Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/bQQuskf_Gdw4DO36Hp_jpIO7obs.roa
File:                     bQQuskf_Gdw4DO36Hp_jpIO7obs.roa (raw, json)
Hash identifier:          iHc9KJJ7h5KMbS9+RDpsi3zVAhZamVfT5BEtYu5oO3E=
Subject key identifier:   6D:04:2E:B2:47:FF:19:DC:38:0C:ED:FA:1E:9F:E3:A4:83:BB:A1:BB
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019C47A26D09B2E441E49BE603D7923544EA
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/bQQuskf_Gdw4DO36Hp_jpIO7obs.roa
Signing time:             Tue 10 Feb 2026 12:59:12 +0000
ROA not before:           Tue 10 Feb 2026 12:59:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19318
IP address blocks:        85.239.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:a2:6d:09:b2:e4:41:e4:9b:e6:03:d7:92:35:44:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Feb 10 12:59:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d042eb247ff19dc380cedfa1e9fe3a483bba1bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:11:e8:a6:05:40:00:dd:5a:e9:19:bb:7c:0d:
                    cf:29:3b:77:8f:01:ee:a4:30:ba:58:c0:99:92:e9:
                    6a:22:8c:16:6e:8d:3a:cd:3d:11:0d:c5:a7:8b:45:
                    17:ce:38:2a:0e:fd:d4:d8:9a:94:17:01:c7:f1:c7:
                    91:02:0e:70:2d:57:b4:73:5e:21:6a:f1:00:d4:c3:
                    fe:58:7c:d4:b7:6f:e7:f8:3c:72:00:23:e4:18:37:
                    66:19:e4:22:37:64:c1:3b:b2:69:25:23:22:45:9c:
                    3c:09:b2:26:5c:95:cd:46:8c:22:18:8f:4e:95:0c:
                    04:03:11:33:1b:90:33:1b:d7:df:1b:29:74:71:e8:
                    6c:de:b1:25:bf:97:26:7c:4a:a6:ba:69:9a:3e:46:
                    23:19:f1:74:28:ef:ec:bc:b9:db:26:5e:f8:4c:da:
                    e0:b7:41:a4:c0:78:a2:01:22:a2:d7:6a:ef:6f:97:
                    a3:04:30:f3:9f:e0:a8:f7:bb:1b:e9:0a:30:1d:6e:
                    f8:31:8e:d8:2d:a3:20:55:18:64:72:89:7d:6c:29:
                    60:7e:06:de:73:ed:0a:e4:da:90:6f:30:56:c0:ae:
                    ef:0a:66:04:62:8e:f6:bd:57:1e:e8:4e:dc:c2:31:
                    96:0f:32:b7:ac:fa:04:e1:84:09:94:2c:98:29:6c:
                    91:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:04:2E:B2:47:FF:19:DC:38:0C:ED:FA:1E:9F:E3:A4:83:BB:A1:BB
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/bQQuskf_Gdw4DO36Hp_jpIO7obs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:27:01:ed:4d:18:ce:4a:19:50:c8:8d:f9:78:58:84:a3:f8:
         da:46:0b:cc:ce:14:a6:26:84:22:39:e2:38:ad:91:40:ab:75:
         18:2a:f5:18:0b:6d:88:d4:75:e3:b7:dc:8c:78:37:42:84:6e:
         cc:c6:56:34:d1:e2:d6:2b:6a:30:d1:41:5c:06:38:b8:50:cc:
         6f:5d:58:8d:73:c7:fc:56:d8:9d:5a:ce:e9:2b:7f:88:ce:05:
         e7:35:88:7b:3d:8d:f7:f2:fd:1f:ba:99:05:03:5f:6d:2f:40:
         47:12:9a:6f:0e:27:31:42:53:95:38:4b:b2:b9:06:26:88:2d:
         e7:8d:35:eb:ad:43:87:db:a3:cd:ac:4d:47:4f:92:a5:4b:14:
         fb:6c:3c:20:97:8e:f1:09:9e:11:93:6f:d9:97:79:b9:a1:64:
         d7:f7:c5:42:38:4f:36:4a:5a:e9:69:8f:67:ad:ea:fb:fd:3e:
         3e:09:0d:cb:ef:e3:dc:6a:88:ae:6a:42:1d:7c:1e:2d:8e:cc:
         1b:49:a6:76:d5:d9:a7:64:b6:31:5c:ea:c6:50:71:6d:05:60:
         4e:52:58:92:76:77:79:8e:f3:b9:b4:01:f2:f3:38:b0:65:32:
         7e:3b:c6:5b:17:e0:e2:90:a0:62:ce:92:73:04:ce:16:a5:e4:
         90:e1:d7:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHom0JsuRB5JvmA9eSNUTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMjEwMTI1OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA0MmViMjQ3ZmYxOWRjMzgwY2VkZmExZTlmZTNhNDgzYmJhMWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hHopgVAAN1a6Rm7fA3PKTt3jwHu
pDC6WMCZkulqIowWbo06zT0RDcWni0UXzjgqDv3U2JqUFwHH8ceRAg5wLVe0c14h
avEA1MP+WHzUt2/n+DxyACPkGDdmGeQiN2TBO7JpJSMiRZw8CbImXJXNRowiGI9O
lQwEAxEzG5AzG9ffGyl0cehs3rElv5cmfEqmummaPkYjGfF0KO/svLnbJl74TNrg
t0GkwHiiASKi12rvb5ejBDDzn+Co97sb6QowHW74MY7YLaMgVRhkcol9bClgfgbe
c+0K5NqQbzBWwK7vCmYEYo72vVce6E7cwjGWDzK3rPoE4YQJlCyYKWyRkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0ELrJH/xncOAzt+h6f46SDu6G7MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvYlFRdXNrZl9HZHc0RE8zNkhwX2pwSU83b2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+XMA0G
CSqGSIb3DQEBCwUAA4IBAQAGJwHtTRjOShlQyI35eFiEo/jaRgvMzhSmJoQiOeI4
rZFAq3UYKvUYC22I1HXjt9yMeDdChG7MxlY00eLWK2ow0UFcBji4UMxvXViNc8f8
VtidWs7pK3+IzgXnNYh7PY338v0fupkFA19tL0BHEppvDicxQlOVOEuyuQYmiC3n
jTXrrUOH26PNrE1HT5KlSxT7bDwgl47xCZ4Rk2/Zl3m5oWTX98VCOE82SlrpaY9n
rer7/T4+CQ3L7+PcaoiuakIdfB4tjswbSaZ21dmnZLYxXOrGUHFtBWBOUliSdnd5
jvO5tAHy8ziwZTJ+O8ZbF+DikKBizpJzBM4WpeSQ4dcM
-----END CERTIFICATE-----