Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/Bg-OtisBUwjdEBIGSM7g7FBg2VM.roa
File:                     Bg-OtisBUwjdEBIGSM7g7FBg2VM.roa (raw, json)
Hash identifier:          ozuaJObBitpJuXLUUTDns0BTPq/twpAoYpCqyXvMtNc=
Subject key identifier:   06:0F:8E:B6:2B:01:53:08:DD:10:12:06:48:CE:E0:EC:50:60:D9:53
Certificate issuer:       /CN=1165cf81bf5a3d0cf59d4131148a761f34bf9ca8
Certificate serial:       019C6ACD1B79BD7EEE513AC833C3FBD9D4BE
Authority key identifier: 11:65:CF:81:BF:5A:3D:0C:F5:9D:41:31:14:8A:76:1F:34:BF:9C:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EWXPgb9aPQz1nUExFIp2HzS_nKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/Bg-OtisBUwjdEBIGSM7g7FBg2VM.roa
Signing time:             Tue 17 Feb 2026 08:52:32 +0000
ROA not before:           Tue 17 Feb 2026 08:52:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213098
IP address blocks:        85.209.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/EWXPgb9aPQz1nUExFIp2HzS_nKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/EWXPgb9aPQz1nUExFIp2HzS_nKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EWXPgb9aPQz1nUExFIp2HzS_nKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6a:cd:1b:79:bd:7e:ee:51:3a:c8:33:c3:fb:d9:d4:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1165cf81bf5a3d0cf59d4131148a761f34bf9ca8
        Validity
            Not Before: Feb 17 08:52:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=060f8eb62b015308dd10120648cee0ec5060d953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:7e:bb:cd:5e:2b:00:06:0a:b4:45:49:00:f8:
                    7a:55:fb:66:42:20:47:8b:74:82:92:06:ab:06:d7:
                    f5:49:c2:09:36:92:af:76:61:83:64:18:bd:e1:9d:
                    0c:97:17:43:70:80:a8:59:60:6c:10:c7:bb:6d:ac:
                    88:c0:cf:31:92:38:3b:35:0e:15:69:49:11:62:70:
                    2e:7e:04:f8:1a:79:4a:eb:43:59:54:4e:66:92:61:
                    10:ec:32:f5:35:33:2d:da:4c:44:e4:f5:5a:44:7a:
                    c1:e7:64:33:81:ef:fa:74:e2:b6:5c:ea:99:c9:16:
                    0a:5f:a8:5a:8e:ef:6b:4b:28:17:48:11:33:3b:85:
                    83:32:3d:10:26:36:20:8d:ed:00:cf:79:ef:ae:c6:
                    f4:3e:e7:c2:1a:50:74:67:38:5c:82:58:de:34:8d:
                    05:bd:46:27:09:36:7c:2a:85:ca:de:3e:61:a9:d9:
                    a6:db:0c:9c:d1:0a:8a:62:26:10:e1:18:a8:99:80:
                    d1:3d:9f:0c:0c:40:d8:60:aa:f4:37:46:af:a3:93:
                    55:79:ac:c8:a7:60:3f:15:9f:26:35:5a:f0:45:6a:
                    b9:f8:21:91:2c:02:75:de:8b:06:97:b0:a5:ec:45:
                    0c:11:0d:1e:2e:37:d2:f2:47:09:04:cb:7a:7a:9c:
                    a2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:0F:8E:B6:2B:01:53:08:DD:10:12:06:48:CE:E0:EC:50:60:D9:53
            X509v3 Authority Key Identifier:
                keyid:11:65:CF:81:BF:5A:3D:0C:F5:9D:41:31:14:8A:76:1F:34:BF:9C:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EWXPgb9aPQz1nUExFIp2HzS_nKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/Bg-OtisBUwjdEBIGSM7g7FBg2VM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/EWXPgb9aPQz1nUExFIp2HzS_nKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:86:11:17:98:87:9c:60:d6:41:db:88:fd:8e:ca:b2:3f:e1:
         3d:95:d4:99:44:c6:9a:ce:3a:51:4d:b1:c4:10:69:05:d3:81:
         44:39:82:5e:94:37:6a:f0:17:f6:cc:e8:55:f9:70:56:0a:d8:
         bd:70:82:25:da:de:4d:8c:2b:91:68:54:70:3e:3e:57:08:07:
         0f:bd:43:2a:05:cd:48:62:42:bf:ce:7d:5f:2f:35:36:de:bc:
         8a:9b:e9:7f:43:8d:bc:ca:69:a6:e6:d6:d5:90:18:3d:33:90:
         a1:02:90:33:76:a8:52:0a:43:1c:9d:c7:8a:79:67:c0:f3:89:
         cd:89:30:fd:6e:52:53:91:e1:ec:0a:04:b5:a4:a6:53:44:cf:
         5e:5c:60:4f:b1:f6:71:ca:61:92:4a:2d:96:db:06:f0:9b:96:
         39:1c:84:af:22:90:d4:ea:f2:7b:37:e8:b1:54:c9:55:65:a5:
         1b:bc:3a:e3:29:97:ed:40:8d:75:5b:5b:0e:35:cb:9c:3f:54:
         19:24:1e:3f:4f:83:9b:b9:44:98:b2:62:8b:5c:da:10:cc:ff:
         bf:55:90:5a:eb:c4:7e:26:82:d6:99:73:c5:86:0d:eb:76:4e:
         93:be:2c:bf:e6:e6:fe:e0:99:24:57:cd:03:f0:96:60:55:2c:
         84:e6:68:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxqzRt5vX7uUTrIM8P72dS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNjVjZjgxYmY1YTNkMGNmNTlkNDEzMTE0OGE3NjFmMzRi
ZjljYTgwHhcNMjYwMjE3MDg1MjMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjBmOGViNjJiMDE1MzA4ZGQxMDEyMDY0OGNlZTBlYzUwNjBkOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3H67zV4rAAYKtEVJAPh6VftmQiBH
i3SCkgarBtf1ScIJNpKvdmGDZBi94Z0MlxdDcICoWWBsEMe7bayIwM8xkjg7NQ4V
aUkRYnAufgT4GnlK60NZVE5mkmEQ7DL1NTMt2kxE5PVaRHrB52Qzge/6dOK2XOqZ
yRYKX6haju9rSygXSBEzO4WDMj0QJjYgje0Az3nvrsb0PufCGlB0ZzhcgljeNI0F
vUYnCTZ8KoXK3j5hqdmm2wyc0QqKYiYQ4RiomYDRPZ8MDEDYYKr0N0avo5NVeazI
p2A/FZ8mNVrwRWq5+CGRLAJ13osGl7Cl7EUMEQ0eLjfS8kcJBMt6epyilQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYPjrYrAVMI3RASBkjO4OxQYNlTMB8GA1UdIwQY
MBaAFBFlz4G/Wj0M9Z1BMRSKdh80v5yoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVdYUGdiOWFQUXoxblVFeEZJcDJIelNfbktnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9kNmRlMGItOWUzOC00MjQ0LWI5ZjMt
OTNiYTgyMGE3NWI3LzEvQmctT3Rpc0JVd2pkRUJJR1NNN2c3RkJnMlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9kNmRlMGItOWUzOC00MjQ0LWI5ZjMtOTNiYTgyMGE3NWI3
LzEvRVdYUGdiOWFQUXoxblVFeEZJcDJIelNfbktnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdEqMA0G
CSqGSIb3DQEBCwUAA4IBAQDEhhEXmIecYNZB24j9jsqyP+E9ldSZRMaazjpRTbHE
EGkF04FEOYJelDdq8Bf2zOhV+XBWCti9cIIl2t5NjCuRaFRwPj5XCAcPvUMqBc1I
YkK/zn1fLzU23ryKm+l/Q428ymmm5tbVkBg9M5ChApAzdqhSCkMcnceKeWfA84nN
iTD9blJTkeHsCgS1pKZTRM9eXGBPsfZxymGSSi2W2wbwm5Y5HISvIpDU6vJ7N+ix
VMlVZaUbvDrjKZftQI11W1sONcucP1QZJB4/T4ObuUSYsmKLXNoQzP+/VZBa68R+
JoLWmXPFhg3rdk6Tviy/5ub+4JkkV80D8JZgVSyE5mjE
-----END CERTIFICATE-----