Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QZ9Hy4YR6qqRVGYrBQ364-luByU.roa
File:                     QZ9Hy4YR6qqRVGYrBQ364-luByU.roa (raw, json)
Hash identifier:          zYKRahPY/3OS+9DtdC+1rdZKL2/nyjDKYKsD4BJXYT4=
Subject key identifier:   41:9F:47:CB:86:11:EA:AA:91:54:66:2B:05:0D:FA:E3:E9:6E:07:25
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019C75742C7A4243C23BFBC95FEF8553EAD1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QZ9Hy4YR6qqRVGYrBQ364-luByU.roa
Signing time:             Thu 19 Feb 2026 10:31:13 +0000
ROA not before:           Thu 19 Feb 2026 10:31:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0c:b641:1d0::/44 maxlen: 48
                          2a0c:b641:7b0::/44 maxlen: 128
                          2a0c:b641:990::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:74:2c:7a:42:43:c2:3b:fb:c9:5f:ef:85:53:ea:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb 19 10:31:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=419f47cb8611eaaa9154662b050dfae3e96e0725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e4:92:6f:09:5f:b3:1b:7a:3f:75:5c:71:55:
                    58:8a:82:0c:b6:86:e1:88:19:d6:94:05:dd:59:f6:
                    57:28:36:9e:19:6c:99:72:77:75:4d:34:1c:00:d4:
                    8b:e9:11:d3:50:5c:60:1b:45:4e:40:1a:05:46:b3:
                    26:be:44:87:13:4a:0b:75:73:1e:8c:fa:d6:a8:50:
                    60:b2:b2:27:4e:56:fc:26:e2:2e:6e:b4:55:82:b2:
                    6d:d2:5a:21:53:7b:5b:cf:f7:72:40:f5:18:f4:84:
                    e8:93:f5:fe:5b:37:bf:8a:20:df:ce:88:03:5e:9a:
                    ab:1d:92:a0:69:ef:50:f6:b2:85:30:1f:98:86:f4:
                    39:f1:16:cf:73:56:f1:00:89:40:e3:08:51:1b:69:
                    ab:b2:d5:31:92:46:a1:bc:16:45:f4:32:cb:cc:32:
                    b2:fb:75:65:71:86:1a:0d:59:f3:64:28:1a:a5:d5:
                    ae:17:ff:48:ed:c4:0b:7b:2a:6f:fb:c0:39:0a:42:
                    e8:38:50:0f:3d:34:66:d6:cb:8b:19:ca:16:75:32:
                    78:04:26:ad:7e:87:f2:f1:b6:93:26:b0:fa:fc:4f:
                    6d:0b:a5:2a:5b:bf:83:72:eb:a1:62:e6:63:f3:d3:
                    87:24:c2:b1:0c:84:58:c3:72:fc:74:80:61:1c:3e:
                    52:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:9F:47:CB:86:11:EA:AA:91:54:66:2B:05:0D:FA:E3:E9:6E:07:25
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QZ9Hy4YR6qqRVGYrBQ364-luByU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1d0::/44
                  2a0c:b641:7b0::/44
                  2a0c:b641:990::/44

    Signature Algorithm: sha256WithRSAEncryption
         63:15:f1:4e:6e:66:be:99:44:90:98:e7:4c:64:3e:ba:63:5e:
         26:91:c5:32:c0:6a:31:df:23:3e:45:6e:76:00:ad:6b:81:85:
         0c:a7:ce:58:ce:ef:12:05:63:92:04:3b:7c:5b:48:77:64:73:
         85:e1:b3:ff:b8:6d:6a:1c:19:33:6d:bf:7f:67:fc:63:6a:7f:
         86:45:4e:23:21:91:e1:9b:2f:32:a2:cd:f1:91:6d:dd:58:f0:
         0c:48:da:b8:05:ba:36:7e:2e:a4:4b:e1:e0:a0:e3:25:28:45:
         15:75:19:ee:07:85:20:89:77:ce:1f:c3:00:d7:e1:ea:d4:45:
         fe:66:40:e8:2a:4e:da:31:0b:4d:d9:e9:50:2d:14:52:48:4d:
         f6:6f:1b:40:e2:e4:c0:27:e9:a3:3c:b8:14:14:88:22:aa:87:
         7d:f8:ad:9e:1d:e8:06:6f:01:a8:40:3b:9b:ba:31:f1:62:f8:
         90:9d:b6:5a:9d:14:76:80:b7:51:0f:bc:d4:53:5d:c2:ca:a6:
         b0:ee:4d:2c:9e:a1:ec:4b:dc:14:71:9c:d9:10:7f:bf:29:1d:
         41:a8:df:ff:a5:c4:4f:9e:a9:ac:5a:02:1d:76:92:ec:32:8e:
         81:d3:32:60:cb:e4:42:6d:c6:76:cc:09:ef:93:43:74:3e:ea:
         05:2a:de:c8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZx1dCx6QkPCO/vJX++FU+rRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMjE5MTAzMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTlmNDdjYjg2MTFlYWFhOTE1NDY2MmIwNTBkZmFlM2U5NmUwNzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOSSbwlfsxt6P3VccVVYioIMtobh
iBnWlAXdWfZXKDaeGWyZcnd1TTQcANSL6RHTUFxgG0VOQBoFRrMmvkSHE0oLdXMe
jPrWqFBgsrInTlb8JuIubrRVgrJt0lohU3tbz/dyQPUY9ITok/X+Wze/iiDfzogD
XpqrHZKgae9Q9rKFMB+YhvQ58RbPc1bxAIlA4whRG2mrstUxkkahvBZF9DLLzDKy
+3VlcYYaDVnzZCgapdWuF/9I7cQLeypv+8A5CkLoOFAPPTRm1suLGcoWdTJ4BCat
fofy8baTJrD6/E9tC6UqW7+DcuuhYuZj89OHJMKxDIRYw3L8dIBhHD5SXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEGfR8uGEeqqkVRmKwUN+uPpbgclMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUVo5SHk0WVI2cXFSVkdZckJRMzY0LWx1QnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKgy2QQHQ
AwcEKgy2QQewAwcEKgy2QQmQMA0GCSqGSIb3DQEBCwUAA4IBAQBjFfFObma+mUSQ
mOdMZD66Y14mkcUywGox3yM+RW52AK1rgYUMp85Yzu8SBWOSBDt8W0h3ZHOF4bP/
uG1qHBkzbb9/Z/xjan+GRU4jIZHhmy8yos3xkW3dWPAMSNq4Bbo2fi6kS+HgoOMl
KEUVdRnuB4UgiXfOH8MA1+Hq1EX+ZkDoKk7aMQtN2elQLRRSSE32bxtA4uTAJ+mj
PLgUFIgiqod9+K2eHegGbwGoQDubujHxYviQnbZanRR2gLdRD7zUU13Cyqaw7k0s
nqHsS9wUcZzZEH+/KR1BqN//pcRPnqmsWgIddpLsMo6B0zJgy+RCbcZ2zAnvk0N0
PuoFKt7I
-----END CERTIFICATE-----