Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/z0q60C3GplMjECS44iEtqKPKV50.roa
File:                     z0q60C3GplMjECS44iEtqKPKV50.roa (raw, json)
Hash identifier:          3K2B3VDzjJtscjrmSVb6xpuS0vjnzf5O1G1SpN3DZrg=
Subject key identifier:   CF:4A:BA:D0:2D:C6:A6:53:23:10:24:B8:E2:21:2D:A8:A3:CA:57:9D
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       019D2A82C7381651200B44776C8CE2678DB8
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/z0q60C3GplMjECS44iEtqKPKV50.roa
Signing time:             Thu 26 Mar 2026 14:18:26 +0000
ROA not before:           Thu 26 Mar 2026 14:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396582
IP address blocks:        81.19.195.30/32 maxlen: 32
                          81.19.195.31/32 maxlen: 32
                          185.100.0.0/24 maxlen: 24
                          185.100.0.53/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:18:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:82:c7:38:16:51:20:0b:44:77:6c:8c:e2:67:8d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 26 14:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf4abad02dc6a653231024b8e2212da8a3ca579d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1a:6c:49:2e:6e:9a:46:79:18:df:38:c0:9f:
                    7a:71:9b:eb:a1:f0:9a:33:3d:0c:11:d3:6b:b4:f7:
                    6d:cd:b0:96:fa:ba:4b:60:4b:46:a4:3c:9c:b5:82:
                    5a:47:7d:5c:c3:65:ab:47:20:17:99:a4:8b:de:b3:
                    e6:66:a1:86:18:d6:f4:71:32:8a:24:76:2a:dc:5d:
                    29:f8:77:5d:29:8d:6e:09:b9:e4:8d:2d:f5:19:45:
                    28:d6:7e:4b:f8:97:5b:e5:f1:6c:88:99:16:2b:c9:
                    66:4e:f0:32:35:33:73:4c:c1:fa:c4:28:2a:31:35:
                    2e:32:a6:80:5d:1e:9d:f0:ff:b6:07:ef:32:bd:0d:
                    be:6b:c3:4c:c3:7f:22:d4:25:33:49:59:ed:ae:3a:
                    5a:13:b5:c4:d0:f6:31:02:af:77:c5:cc:2c:ab:e1:
                    31:6a:11:76:11:af:a1:d1:48:39:bf:76:3f:54:ef:
                    37:dd:75:8c:24:38:cf:2b:d3:de:96:6b:97:01:fa:
                    36:69:3d:00:4b:df:71:cf:87:33:21:3c:f4:70:34:
                    53:dd:8f:19:09:4b:5a:25:22:00:78:72:26:d0:3d:
                    5d:91:65:03:0e:08:a9:b0:d7:7e:ad:0f:c9:12:32:
                    bc:d6:ba:0f:96:08:21:c5:ca:95:1b:4a:ce:67:3a:
                    b8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4A:BA:D0:2D:C6:A6:53:23:10:24:B8:E2:21:2D:A8:A3:CA:57:9D
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/z0q60C3GplMjECS44iEtqKPKV50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.195.30/31
                  185.100.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:57:ba:d9:84:1f:80:31:27:9f:59:40:dc:10:88:e2:5a:02:
         ee:ed:8d:a7:a5:f8:51:f8:3c:bc:cb:1c:a9:1e:3c:fd:91:d1:
         3c:33:13:00:2e:a1:b7:53:31:35:39:eb:a8:d3:80:53:79:92:
         84:1b:3d:c6:6f:05:7d:18:22:b2:38:8b:da:26:1a:59:16:50:
         a4:55:cb:63:d1:a4:fa:c4:54:1c:31:91:43:c5:70:35:56:17:
         73:42:d4:78:1e:65:52:0c:95:e0:c4:28:66:0e:ad:89:d7:6b:
         73:12:17:2a:22:a0:8f:96:0d:6e:5d:a2:47:8a:38:2f:03:26:
         82:11:34:ac:8a:ed:f7:e7:25:d9:22:07:1a:56:cf:73:73:34:
         88:b6:46:f1:3d:2f:d0:8a:02:7e:5a:6e:6e:8f:08:c8:9e:6e:
         51:2d:f5:20:c0:49:fb:8c:64:93:61:23:58:37:5c:d2:30:e8:
         81:16:be:25:8c:54:5e:cf:6e:80:7a:5b:2a:d0:24:93:ea:34:
         4b:4d:7b:58:bd:67:08:9b:4e:cb:28:03:ab:4a:4f:7e:dd:e3:
         22:4c:f1:46:ea:4e:32:e0:94:e3:0d:09:3e:a0:7b:6d:39:5f:
         98:03:13:68:03:55:f4:e8:99:53:cd:88:14:4b:f9:dd:10:97:
         2c:be:c2:79
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgsc4FlEgC0R3bIziZ424MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjRhYmFkMDJkYzZhNjUzMjMxMDI0YjhlMjIxMmRhOGEzY2E1NzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxpsSS5umkZ5GN84wJ96cZvrofCa
Mz0MEdNrtPdtzbCW+rpLYEtGpDyctYJaR31cw2WrRyAXmaSL3rPmZqGGGNb0cTKK
JHYq3F0p+HddKY1uCbnkjS31GUUo1n5L+Jdb5fFsiJkWK8lmTvAyNTNzTMH6xCgq
MTUuMqaAXR6d8P+2B+8yvQ2+a8NMw38i1CUzSVntrjpaE7XE0PYxAq93xcwsq+Ex
ahF2Ea+h0Ug5v3Y/VO833XWMJDjPK9PelmuXAfo2aT0AS99xz4czITz0cDRT3Y8Z
CUtaJSIAeHIm0D1dkWUDDgipsNd+rQ/JEjK81roPlgghxcqVG0rOZzq4xQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFM9KutAtxqZTIxAkuOIhLaijyledMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvejBxNjBDM0dwbE1qRUNTNDRpRXRxS1BLVjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAdFe62YQfgDEnn1lA3BCI4loC7u2Np6X4
Ufg8vMscqR48/ZHRPDMTAC6ht1MxNTnrqNOAU3mShBs9xm8FfRgisjiL2iYaWRZQ
pFXLY9Gk+sRUHDGRQ8VwNVYXc0LUeB5lUgyV4MQoZg6tiddrcxIXKiKgj5YNbl2i
R4o4LwMmghE0rIrt9+cl2SIHGlbPc3M0iLZG8T0v0IoCflpubo8IyJ5uUS31IMBJ
+4xkk2EjWDdc0jDogRa+JYxUXs9ugHpbKtAkk+o0S017WL1nCJtOyygDq0pPft3j
IkzxRupOMuCU4w0JPqB7bTlfmAMTaANV9OiZU82IFEv53RCXLL7CeQ==
-----END CERTIFICATE-----