Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wFDFbKtyoqCRgteoxXxhcb0MKr4.roa
File:                     wFDFbKtyoqCRgteoxXxhcb0MKr4.roa (raw, json)
Hash identifier:          Sc6UnREs9QfaBKrGez9x/WeKn5rETwO5QqjteldP2JU=
Subject key identifier:   C0:50:C5:6C:AB:72:A2:A0:91:82:D7:A8:C5:7C:61:71:BD:0C:2A:BE
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82C52A844638548602E7C685632661
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wFDFbKtyoqCRgteoxXxhcb0MKr4.roa
Signing time:             Thu 26 Mar 2026 14:18:26 +0000
ROA not before:           Thu 26 Mar 2026 14:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396576
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:c5:2a:84:46:38:54:86:02:e7:c6:85:63:26:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c050c56cab72a2a09182d7a8c57c6171bd0c2abe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:92:8e:f7:6b:ef:09:60:dd:30:78:19:1e:ab:
                    80:9d:2c:cd:f8:24:30:7f:ed:11:a4:e8:dd:78:67:
                    2b:bf:a6:70:35:0b:3d:a7:eb:29:7c:4d:9f:6c:51:
                    4e:25:ff:e6:f4:10:96:bc:b0:38:3e:8d:de:26:e9:
                    0e:02:11:3d:0a:b7:31:27:76:4f:c3:04:b5:5f:e7:
                    2f:59:1d:45:ea:a3:b4:40:bd:38:95:34:1b:11:0b:
                    20:aa:b3:a7:90:80:10:bd:50:7d:ab:59:85:e4:fd:
                    07:eb:e6:3c:13:b1:1f:11:95:8a:03:04:26:65:5d:
                    c7:54:69:5d:30:35:36:8d:13:71:52:4c:2a:66:9c:
                    e0:5c:a1:39:e2:f1:5b:99:80:f6:ce:31:36:34:5c:
                    26:15:ae:2d:3d:81:cf:ad:ad:d8:ed:54:ba:c0:66:
                    6a:f9:9f:58:3c:8e:1f:3a:1d:3f:23:e8:0a:dd:89:
                    be:e7:fd:98:f7:d3:f8:97:72:b0:d7:c0:0d:4f:52:
                    45:7b:1b:6c:9d:00:cf:5a:1b:43:da:b9:0e:f3:51:
                    3e:72:32:ed:6e:15:92:da:33:04:ed:79:8a:15:63:
                    2f:b9:37:7a:f2:bf:bc:a3:da:e9:86:e4:d9:b0:cf:
                    a9:31:4d:a4:e2:34:f6:f0:43:f5:25:5c:99:e7:35:
                    47:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:50:C5:6C:AB:72:A2:A0:91:82:D7:A8:C5:7C:61:71:BD:0C:2A:BE
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/wFDFbKtyoqCRgteoxXxhcb0MKr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:3a:0a:f1:d3:2c:12:92:17:c3:30:1e:0c:8e:0f:86:b3:9a:
         a7:cc:ad:54:a8:44:85:3f:5d:a5:7c:e3:52:12:ea:20:ae:15:
         ea:bb:4b:a9:93:5f:5b:55:c8:d5:07:4e:58:5f:76:c2:30:ba:
         e6:09:d0:ad:13:f0:12:03:2e:c9:91:e7:b9:7a:9b:e7:d5:70:
         55:81:6c:57:17:af:fe:38:c4:55:cf:f7:dc:68:4e:cd:a3:87:
         f7:40:68:da:dc:ad:35:6d:44:f8:17:89:d1:c5:4c:fe:55:0e:
         10:26:3a:e3:f4:aa:21:d6:da:5f:23:55:a4:19:71:1c:86:a8:
         6b:cb:5a:bd:7d:e8:c6:1e:b1:b1:fc:80:1d:6f:b5:7f:36:41:
         e6:df:e4:ff:73:61:ba:02:9a:02:ec:cc:7e:41:24:3a:4b:f3:
         c6:4e:25:bc:7d:3d:05:55:02:59:28:57:c6:65:33:76:37:29:
         8f:4a:81:74:24:de:13:73:00:7a:0a:03:e6:9c:d7:7e:00:25:
         76:a8:ed:60:b8:99:9d:e7:13:0c:15:44:d5:9f:f3:8a:62:20:
         e3:32:34:10:43:9e:d6:1b:27:b4:21:81:37:5e:8e:ab:f0:07:
         a0:87:6b:1f:6f:c5:64:7a:81:b3:c3:43:b7:35:d9:c5:7d:31:
         74:15:f5:ae
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgsUqhEY4VIYC58aFYyZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDUwYzU2Y2FiNzJhMmEwOTE4MmQ3YThjNTdjNjE3MWJkMGMyYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZKO92vvCWDdMHgZHquAnSzN+CQw
f+0RpOjdeGcrv6ZwNQs9p+spfE2fbFFOJf/m9BCWvLA4Po3eJukOAhE9CrcxJ3ZP
wwS1X+cvWR1F6qO0QL04lTQbEQsgqrOnkIAQvVB9q1mF5P0H6+Y8E7EfEZWKAwQm
ZV3HVGldMDU2jRNxUkwqZpzgXKE54vFbmYD2zjE2NFwmFa4tPYHPra3Y7VS6wGZq
+Z9YPI4fOh0/I+gK3Ym+5/2Y99P4l3Kw18ANT1JFextsnQDPWhtD2rkO81E+cjLt
bhWS2jME7XmKFWMvuTd68r+8o9rphuTZsM+pMU2k4jT28EP1JVyZ5zVHfQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFMBQxWyrcqKgkYLXqMV8YXG9DCq+MB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvd0ZERmJLdHlvcUNSZ3Rlb3hYeGhjYjBNS3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAvDoK8dMsEpIXwzAeDI4PhrOap8ytVKhE
hT9dpXzjUhLqIK4V6rtLqZNfW1XI1QdOWF92wjC65gnQrRPwEgMuyZHnuXqb59Vw
VYFsVxev/jjEVc/33GhOzaOH90Bo2tytNW1E+BeJ0cVM/lUOECY64/SqIdbaXyNV
pBlxHIaoa8tavX3oxh6xsfyAHW+1fzZB5t/k/3NhugKaAuzMfkEkOkvzxk4lvH09
BVUCWShXxmUzdjcpj0qBdCTeE3MAegoD5pzXfgAldqjtYLiZnecTDBVE1Z/zimIg
4zI0EEOe1hsntCGBN16Oq/AHoIdrH2/FZHqBs8NDtzXZxX0xdBX1rg==
-----END CERTIFICATE-----