Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/u1dj988hxj3Q8Nv8qbKxyXllJaQ.roa
File:                     u1dj988hxj3Q8Nv8qbKxyXllJaQ.roa (raw, json)
Hash identifier:          ia1bdV0i+C13DU5mXyM4dA1PgeQFENMc46nTEpVgL8E=
Subject key identifier:   BB:57:63:F7:CF:21:C6:3D:D0:F0:DB:FC:A9:B2:B1:C9:79:65:25:A4
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82DBBF4A54E3D9B23D900F9AAC596A
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/u1dj988hxj3Q8Nv8qbKxyXllJaQ.roa
Signing time:             Thu 26 Mar 2026 14:18:32 +0000
ROA not before:           Thu 26 Mar 2026 14:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397201
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:db:bf:4a:54:e3:d9:b2:3d:90:0f:9a:ac:59:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb5763f7cf21c63dd0f0dbfca9b2b1c9796525a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9a:e9:98:43:d8:d0:40:fc:0d:17:86:c4:67:
                    cd:69:28:14:e9:17:53:74:20:94:66:f6:f9:ee:f2:
                    64:64:3c:60:ef:e4:05:aa:e4:42:8f:0a:e2:a1:db:
                    78:81:cd:29:92:52:5e:76:5b:1f:12:01:74:a9:64:
                    48:05:af:34:0f:63:51:e6:75:e5:91:53:23:87:3f:
                    fc:1e:a0:c7:e9:21:2f:55:bd:52:d1:4c:0e:d5:ee:
                    64:1b:e7:4a:19:5c:0c:31:59:91:08:d8:ea:c7:8c:
                    78:40:2f:a6:f8:d3:99:28:0d:54:24:13:68:44:db:
                    a8:8b:25:c3:1b:ca:3f:bd:c6:d5:e3:53:6c:f5:fe:
                    63:7a:1c:3a:54:da:38:ff:e6:f5:e4:e6:fd:5d:56:
                    e9:86:33:86:fe:15:46:05:70:ee:da:f8:e7:8d:e9:
                    d4:be:f4:f5:11:7a:3e:b2:00:70:15:7a:c9:6b:44:
                    70:83:2b:a1:ce:95:ad:26:2c:13:58:b5:65:d3:af:
                    ec:44:37:bf:a3:37:c3:72:cf:c8:8d:93:db:ec:4c:
                    98:e6:7d:e3:56:9d:28:1c:7f:a0:8c:0f:bf:1f:89:
                    44:fc:a3:d9:dd:cb:18:c6:18:a8:c4:bf:51:b7:03:
                    89:d5:54:08:4d:21:c0:39:63:52:f4:d3:49:94:dc:
                    7d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:57:63:F7:CF:21:C6:3D:D0:F0:DB:FC:A9:B2:B1:C9:79:65:25:A4
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/u1dj988hxj3Q8Nv8qbKxyXllJaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:9a:ca:90:35:83:1f:bb:07:92:52:38:fa:6b:90:00:da:ba:
         09:59:3d:50:25:32:ca:8d:a7:6a:d2:d2:6f:01:39:07:2d:20:
         ee:96:63:8f:09:bf:d4:de:41:1e:a6:6e:80:54:22:27:fa:2c:
         ed:ff:d4:c9:66:d1:48:9b:7e:ef:b7:64:c5:22:73:89:d1:b4:
         d8:7e:60:e4:b5:d3:20:97:c4:54:91:16:cf:27:22:01:b5:51:
         3d:33:d2:89:03:84:80:24:9e:c1:d3:5d:1a:8a:36:7e:3a:f0:
         28:26:72:b2:43:a7:8b:0b:7d:ac:fd:a8:6e:89:6e:5d:c2:96:
         94:d4:ff:5f:25:9c:ee:c5:85:be:44:20:4e:a2:9c:fe:99:18:
         ee:8b:e7:dd:f6:8a:7e:fc:44:b9:d4:bf:0b:4f:e7:19:79:34:
         6a:06:85:01:4a:81:7d:e7:b2:83:cc:f3:07:2f:89:7b:d5:61:
         64:8a:a6:dd:d9:2a:a0:a7:e5:cd:81:2e:c5:52:3b:23:91:5d:
         ac:c1:97:07:4d:b4:ef:19:f2:83:08:5b:31:f5:3d:ab:b5:82:
         a6:8c:46:b1:f9:66:b7:00:9d:81:08:18:e3:7a:01:99:eb:2b:
         39:85:fc:05:51:21:42:df:ad:4c:e6:b1:07:60:18:4d:41:68:
         15:2e:5f:84
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtu/SlTj2bI9kA+arFlqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjU3NjNmN2NmMjFjNjNkZDBmMGRiZmNhOWIyYjFjOTc5NjUyNWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvprpmEPY0ED8DReGxGfNaSgU6RdT
dCCUZvb57vJkZDxg7+QFquRCjwriodt4gc0pklJedlsfEgF0qWRIBa80D2NR5nXl
kVMjhz/8HqDH6SEvVb1S0UwO1e5kG+dKGVwMMVmRCNjqx4x4QC+m+NOZKA1UJBNo
RNuoiyXDG8o/vcbV41Ns9f5jehw6VNo4/+b15Ob9XVbphjOG/hVGBXDu2vjnjenU
vvT1EXo+sgBwFXrJa0RwgyuhzpWtJiwTWLVl06/sRDe/ozfDcs/IjZPb7EyY5n3j
Vp0oHH+gjA+/H4lE/KPZ3csYxhioxL9RtwOJ1VQITSHAOWNS9NNJlNx9aQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFLtXY/fPIcY90PDb/Kmyscl5ZSWkMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvdTFkajk4OGh4ajNROE52OHFiS3h5WGxsSmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAo5rKkDWDH7sHklI4+muQANq6CVk9UCUy
yo2natLSbwE5By0g7pZjjwm/1N5BHqZugFQiJ/os7f/UyWbRSJt+77dkxSJzidG0
2H5g5LXTIJfEVJEWzyciAbVRPTPSiQOEgCSewdNdGoo2fjrwKCZyskOniwt9rP2o
boluXcKWlNT/XyWc7sWFvkQgTqKc/pkY7ovn3faKfvxEudS/C0/nGXk0agaFAUqB
feeyg8zzBy+Je9VhZIqm3dkqoKflzYEuxVI7I5FdrMGXB0207xnygwhbMfU9q7WC
poxGsflmtwCdgQgY43oBmesrOYX8BVEhQt+tTOaxB2AYTUFoFS5fhA==
-----END CERTIFICATE-----