Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/np_Ok7hbTep2cbTSkvgUQj5R5gc.roa
File:                     np_Ok7hbTep2cbTSkvgUQj5R5gc.roa (raw, json)
Hash identifier:          O0qsKpLwnGNUxGqZBDhN4l2gbGeney/xLjSMw3+jVI0=
Subject key identifier:   9E:9F:CE:93:B8:5B:4D:EA:76:71:B4:D2:92:F8:14:42:3E:51:E6:07
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82D8B4EA30B71635ABF91E50178A3D
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/np_Ok7hbTep2cbTSkvgUQj5R5gc.roa
Signing time:             Thu 26 Mar 2026 14:18:31 +0000
ROA not before:           Thu 26 Mar 2026 14:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397193
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:18:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:d8:b4:ea:30:b7:16:35:ab:f9:1e:50:17:8a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e9fce93b85b4dea7671b4d292f814423e51e607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:2e:c6:ec:f5:87:5e:a7:29:a3:98:67:0f:73:
                    4d:bb:be:13:ee:fe:cd:0c:2d:b0:47:11:27:ba:d7:
                    44:a2:76:92:ac:f6:39:89:10:2f:6e:e6:df:9d:c3:
                    ba:3c:c8:ef:19:5c:39:7a:01:71:a5:e5:8b:78:d6:
                    77:f1:e3:12:2f:2e:aa:b3:7a:2b:f3:53:21:77:90:
                    46:ed:1e:1d:af:fd:4e:cc:f2:f9:5a:e8:f3:10:64:
                    ed:b8:0d:81:4f:f1:b6:0f:fe:be:62:40:e5:6c:b5:
                    a4:1d:3b:e6:6a:54:7c:cf:0c:9b:af:72:84:7b:c1:
                    fa:ad:37:e3:63:7a:a1:ba:e0:7b:f4:54:c3:3e:eb:
                    ad:18:82:8f:91:c6:68:76:e4:c3:b4:f0:03:0a:02:
                    95:0b:e5:44:c9:db:5a:dd:6f:90:a2:2d:f7:93:69:
                    3b:5f:89:f6:7f:b6:5a:33:77:97:d4:12:39:b7:01:
                    16:b0:09:ec:8a:ad:f5:fa:80:cd:e3:6e:d1:80:8b:
                    21:08:11:24:71:96:d5:1c:d9:09:56:23:5d:9c:bd:
                    af:64:bd:31:ab:ae:b7:27:b4:5e:95:7d:fc:42:4d:
                    7c:84:1b:c4:be:55:da:c0:4e:c9:a9:5c:ab:25:47:
                    c0:f8:c3:c6:88:56:f4:04:a6:13:6a:f8:58:00:4c:
                    c3:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:9F:CE:93:B8:5B:4D:EA:76:71:B4:D2:92:F8:14:42:3E:51:E6:07
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/np_Ok7hbTep2cbTSkvgUQj5R5gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:e2:41:c3:a1:5c:94:66:11:1b:9a:01:c6:c9:3a:7d:da:07:
         af:29:e1:2b:eb:03:e2:63:a6:12:45:05:34:e3:6f:c2:f3:df:
         ec:67:2d:77:ef:bf:ca:dc:87:bd:57:95:1b:d9:2b:35:1b:72:
         96:a3:ba:49:a1:8e:6b:e9:ac:30:16:8d:8f:e3:7b:be:44:65:
         93:2a:f6:e0:08:9e:49:68:bb:95:cc:7d:42:9d:98:64:a5:28:
         02:66:b5:7b:4e:47:9d:dc:13:fd:1c:4b:8d:75:13:81:c3:85:
         a7:6f:d1:b5:f5:1a:39:58:9f:3b:58:4e:b0:f2:53:4b:95:01:
         f9:9e:e3:e7:f1:94:ef:93:31:17:e7:5d:72:c5:a9:8e:f9:3e:
         2e:b4:a1:6a:c4:4f:c9:ba:c6:c3:ed:f6:d7:de:72:ba:0c:25:
         db:bc:d8:64:58:5e:d6:06:4c:e0:17:90:6e:53:68:7a:8e:fa:
         f8:81:0d:d1:6f:77:69:11:c6:e9:a5:79:4a:69:d5:c0:7b:f4:
         08:53:ea:28:01:0c:f2:87:47:c6:e6:a4:bc:d5:30:c9:66:6a:
         f7:7a:bf:36:42:18:80:c2:45:e4:bf:95:11:c2:18:29:1e:56:
         4b:2b:47:79:9b:33:d8:b4:4c:5e:87:6c:34:a0:33:62:42:7e:
         c9:89:ef:15
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgti06jC3FjWr+R5QF4o9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTlmY2U5M2I4NWI0ZGVhNzY3MWI0ZDI5MmY4MTQ0MjNlNTFlNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S7G7PWHXqcpo5hnD3NNu74T7v7N
DC2wRxEnutdEonaSrPY5iRAvbubfncO6PMjvGVw5egFxpeWLeNZ38eMSLy6qs3or
81Mhd5BG7R4dr/1OzPL5WujzEGTtuA2BT/G2D/6+YkDlbLWkHTvmalR8zwybr3KE
e8H6rTfjY3qhuuB79FTDPuutGIKPkcZoduTDtPADCgKVC+VEydta3W+Qoi33k2k7
X4n2f7ZaM3eX1BI5twEWsAnsiq31+oDN427RgIshCBEkcZbVHNkJViNdnL2vZL0x
q663J7RelX38Qk18hBvEvlXawE7JqVyrJUfA+MPGiFb0BKYTavhYAEzDgQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFJ6fzpO4W03qdnG00pL4FEI+UeYHMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvbnBfT2s3aGJUZXAyY2JUU2t2Z1VRajVSNWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAE+JBw6FclGYRG5oBxsk6fdoHrynhK+sD
4mOmEkUFNONvwvPf7Gctd++/ytyHvVeVG9krNRtylqO6SaGOa+msMBaNj+N7vkRl
kyr24AieSWi7lcx9Qp2YZKUoAma1e05HndwT/RxLjXUTgcOFp2/RtfUaOVifO1hO
sPJTS5UB+Z7j5/GU75MxF+ddcsWpjvk+LrShasRPybrGw+32195yugwl27zYZFhe
1gZM4BeQblNoeo76+IEN0W93aRHG6aV5SmnVwHv0CFPqKAEM8odHxuakvNUwyWZq
93q/NkIYgMJF5L+VEcIYKR5WSytHeZsz2LRMXodsNKAzYkJ+yYnvFQ==
-----END CERTIFICATE-----