Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/08b2c7-5907-435f-8ee6-abdaa2ba2c7f/1/qhkhDbPLjPfZGzwb2pQpWhREyBA.roa
File:                     qhkhDbPLjPfZGzwb2pQpWhREyBA.roa (raw, json)
Hash identifier:          ClIQH06bbp+6RP85PzycOSnYtQQfejT/0AH06HLWtZo=
Subject key identifier:   AA:19:21:0D:B3:CB:8C:F7:D9:1B:3C:1B:DA:94:29:5A:14:44:C8:10
Certificate issuer:       /CN=aa358cc061e36be03a4ed92ad671780f06589be3
Certificate serial:       019B7DCAEE31BB03137D01DCFF23CCA73BF1
Authority key identifier: AA:35:8C:C0:61:E3:6B:E0:3A:4E:D9:2A:D6:71:78:0F:06:58:9B:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qjWMwGHja-A6Ttkq1nF4DwZYm-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/08b2c7-5907-435f-8ee6-abdaa2ba2c7f/1/qhkhDbPLjPfZGzwb2pQpWhREyBA.roa
Signing time:             Fri 02 Jan 2026 08:20:09 +0000
ROA not before:           Fri 02 Jan 2026 08:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198183
IP address blocks:        130.255.88.0/24 maxlen: 24
                          130.255.89.0/24 maxlen: 24
                          130.255.90.0/24 maxlen: 24
                          130.255.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/08b2c7-5907-435f-8ee6-abdaa2ba2c7f/1/qjWMwGHja-A6Ttkq1nF4DwZYm-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/08b2c7-5907-435f-8ee6-abdaa2ba2c7f/1/qjWMwGHja-A6Ttkq1nF4DwZYm-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qjWMwGHja-A6Ttkq1nF4DwZYm-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:ee:31:bb:03:13:7d:01:dc:ff:23:cc:a7:3b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa358cc061e36be03a4ed92ad671780f06589be3
        Validity
            Not Before: Jan  2 08:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa19210db3cb8cf7d91b3c1bda94295a1444c810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:21:42:c6:d1:d8:5d:9b:6e:df:59:57:29:9e:
                    b4:be:73:96:65:a0:f8:6f:03:10:9d:cb:f3:65:8f:
                    fa:fe:7b:a3:ca:09:54:a3:98:8c:be:de:01:8e:7e:
                    9b:b5:18:86:28:46:e9:8b:42:73:32:5a:b1:7f:67:
                    ed:5a:0a:c8:5f:93:34:3e:ae:23:57:80:4c:14:fb:
                    b5:a9:bd:92:39:78:36:40:8a:6c:32:f7:e7:12:a1:
                    c6:dc:a6:59:2e:82:9a:cf:cd:4a:b2:e5:28:7e:a1:
                    5d:6f:cb:8b:50:69:01:03:b5:6f:b0:11:da:9a:ab:
                    dd:c8:4c:02:97:f9:da:40:e4:c5:41:40:92:9f:a6:
                    cf:5d:1f:ce:fa:4c:3a:94:fe:f8:e7:6a:e7:85:b4:
                    96:54:7d:db:81:8a:b1:52:97:16:ba:e9:e3:ab:11:
                    90:83:3f:f5:9d:78:52:65:3f:5e:95:c2:3c:e4:a4:
                    47:9a:dd:96:59:64:43:77:1a:0e:f3:02:66:83:ff:
                    3d:23:a3:81:29:b2:b5:3b:2c:da:53:1b:12:82:f3:
                    44:1d:dd:9e:15:aa:3b:f5:ad:fb:30:b7:83:2d:83:
                    d3:32:24:8c:22:12:92:71:e0:d6:66:c7:d3:1c:ff:
                    41:77:81:d3:de:43:18:d6:25:60:cb:9e:14:d5:cc:
                    b3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:19:21:0D:B3:CB:8C:F7:D9:1B:3C:1B:DA:94:29:5A:14:44:C8:10
            X509v3 Authority Key Identifier:
                keyid:AA:35:8C:C0:61:E3:6B:E0:3A:4E:D9:2A:D6:71:78:0F:06:58:9B:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qjWMwGHja-A6Ttkq1nF4DwZYm-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/08b2c7-5907-435f-8ee6-abdaa2ba2c7f/1/qhkhDbPLjPfZGzwb2pQpWhREyBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/08b2c7-5907-435f-8ee6-abdaa2ba2c7f/1/qjWMwGHja-A6Ttkq1nF4DwZYm-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.255.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:b5:a5:05:b1:86:94:0d:bf:14:e6:29:81:a5:00:71:da:c8:
         7f:d4:78:fe:77:05:74:8b:cb:78:dc:eb:ff:c9:49:5d:c6:33:
         58:63:95:79:d7:3d:76:fd:b6:67:4f:a5:ba:39:f4:77:9c:46:
         ec:08:d3:ee:16:ab:c1:b9:a2:2e:90:2a:c8:18:ac:a6:f8:fe:
         a0:8a:d5:ff:fd:be:dc:f1:e2:5c:2f:de:78:6d:af:d9:97:fa:
         61:99:8c:ff:a3:40:3b:60:e3:a9:27:83:7d:30:3b:db:7d:14:
         03:42:48:e1:1b:24:09:07:f6:40:6c:33:04:f4:98:4a:62:9d:
         d7:15:4e:47:95:27:e2:6b:51:5e:67:a4:92:09:a4:e0:f9:0c:
         a6:46:80:88:c1:b9:70:fc:4e:fc:36:4a:39:1b:33:8f:db:51:
         0a:b6:fe:1d:52:0b:b9:36:16:94:b5:d8:54:53:0d:aa:27:56:
         3c:90:ef:50:73:bf:2e:9f:b5:37:83:31:57:a1:14:0c:53:c5:
         12:a7:e9:b3:09:b0:ca:fa:8a:21:64:70:83:2c:53:dd:7f:e3:
         28:02:6a:3d:f8:e9:0b:14:60:81:6f:58:4b:62:63:d8:db:9c:
         17:78:70:f0:12:53:78:65:63:80:f3:56:37:55:5a:4b:04:86:
         f7:36:f8:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yu4xuwMTfQHc/yPMpzvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMzU4Y2MwNjFlMzZiZTAzYTRlZDkyYWQ2NzE3ODBmMDY1
ODliZTMwHhcNMjYwMTAyMDgyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTE5MjEwZGIzY2I4Y2Y3ZDkxYjNjMWJkYTk0Mjk1YTE0NDRjODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCFCxtHYXZtu31lXKZ60vnOWZaD4
bwMQncvzZY/6/nujyglUo5iMvt4Bjn6btRiGKEbpi0JzMlqxf2ftWgrIX5M0Pq4j
V4BMFPu1qb2SOXg2QIpsMvfnEqHG3KZZLoKaz81KsuUofqFdb8uLUGkBA7VvsBHa
mqvdyEwCl/naQOTFQUCSn6bPXR/O+kw6lP7452rnhbSWVH3bgYqxUpcWuunjqxGQ
gz/1nXhSZT9elcI85KRHmt2WWWRDdxoO8wJmg/89I6OBKbK1OyzaUxsSgvNEHd2e
Fao79a37MLeDLYPTMiSMIhKSceDWZsfTHP9Bd4HT3kMY1iVgy54U1cyz0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoZIQ2zy4z32Rs8G9qUKVoURMgQMB8GA1UdIwQY
MBaAFKo1jMBh42vgOk7ZKtZxeA8GWJvjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWpXTXdHSGphLUE2VHRrcTFuRjREd1pZbS1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8wOGIyYzctNTkwNy00MzVmLThlZTYt
YWJkYWEyYmEyYzdmLzEvcWhraERiUExqUGZaR3p3YjJwUXBXaFJFeUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8wOGIyYzctNTkwNy00MzVmLThlZTYtYWJkYWEyYmEyYzdm
LzEvcWpXTXdHSGphLUE2VHRrcTFuRjREd1pZbS1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgv9YMA0G
CSqGSIb3DQEBCwUAA4IBAQBwtaUFsYaUDb8U5imBpQBx2sh/1Hj+dwV0i8t43Ov/
yUldxjNYY5V51z12/bZnT6W6OfR3nEbsCNPuFqvBuaIukCrIGKym+P6gitX//b7c
8eJcL954ba/Zl/phmYz/o0A7YOOpJ4N9MDvbfRQDQkjhGyQJB/ZAbDME9JhKYp3X
FU5HlSfia1FeZ6SSCaTg+QymRoCIwblw/E78Nko5GzOP21EKtv4dUgu5NhaUtdhU
Uw2qJ1Y8kO9Qc78un7U3gzFXoRQMU8USp+mzCbDK+oohZHCDLFPdf+MoAmo9+OkL
FGCBb1hLYmPY25wXeHDwElN4ZWOA81Y3VVpLBIb3NviN
-----END CERTIFICATE-----