Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/9w2zj3oQ2hHtVo9kxGGtNa3X5SQ.roa
File:                     9w2zj3oQ2hHtVo9kxGGtNa3X5SQ.roa (raw, json)
Hash identifier:          0xgQCareJv7Ntr141LjAGa2HfbiCtlx1ULX7PYSBsCg=
Subject key identifier:   F7:0D:B3:8F:7A:10:DA:11:ED:56:8F:64:C4:61:AD:35:AD:D7:E5:24
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82B755A91F70F3829B41180EF7E422
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/9w2zj3oQ2hHtVo9kxGGtNa3X5SQ.roa
Signing time:             Thu 26 Mar 2026 14:18:22 +0000
ROA not before:           Thu 26 Mar 2026 14:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396543
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:b7:55:a9:1f:70:f3:82:9b:41:18:0e:f7:e4:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f70db38f7a10da11ed568f64c461ad35add7e524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:fd:0a:f5:4b:aa:82:a3:d9:40:0f:e8:5a:44:
                    f9:b6:db:ee:67:e7:16:31:bb:ac:08:08:d1:f8:63:
                    fb:31:db:44:5f:ce:98:d7:82:a2:49:1f:b1:74:02:
                    db:9b:44:68:6c:e3:2d:79:ea:70:ee:bf:a4:5b:94:
                    1d:8f:d4:3a:5b:f0:b4:23:ef:3d:0c:d7:8f:1e:dd:
                    aa:a4:9c:c0:80:44:cb:78:d9:c3:85:0a:87:3e:6c:
                    b6:14:10:4d:c4:ce:e9:7f:8c:22:97:6b:eb:7b:e7:
                    b7:53:fd:a1:4c:10:55:50:fd:94:d9:7b:fe:dd:d8:
                    17:34:b4:cb:0a:a9:ea:13:92:a8:e4:ba:48:b4:7b:
                    4e:d8:37:b0:de:b3:97:a7:ef:9b:2c:74:37:9f:18:
                    b7:02:e4:65:d8:bc:b3:49:31:34:bc:8f:e9:3e:1a:
                    4b:46:c0:54:aa:bb:c5:f0:cd:2d:8b:dd:3d:2e:10:
                    6d:3e:b0:f0:80:99:4b:77:37:39:12:ec:00:db:60:
                    2e:c5:0f:dc:b9:6a:e0:d6:72:eb:d9:6f:af:13:ad:
                    8d:36:56:c5:4a:d7:f0:64:0e:22:50:06:a1:51:7c:
                    e7:7f:80:c4:8f:80:b3:86:ed:f9:6d:c1:33:09:6f:
                    0d:2a:cc:a7:f0:7c:fa:75:a4:ef:ef:8f:44:5e:6a:
                    b2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:0D:B3:8F:7A:10:DA:11:ED:56:8F:64:C4:61:AD:35:AD:D7:E5:24
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/9w2zj3oQ2hHtVo9kxGGtNa3X5SQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:10:b7:dc:04:2e:96:86:a4:d2:05:bf:54:f2:77:c6:9c:d7:
         dc:f5:8e:b4:0f:2e:71:58:27:29:be:d9:13:33:a2:ae:ab:32:
         3f:2c:2d:1f:33:1a:45:a8:bb:b9:dc:69:1d:a9:84:1d:a8:2d:
         9d:ec:80:f3:0e:5b:49:b6:3a:27:26:37:af:31:27:cd:83:4c:
         67:85:84:23:ad:e5:12:77:b8:73:85:8e:e9:4c:2a:ec:c2:5e:
         e2:d3:71:41:d3:48:b3:79:af:0c:62:bd:dc:c4:91:73:f6:1f:
         9f:ee:2b:cc:d0:9f:ec:22:b8:1a:d3:76:10:69:53:d0:64:d4:
         ac:1b:87:94:77:34:01:57:c8:65:70:64:ef:70:22:97:1e:3e:
         21:a6:56:68:e5:ad:bb:a5:92:8d:83:cd:6f:f5:be:a8:5b:98:
         85:bb:24:70:b6:37:74:33:0a:f6:1b:59:13:cf:fe:e5:74:76:
         45:6d:2a:4f:ba:34:bf:70:21:f6:cb:aa:46:2c:25:8b:a6:07:
         40:52:e0:8a:39:e3:14:e3:50:85:0d:0b:82:3c:0d:68:f5:3e:
         4c:36:47:fa:bf:d9:28:81:19:5b:46:7a:f2:66:46:17:67:10:
         2b:eb:d5:da:d3:68:80:62:fc:4d:00:b3:a4:ec:c9:9c:fe:91:
         de:f5:62:45
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgrdVqR9w84KbQRgO9+QiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzBkYjM4ZjdhMTBkYTExZWQ1NjhmNjRjNDYxYWQzNWFkZDdlNTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0v0K9UuqgqPZQA/oWkT5ttvuZ+cW
MbusCAjR+GP7MdtEX86Y14KiSR+xdALbm0RobOMteepw7r+kW5Qdj9Q6W/C0I+89
DNePHt2qpJzAgETLeNnDhQqHPmy2FBBNxM7pf4wil2vre+e3U/2hTBBVUP2U2Xv+
3dgXNLTLCqnqE5Ko5LpItHtO2Dew3rOXp++bLHQ3nxi3AuRl2LyzSTE0vI/pPhpL
RsBUqrvF8M0ti909LhBtPrDwgJlLdzc5EuwA22AuxQ/cuWrg1nLr2W+vE62NNlbF
StfwZA4iUAahUXznf4DEj4Czhu35bcEzCW8NKsyn8Hz6daTv749EXmqywwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPcNs496ENoR7VaPZMRhrTWt1+UkMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvOXcyemozb1EyaEh0Vm85a3hHR3ROYTNYNVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAqxC33AQuloak0gW/VPJ3xpzX3PWOtA8u
cVgnKb7ZEzOirqsyPywtHzMaRai7udxpHamEHagtneyA8w5bSbY6JyY3rzEnzYNM
Z4WEI63lEne4c4WO6Uwq7MJe4tNxQdNIs3mvDGK93MSRc/Yfn+4rzNCf7CK4GtN2
EGlT0GTUrBuHlHc0AVfIZXBk73Ailx4+IaZWaOWtu6WSjYPNb/W+qFuYhbskcLY3
dDMK9htZE8/+5XR2RW0qT7o0v3Ah9suqRiwli6YHQFLgijnjFONQhQ0LgjwNaPU+
TDZH+r/ZKIEZW0Z68mZGF2cQK+vV2tNogGL8TQCzpOzJnP6R3vViRQ==
-----END CERTIFICATE-----