Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/RRQ03-xERvBozclTw3alGABn_5g.roa
File:                     RRQ03-xERvBozclTw3alGABn_5g.roa (raw, json)
Hash identifier:          sb4d2gBgKU1MaArd8FE+z/FzpINOQUY/+BZlbMJXdY4=
Subject key identifier:   45:14:34:DF:EC:44:46:F0:68:CD:C9:53:C3:76:A5:18:00:67:FF:98
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82DB7F5EFD319CCD19AE27C9065AA0
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/RRQ03-xERvBozclTw3alGABn_5g.roa
Signing time:             Thu 26 Mar 2026 14:18:32 +0000
ROA not before:           Thu 26 Mar 2026 14:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397200
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:56:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:db:7f:5e:fd:31:9c:cd:19:ae:27:c9:06:5a:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=451434dfec4446f068cdc953c376a5180067ff98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:09:7a:e0:31:ca:b7:93:0c:30:32:9d:90:20:
                    1b:50:39:aa:07:a2:19:af:d2:58:63:85:28:e4:0f:
                    94:b1:8d:4a:a7:4d:ad:1d:97:84:73:ef:66:8f:f1:
                    2d:5a:ae:5d:a2:04:db:fb:5b:06:a3:76:ae:3e:73:
                    29:0a:65:8b:1d:44:d5:4d:58:be:16:3b:00:aa:e0:
                    36:83:c8:2d:d9:a6:1c:9f:af:43:f4:5e:c0:15:cd:
                    2a:85:a6:54:9f:d7:af:b0:e0:d9:5b:ba:9c:a0:e1:
                    34:c2:e9:1c:88:8e:8a:2b:12:f8:40:3d:b5:9b:88:
                    4d:6e:60:45:06:a7:90:83:20:de:62:27:0f:63:6c:
                    2b:2e:af:44:1c:b4:66:00:cc:b5:82:15:e0:26:43:
                    c1:a1:84:b3:79:66:91:73:a4:b4:ca:dd:c7:0c:29:
                    d3:35:2a:90:c5:72:b4:83:ed:92:cd:aa:36:a2:4b:
                    78:8c:f9:d3:0a:33:27:16:4a:77:1a:27:ae:44:10:
                    eb:d0:54:8a:06:44:1e:4e:62:3f:f1:ac:94:74:23:
                    30:f1:1a:6b:54:99:b2:b0:f0:82:ae:04:07:bb:1b:
                    7d:94:e4:48:9b:fd:28:34:17:7e:e9:6f:2d:ab:59:
                    80:ec:0b:f2:59:f6:1d:2e:cc:20:f0:9b:be:a0:d3:
                    88:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:14:34:DF:EC:44:46:F0:68:CD:C9:53:C3:76:A5:18:00:67:FF:98
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/RRQ03-xERvBozclTw3alGABn_5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ca:8d:44:63:d5:2e:bd:3a:8f:16:1e:1d:94:f9:ac:75:58:
         54:1c:b3:a3:29:d3:04:e7:1a:ae:0d:1d:2a:4c:81:07:83:8e:
         8f:25:ef:3d:fc:3d:08:32:e9:f6:66:6e:95:eb:aa:42:9f:ed:
         b5:92:f2:83:e5:92:74:54:5a:bb:80:7f:b2:9d:2e:70:e7:c5:
         9f:e5:18:50:b6:26:e7:c7:35:c7:a2:07:f9:8a:29:4f:ca:c9:
         ad:c8:71:f6:0b:b6:c8:05:64:29:06:e9:e8:e0:62:4d:5d:10:
         b8:78:b2:5c:42:72:b2:2e:09:97:51:c8:4a:da:74:bd:0b:f4:
         83:06:66:35:2a:50:39:3c:80:eb:ff:34:b0:ec:d4:86:92:86:
         94:04:89:6f:1a:d3:99:55:f6:1b:12:94:f4:cc:21:3b:d2:f5:
         4f:e0:4e:d5:fc:22:0b:ef:32:2b:89:d6:aa:29:f3:e3:99:0c:
         b8:4b:10:42:bb:15:2a:ab:1b:30:59:e9:0e:bc:61:73:11:e2:
         5b:d5:aa:33:3b:56:a5:dd:1f:aa:6b:1e:cf:11:66:c2:c1:45:
         3a:45:44:53:27:0a:a1:fc:0a:3a:e9:d7:fb:00:32:e8:d6:3e:
         4e:cd:86:ee:3d:31:aa:af:6f:b4:f5:e8:f7:d9:2a:7a:93:4e:
         6b:18:f6:fa
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgtt/Xv0xnM0ZrifJBlqgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTE0MzRkZmVjNDQ0NmYwNjhjZGM5NTNjMzc2YTUxODAwNjdmZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQl64DHKt5MMMDKdkCAbUDmqB6IZ
r9JYY4Uo5A+UsY1Kp02tHZeEc+9mj/EtWq5dogTb+1sGo3auPnMpCmWLHUTVTVi+
FjsAquA2g8gt2aYcn69D9F7AFc0qhaZUn9evsODZW7qcoOE0wukciI6KKxL4QD21
m4hNbmBFBqeQgyDeYicPY2wrLq9EHLRmAMy1ghXgJkPBoYSzeWaRc6S0yt3HDCnT
NSqQxXK0g+2Szao2okt4jPnTCjMnFkp3GieuRBDr0FSKBkQeTmI/8ayUdCMw8Rpr
VJmysPCCrgQHuxt9lORIm/0oNBd+6W8tq1mA7AvyWfYdLswg8Ju+oNOIjwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFEUUNN/sREbwaM3JU8N2pRgAZ/+YMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvUlJRMDMteEVSdkJvemNsVHczYWxHQUJuXzVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAg8qNRGPVLr06jxYeHZT5rHVYVByzoynT
BOcarg0dKkyBB4OOjyXvPfw9CDLp9mZuleuqQp/ttZLyg+WSdFRau4B/sp0ucOfF
n+UYULYm58c1x6IH+YopT8rJrchx9gu2yAVkKQbp6OBiTV0QuHiyXEJysi4Jl1HI
Stp0vQv0gwZmNSpQOTyA6/80sOzUhpKGlASJbxrTmVX2GxKU9MwhO9L1T+BO1fwi
C+8yK4nWqinz45kMuEsQQrsVKqsbMFnpDrxhcxHiW9WqMztWpd0fqmsezxFmwsFF
OkVEUycKofwKOunX+wAy6NY+Ts2G7j0xqq9vtPXo99kqepNOaxj2+g==
-----END CERTIFICATE-----