Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/QTUs2t29sOiO1bQndfZmKxNAYdQ.roa
File:                     QTUs2t29sOiO1bQndfZmKxNAYdQ.roa (raw, json)
Hash identifier:          myzQSNEVPstuOfu5qsB9AEg4A9vQ4YhsK6/lq/QzmjU=
Subject key identifier:   41:35:2C:DA:DD:BD:B0:E8:8E:D5:B4:27:75:F6:66:2B:13:40:61:D4
Certificate issuer:       /CN=dfd046af5edc11964096dc20f6af1de55d9c9030
Certificate serial:       019C765F734CE91234EF7C932393F425FC27
Authority key identifier: DF:D0:46:AF:5E:DC:11:96:40:96:DC:20:F6:AF:1D:E5:5D:9C:90:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/QTUs2t29sOiO1bQndfZmKxNAYdQ.roa
Signing time:             Thu 19 Feb 2026 14:48:12 +0000
ROA not before:           Thu 19 Feb 2026 14:48:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202233
IP address blocks:        131.222.238.0/24 maxlen: 24
                          131.222.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:5f:73:4c:e9:12:34:ef:7c:93:23:93:f4:25:fc:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfd046af5edc11964096dc20f6af1de55d9c9030
        Validity
            Not Before: Feb 19 14:48:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41352cdaddbdb0e88ed5b42775f6662b134061d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:44:79:58:eb:a7:47:5b:ca:6d:37:ed:8f:fd:
                    b1:21:02:99:64:6d:32:36:72:c2:cb:dc:88:0b:e5:
                    18:b7:42:d4:42:3e:a2:a9:47:83:58:ef:14:53:ae:
                    55:3c:5e:e7:55:6e:7a:c8:c3:b2:dd:5c:68:c3:31:
                    1d:04:ca:b1:4c:ea:52:4d:3f:0e:f2:bf:ac:15:3d:
                    17:3d:83:ba:10:a3:47:ba:cf:8d:35:f0:31:91:b2:
                    13:22:cf:46:de:4a:d2:1b:91:6c:06:fd:ab:85:b5:
                    7f:12:d1:4e:59:c3:19:a9:71:61:88:16:e8:41:c2:
                    ab:37:c5:d2:c1:84:62:e8:d1:10:7f:96:a6:52:29:
                    89:3c:e1:27:38:bc:4a:f4:e9:b3:aa:83:4b:8e:e1:
                    db:4b:78:9a:76:64:5f:ff:82:62:b5:fa:c6:11:10:
                    e4:96:3b:70:c5:48:36:e8:a7:0c:7f:4c:3e:23:22:
                    04:a5:17:6b:8c:d2:00:9a:28:a8:74:33:ff:4f:0c:
                    38:37:fb:61:27:52:e2:66:80:3d:a7:f9:5a:62:64:
                    07:b2:c3:d2:eb:0f:15:dc:ce:7d:47:78:e2:bb:57:
                    62:2b:fd:58:80:70:6c:ee:b7:1f:f5:f4:78:e2:05:
                    d9:21:80:14:c1:80:21:5c:fd:25:66:db:13:fb:49:
                    3a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:35:2C:DA:DD:BD:B0:E8:8E:D5:B4:27:75:F6:66:2B:13:40:61:D4
            X509v3 Authority Key Identifier:
                keyid:DF:D0:46:AF:5E:DC:11:96:40:96:DC:20:F6:AF:1D:E5:5D:9C:90:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/QTUs2t29sOiO1bQndfZmKxNAYdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:8e:65:68:f5:f4:a9:54:43:d6:b7:65:aa:c9:d2:2b:27:2a:
         45:ca:97:07:47:bc:ef:9e:28:a8:26:3e:1d:19:bf:f9:61:b7:
         d1:42:dc:81:54:22:1a:61:12:d4:dd:2a:1d:43:a1:d1:25:3e:
         28:a5:1c:56:8e:d1:82:42:f0:8d:39:f7:21:4f:5b:74:21:26:
         60:78:f6:ec:0b:61:81:eb:fb:7b:76:ee:e3:49:e2:78:2c:55:
         5f:b5:5c:ac:b4:b9:14:e1:74:98:03:4e:bf:1e:ae:dc:1f:4e:
         5d:e3:bf:e6:0d:93:2a:fb:e4:31:34:9a:63:bf:cd:f4:5a:dc:
         3e:3f:3d:f9:e5:d1:fa:7a:28:bd:2a:dc:7d:7b:b2:24:48:e3:
         fb:5a:8e:60:68:9f:a2:85:39:6f:32:ed:41:84:8b:59:d0:60:
         68:f3:98:14:a1:81:47:13:f1:9b:c0:6c:91:d2:a8:a4:4b:0b:
         40:cd:33:02:0d:e3:df:8e:e7:45:a7:87:85:78:e6:af:a2:20:
         eb:95:fa:b2:0a:7b:63:e1:d7:9b:c8:82:78:99:3e:6a:53:7f:
         89:9e:6d:e6:7d:92:49:a0:66:93:5e:db:c3:a7:8f:94:98:14:
         19:aa:dc:3d:9d:d3:95:83:93:7b:55:21:5c:bd:02:42:44:55:
         f5:c2:6e:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx2X3NM6RI073yTI5P0JfwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZDA0NmFmNWVkYzExOTY0MDk2ZGMyMGY2YWYxZGU1NWQ5
YzkwMzAwHhcNMjYwMjE5MTQ0ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTM1MmNkYWRkYmRiMGU4OGVkNWI0Mjc3NWY2NjYyYjEzNDA2MWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUR5WOunR1vKbTftj/2xIQKZZG0y
NnLCy9yIC+UYt0LUQj6iqUeDWO8UU65VPF7nVW56yMOy3VxowzEdBMqxTOpSTT8O
8r+sFT0XPYO6EKNHus+NNfAxkbITIs9G3krSG5FsBv2rhbV/EtFOWcMZqXFhiBbo
QcKrN8XSwYRi6NEQf5amUimJPOEnOLxK9OmzqoNLjuHbS3iadmRf/4JitfrGERDk
ljtwxUg26KcMf0w+IyIEpRdrjNIAmiiodDP/Tww4N/thJ1LiZoA9p/laYmQHssPS
6w8V3M59R3jiu1diK/1YgHBs7rcf9fR44gXZIYAUwYAhXP0lZtsT+0k6/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEE1LNrdvbDojtW0J3X2ZisTQGHUMB8GA1UdIwQY
MBaAFN/QRq9e3BGWQJbcIPavHeVdnJAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzlCR3IxN2NFWlpBbHR3ZzlxOGQ1VjJja0RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iZmQwZmYtODQ1ZS00ZTEyLWFjN2Mt
NTg4ZTBkOTIzYzE1LzEvUVRVczJ0MjlzT2lPMWJRbmRmWm1LeE5BWWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iZmQwZmYtODQ1ZS00ZTEyLWFjN2MtNTg4ZTBkOTIzYzE1
LzEvMzlCR3IxN2NFWlpBbHR3ZzlxOGQ1VjJja0RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBg97uMA0G
CSqGSIb3DQEBCwUAA4IBAQABjmVo9fSpVEPWt2WqydIrJypFypcHR7zvniioJj4d
Gb/5YbfRQtyBVCIaYRLU3SodQ6HRJT4opRxWjtGCQvCNOfchT1t0ISZgePbsC2GB
6/t7du7jSeJ4LFVftVystLkU4XSYA06/Hq7cH05d47/mDZMq++QxNJpjv830Wtw+
Pz355dH6eii9Ktx9e7IkSOP7Wo5gaJ+ihTlvMu1BhItZ0GBo85gUoYFHE/GbwGyR
0qikSwtAzTMCDePfjudFp4eFeOavoiDrlfqyCntj4debyIJ4mT5qU3+Jnm3mfZJJ
oGaTXtvDp4+UmBQZqtw9ndOVg5N7VSFcvQJCRFX1wm5N
-----END CERTIFICATE-----