Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/d2b86b-1ab8-4574-be8b-8c322e7437e4/1/JQH3U3cXJOwqHLIl-7Bwky7-HLY.roa
File:                     JQH3U3cXJOwqHLIl-7Bwky7-HLY.roa (raw, json)
Hash identifier:          SJWNpyd0W8U00MUBSeKEN8/PPIQ0TFlfn5di0BSI3Hg=
Subject key identifier:   25:01:F7:53:77:17:24:EC:2A:1C:B2:25:FB:B0:70:93:2E:FE:1C:B6
Certificate issuer:       /CN=e268bd0d25e55ac1a42a84c2a3b9c8908361d6e1
Certificate serial:       019C751060685E33363DE687CF6523876545
Authority key identifier: E2:68:BD:0D:25:E5:5A:C1:A4:2A:84:C2:A3:B9:C8:90:83:61:D6:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4mi9DSXlWsGkKoTCo7nIkINh1uE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/d2b86b-1ab8-4574-be8b-8c322e7437e4/1/JQH3U3cXJOwqHLIl-7Bwky7-HLY.roa
Signing time:             Thu 19 Feb 2026 08:42:13 +0000
ROA not before:           Thu 19 Feb 2026 08:42:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12329
IP address blocks:        185.19.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/d2b86b-1ab8-4574-be8b-8c322e7437e4/1/4mi9DSXlWsGkKoTCo7nIkINh1uE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/d2b86b-1ab8-4574-be8b-8c322e7437e4/1/4mi9DSXlWsGkKoTCo7nIkINh1uE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4mi9DSXlWsGkKoTCo7nIkINh1uE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:10:60:68:5e:33:36:3d:e6:87:cf:65:23:87:65:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e268bd0d25e55ac1a42a84c2a3b9c8908361d6e1
        Validity
            Not Before: Feb 19 08:42:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2501f753771724ec2a1cb225fbb070932efe1cb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:61:5a:d6:a1:bf:3f:e5:f4:a6:3a:ce:81:03:
                    55:59:b3:ba:05:1a:a0:eb:4e:93:ae:43:b4:19:9a:
                    8c:83:0b:6a:03:88:db:8b:ad:39:9e:d9:f2:49:9a:
                    ab:de:0b:d2:23:c1:55:54:54:f2:89:26:ca:29:aa:
                    48:20:7f:34:2a:dc:73:89:ac:e4:4f:f3:8f:11:db:
                    73:02:f9:b7:8f:47:13:59:07:06:12:33:47:68:9d:
                    be:13:45:b3:7b:11:cc:59:d7:ca:73:95:a7:68:fd:
                    3d:ed:9a:63:5b:b3:dd:ff:9a:45:b7:3f:ad:b7:c2:
                    72:17:5d:cb:6f:df:19:93:72:62:62:89:10:2f:40:
                    5f:7a:f1:47:b0:01:d5:2e:5a:13:b5:48:80:fa:69:
                    6e:6e:4c:c7:1a:df:f5:f4:76:2b:94:2d:e0:3d:82:
                    5a:b7:56:6d:c9:fd:1d:c3:84:68:b9:e8:81:46:8c:
                    a9:e3:ad:b9:7d:fb:02:cd:07:b3:60:5e:96:d9:44:
                    64:7a:dd:6e:51:e3:23:d9:d3:99:ac:3f:4d:26:23:
                    66:3a:5c:57:85:e5:70:04:71:07:ce:24:60:00:af:
                    20:ef:88:09:a5:33:be:ad:4a:a7:a7:d1:20:cf:00:
                    c4:df:e4:f0:71:99:61:c9:31:22:a4:e7:d5:76:7f:
                    cc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:01:F7:53:77:17:24:EC:2A:1C:B2:25:FB:B0:70:93:2E:FE:1C:B6
            X509v3 Authority Key Identifier:
                keyid:E2:68:BD:0D:25:E5:5A:C1:A4:2A:84:C2:A3:B9:C8:90:83:61:D6:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4mi9DSXlWsGkKoTCo7nIkINh1uE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/d2b86b-1ab8-4574-be8b-8c322e7437e4/1/JQH3U3cXJOwqHLIl-7Bwky7-HLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/d2b86b-1ab8-4574-be8b-8c322e7437e4/1/4mi9DSXlWsGkKoTCo7nIkINh1uE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a5:e0:89:31:df:31:0f:fa:a8:d8:ef:be:d6:8b:be:aa:4d:
         21:4a:52:9f:15:a6:8e:20:c3:45:39:3c:a8:0f:6f:04:cc:27:
         05:36:02:4b:56:39:99:27:6a:ff:49:1c:bb:ad:02:a1:23:b7:
         e0:5b:67:41:db:bf:b2:32:26:b0:9a:33:d8:f1:06:51:fb:7f:
         cf:21:7d:35:c4:0a:ca:08:91:18:06:b0:32:2c:db:41:2d:65:
         c7:23:94:84:60:d3:a8:ec:14:3a:25:83:ae:f0:9f:0b:e8:fb:
         d7:79:31:87:75:85:58:fa:c7:53:31:ec:59:11:f4:fc:8b:eb:
         80:b1:69:fe:81:12:1d:48:a2:17:6b:94:74:c0:1e:06:05:6e:
         f4:2b:49:d3:05:f4:7d:b6:30:8f:9c:e1:ca:12:66:7b:8c:f1:
         68:75:0d:eb:9d:fe:89:35:c4:82:4a:87:b9:27:90:7a:c3:a4:
         06:37:1a:29:c7:04:21:dd:d8:b5:66:5e:69:12:d2:a0:c3:f6:
         1a:d1:b5:13:dc:20:6c:bf:dd:a0:99:e9:6a:58:bb:e8:8a:af:
         9a:63:d2:54:bc:41:4d:f6:90:79:30:26:85:85:26:be:86:91:
         75:55:30:99:43:e5:93:31:fd:ea:c7:16:b5:fe:53:d4:97:04:
         bb:9f:71:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx1EGBoXjM2PeaHz2Ujh2VFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNjhiZDBkMjVlNTVhYzFhNDJhODRjMmEzYjljODkwODM2
MWQ2ZTEwHhcNMjYwMjE5MDg0MjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTAxZjc1Mzc3MTcyNGVjMmExY2IyMjVmYmIwNzA5MzJlZmUxY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGFa1qG/P+X0pjrOgQNVWbO6BRqg
606TrkO0GZqMgwtqA4jbi605ntnySZqr3gvSI8FVVFTyiSbKKapIIH80Ktxziazk
T/OPEdtzAvm3j0cTWQcGEjNHaJ2+E0WzexHMWdfKc5WnaP097ZpjW7Pd/5pFtz+t
t8JyF13Lb98Zk3JiYokQL0BfevFHsAHVLloTtUiA+mlubkzHGt/19HYrlC3gPYJa
t1Ztyf0dw4RoueiBRoyp4625ffsCzQezYF6W2URket1uUeMj2dOZrD9NJiNmOlxX
heVwBHEHziRgAK8g74gJpTO+rUqnp9EgzwDE3+TwcZlhyTEipOfVdn/MTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUB91N3FyTsKhyyJfuwcJMu/hy2MB8GA1UdIwQY
MBaAFOJovQ0l5VrBpCqEwqO5yJCDYdbhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG1pOURTWGxXc0drS29UQ283bklrSU5oMXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kMmI4NmItMWFiOC00NTc0LWJlOGIt
OGMzMjJlNzQzN2U0LzEvSlFIM1UzY1hKT3dxSExJbC03QndreTctSExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kMmI4NmItMWFiOC00NTc0LWJlOGItOGMzMjJlNzQzN2U0
LzEvNG1pOURTWGxXc0drS29UQ283bklrSU5oMXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRMJMA0G
CSqGSIb3DQEBCwUAA4IBAQBOpeCJMd8xD/qo2O++1ou+qk0hSlKfFaaOIMNFOTyo
D28EzCcFNgJLVjmZJ2r/SRy7rQKhI7fgW2dB27+yMiawmjPY8QZR+3/PIX01xArK
CJEYBrAyLNtBLWXHI5SEYNOo7BQ6JYOu8J8L6PvXeTGHdYVY+sdTMexZEfT8i+uA
sWn+gRIdSKIXa5R0wB4GBW70K0nTBfR9tjCPnOHKEmZ7jPFodQ3rnf6JNcSCSoe5
J5B6w6QGNxopxwQh3di1Zl5pEtKgw/Ya0bUT3CBsv92gmelqWLvoiq+aY9JUvEFN
9pB5MCaFhSa+hpF1VTCZQ+WTMf3qxxa1/lPUlwS7n3Gp
-----END CERTIFICATE-----