                    51:d8:40:59:f9:cb:fe:1c:6b:d8:67:9f:e9:e2:b2:
                    11:77:34:9b:53:76:45:f4:a1:b1:7b:43:2c:85:90:
                    9b:04:0d:eb:00:1b:1b:12:e8:20:2f:86:0f:ad:01:
                    f6:db:08:54:9f:03:18:5f:33:3f:2f:bc:9e:b0:d4:
                    d5:eb:db:af:da:af:eb:18:4c:a6:67:bc:0b:80:8d:
                    bc:01:ce:e4:f5:fa:dc:d8:fd:8c:5c:3c:4f:a2:18:
                    21:b2:bc:a2:c6:b2:07:17:5e:10:39:66:83:cd:37:
                    32:28:18:c0:50:d1:29:b3:6b:f9:7f:6e:74:d0:e9:
                    16:72:08:f8:b3:54:be:f0:d3:32:93:90:d3:cb:89:
                    34:a9:47:51:6e:43:56:98:35:10:ff:ec:19:24:ec:
                    b0:7b:2d:14:ba:67:66:b5:df:be:06:a1:ea:c5:e1:
                    e1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:41:0E:9F:CE:A4:84:8F:95:96:E3:CB:E7:0D:12:3E:B7:A3:93:DF
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/sUEOn86khI-VluPL5w0SPrejk98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:87:84:92:a5:4a:e7:10:e5:b4:ea:27:e8:3a:59:8e:e3:f7:
         5b:5a:77:b9:d3:e7:98:88:55:ae:55:83:70:34:63:1a:06:d9:
         ef:14:cc:2c:0b:cf:b3:26:3d:ce:55:6d:c5:c5:a0:4a:c7:23:
         de:0c:4c:2a:1a:71:70:15:f6:91:a4:35:b6:2e:48:b4:6e:ff:
         97:48:02:e9:a2:8e:02:9d:69:c8:b6:d3:e2:d0:45:47:16:f4:
         55:b9:de:31:c7:e0:6c:7e:a5:6d:6b:ed:ef:76:cb:96:ed:78:
         32:cd:47:6c:44:4f:7f:7f:90:06:82:f8:15:27:7a:d5:e3:77:
         5f:e5:71:f9:7f:d5:e9:a6:59:da:a9:1c:c6:e5:c4:58:f7:25:
         db:5e:ab:5f:28:62:bb:e2:e3:91:c3:92:92:89:eb:5f:34:e8:
         bc:ce:76:a1:94:9d:39:6e:3c:3b:b1:59:4e:e3:52:b8:69:b3:
         46:f4:7e:3a:68:9d:71:cb:61:7a:29:17:61:f9:30:e4:36:47:
         4f:2e:ab:56:44:c5:fc:de:a6:10:d5:4d:0c:93:1e:b9:b9:8c:
         a6:ea:17:34:c1:a8:50:23:fb:43:01:c6:5a:c6:d7:f7:64:b5:
         d2:b4:fb:89:2e:16:70:9f:f4:d5:c8:0f:64:24:80:6b:43:40:
         51:06:38:1a
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgrV5ZGOlGzeiOjXP8ElYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQxMGU5ZmNlYTQ4NDhmOTU5NmUzY2JlNzBkMTIzZWI3YTM5M2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLfBwIt8ImWHJDZHxBUKC1SL9zDS
N90R4+80yGjqL57kkGKkiJAgA423BTg4XKYO5oeVqk7jd4unGBq9FqQOBFPGPWTx
w7vNLZ3SPpQS5mNLb6srDvikJedR2EBZ+cv+HGvYZ5/p4rIRdzSbU3ZF9KGxe0Ms
hZCbBA3rABsbEuggL4YPrQH22whUnwMYXzM/L7yesNTV69uv2q/rGEymZ7wLgI28
Ac7k9frc2P2MXDxPohghsryixrIHF14QOWaDzTcyKBjAUNEps2v5f2500OkWcgj4
s1S+8NMyk5DTy4k0qUdRbkNWmDUQ/+wZJOywey0Uumdmtd++BqHqxeHh2QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFLFBDp/OpISPlZbjy+cNEj63o5PfMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvc1VFT244NmtoSS1WbHVQTDV3MFNQcmVqazk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAJ4eEkqVK5xDltOon6DpZjuP3W1p3udPn
mIhVrlWDcDRjGgbZ7xTMLAvPsyY9zlVtxcWgSscj3gxMKhpxcBX2kaQ1ti5ItG7/
l0gC6aKOAp1pyLbT4tBFRxb0VbneMcfgbH6lbWvt73bLlu14Ms1HbERPf3+QBoL4
FSd61eN3X+Vx+X/V6aZZ2qkcxuXEWPcl216rXyhiu+LjkcOSkonrXzTovM52oZSd
OW48O7FZTuNSuGmzRvR+OmidcctheikXYfkw5DZHTy6rVkTF/N6mENVNDJMeubmM
puoXNMGoUCP7QwHGWsbX92S10rT7iS4WcJ/01cgPZCSAa0NAUQY4Gg==
-----END CERTIFICATE-----