Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/y2lenA5M6_Bfrrs8JmEPN4eon-0.roa
File:                     y2lenA5M6_Bfrrs8JmEPN4eon-0.roa (raw, json)
Hash identifier:          i8ebmtTGDedcGy417SezYw/RgSx78ZTPJ9ANExFRCsU=
Subject key identifier:   CB:69:5E:9C:0E:4C:EB:F0:5F:AE:BB:3C:26:61:0F:37:87:A8:9F:ED
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82AE1A867707E2A2816D00B9BA8054
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/y2lenA5M6_Bfrrs8JmEPN4eon-0.roa
Signing time:             Thu 26 Mar 2026 14:18:20 +0000
ROA not before:           Thu 26 Mar 2026 14:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36619
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:ae:1a:86:77:07:e2:a2:81:6d:00:b9:ba:80:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb695e9c0e4cebf05faebb3c26610f3787a89fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:af:01:e1:33:50:77:ef:3d:bb:f4:04:b1:68:
                    a5:ee:c7:a4:27:71:c0:13:9f:4f:f4:5f:27:73:a2:
                    69:3d:f6:bf:9d:76:93:0b:ff:56:61:ce:04:ef:4f:
                    95:5f:51:d6:1e:5d:9a:ea:30:de:a0:89:32:23:92:
                    20:b1:e4:78:7e:1d:d5:b5:9e:86:a3:1e:06:fa:12:
                    b4:b2:c8:1d:e3:05:0b:ef:ba:9c:c2:46:9a:4d:25:
                    36:05:37:b2:a4:9a:08:94:0d:d1:47:d5:08:80:3c:
                    9f:c8:88:56:d0:16:75:1e:40:ef:ed:45:e7:f2:d7:
                    9c:1f:fc:a9:ba:88:bb:52:e2:3e:54:4b:69:53:87:
                    24:86:96:29:ee:15:05:8e:61:6c:6d:25:57:3d:3d:
                    64:26:cd:b2:de:f1:32:20:ad:4e:c4:e5:fe:5e:65:
                    8a:9c:df:58:bc:0f:89:c0:1d:8f:bf:83:61:b5:43:
                    47:55:8e:b1:78:d7:be:1b:5d:03:c1:f4:6d:fa:ba:
                    d0:57:aa:a1:bd:df:31:8e:49:9a:e6:06:8f:5e:8e:
                    f0:65:a4:c8:14:67:d2:63:da:9c:d0:ab:13:6e:8b:
                    fd:c7:43:b7:cb:f2:e0:9e:0d:34:6e:eb:bf:18:6d:
                    c1:f7:7e:46:a9:8d:f7:02:48:36:6b:11:b6:58:b0:
                    28:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:69:5E:9C:0E:4C:EB:F0:5F:AE:BB:3C:26:61:0F:37:87:A8:9F:ED
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/y2lenA5M6_Bfrrs8JmEPN4eon-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:45:52:88:cf:e8:4f:fa:09:cb:80:e7:d3:b5:e2:b8:f2:84:
         ca:76:10:44:49:2e:e0:37:b3:36:70:cc:53:41:d9:c1:48:b3:
         d7:ac:3a:5b:97:07:4e:fa:ee:e2:28:16:36:26:d3:b1:a4:29:
         50:e2:70:de:4d:2d:bc:28:e0:c2:f9:40:af:d6:98:57:2e:c8:
         b7:c6:fd:18:23:bc:55:22:1d:60:56:a3:f5:9e:23:a5:ef:d3:
         89:23:d3:f4:49:fd:69:89:1c:64:3c:05:c0:55:95:ae:44:75:
         ec:a0:2c:dc:6a:7c:e9:0a:f9:b7:a2:4d:9a:69:d6:11:11:fa:
         88:6e:ab:dc:c1:13:13:06:28:ea:5a:dd:58:5d:62:35:7d:4c:
         ef:5f:aa:9e:bc:af:b9:9c:f2:d9:f3:b6:09:67:df:64:7b:5b:
         76:6a:38:d5:1c:f3:08:a8:f6:00:6d:5c:cc:83:f0:b6:f0:1d:
         fb:62:3b:f7:80:0f:68:27:b9:b0:7c:76:51:fa:0a:56:56:3c:
         62:4e:22:38:6c:80:04:95:99:db:cf:ce:81:3d:0e:f7:dd:4b:
         4e:a6:79:61:db:53:95:6a:56:75:c5:e4:91:90:0c:8f:f1:12:
         ca:ac:47:2b:f7:2b:73:be:fe:19:73:a6:32:9b:5e:a7:07:02:
         4c:64:b5:01
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgq4ahncH4qKBbQC5uoBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjY5NWU5YzBlNGNlYmYwNWZhZWJiM2MyNjYxMGYzNzg3YTg5ZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv68B4TNQd+89u/QEsWil7sekJ3HA
E59P9F8nc6JpPfa/nXaTC/9WYc4E70+VX1HWHl2a6jDeoIkyI5IgseR4fh3VtZ6G
ox4G+hK0ssgd4wUL77qcwkaaTSU2BTeypJoIlA3RR9UIgDyfyIhW0BZ1HkDv7UXn
8tecH/ypuoi7UuI+VEtpU4ckhpYp7hUFjmFsbSVXPT1kJs2y3vEyIK1OxOX+XmWK
nN9YvA+JwB2Pv4NhtUNHVY6xeNe+G10DwfRt+rrQV6qhvd8xjkma5gaPXo7wZaTI
FGfSY9qc0KsTbov9x0O3y/Lgng00buu/GG3B935GqY33Akg2axG2WLAoYQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFMtpXpwOTOvwX667PCZhDzeHqJ/tMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEveTJsZW5BNU02X0JmcnJzOEptRVBONGVvbi0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAHEVSiM/oT/oJy4Dn07XiuPKEynYQREku
4DezNnDMU0HZwUiz16w6W5cHTvru4igWNibTsaQpUOJw3k0tvCjgwvlAr9aYVy7I
t8b9GCO8VSIdYFaj9Z4jpe/TiSPT9En9aYkcZDwFwFWVrkR17KAs3Gp86Qr5t6JN
mmnWERH6iG6r3METEwYo6lrdWF1iNX1M71+qnryvuZzy2fO2CWffZHtbdmo41Rzz
CKj2AG1czIPwtvAd+2I794APaCe5sHx2UfoKVlY8Yk4iOGyABJWZ28/OgT0O991L
TqZ5YdtTlWpWdcXkkZAMj/ESyqxHK/crc77+GXOmMptepwcCTGS1AQ==
-----END CERTIFICATE-----