Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/MkX0Qs5QdljMhK1aflh5MTKXzO4.roa
File:                     MkX0Qs5QdljMhK1aflh5MTKXzO4.roa (raw, json)
Hash identifier:          KSTQpt87uhzYNiHFxrY5cqxrzanTSAkQM+v7akSgplw=
Subject key identifier:   32:45:F4:42:CE:50:76:58:CC:84:AD:5A:7E:58:79:31:32:97:CC:EE
Certificate issuer:       /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial:       019C78E3FC3D790B3D04F4648A14A6F21091
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/MkX0Qs5QdljMhK1aflh5MTKXzO4.roa
Signing time:             Fri 20 Feb 2026 02:32:12 +0000
ROA not before:           Fri 20 Feb 2026 02:32:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        159.254.25.0/24 maxlen: 24
                          159.254.26.0/24 maxlen: 24
                          159.254.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:78:e3:fc:3d:79:0b:3d:04:f4:64:8a:14:a6:f2:10:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
        Validity
            Not Before: Feb 20 02:32:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3245f442ce507658cc84ad5a7e5879313297ccee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ac:65:8c:ba:79:c8:20:24:47:86:cf:71:42:
                    43:94:b2:8b:63:76:4f:ca:3a:f0:bc:f8:24:bf:0e:
                    34:24:39:b6:c4:48:20:a7:0c:85:49:4f:67:d5:a7:
                    d3:c4:7d:67:d8:98:b0:69:ba:18:1e:cf:23:5b:c2:
                    f7:33:85:1a:79:ad:91:33:e5:2d:c9:8e:77:78:c7:
                    ed:44:41:f8:1e:43:12:a8:2f:48:0f:5d:fd:d7:bb:
                    51:b9:98:38:95:15:49:26:fb:ab:21:35:8a:75:e6:
                    7f:29:fa:cd:9b:ac:a0:50:29:e7:84:9f:7d:b2:26:
                    e8:32:47:cd:50:bc:a1:5d:cc:64:0b:6a:68:71:ed:
                    a3:ba:5f:15:aa:af:5e:ad:43:e0:b3:8b:f7:87:89:
                    18:20:b4:d7:bf:bb:e4:be:a0:32:55:ab:35:39:5f:
                    3f:61:cf:0f:1a:a6:d8:b5:5f:aa:d1:d4:b5:ee:ef:
                    e9:39:90:19:b1:c9:9c:38:f7:aa:88:34:10:f5:fa:
                    5d:94:a5:26:32:97:35:7c:79:ac:a0:9d:97:65:bf:
                    20:2c:79:59:3a:43:f1:55:fd:a4:8d:1e:a2:7b:d2:
                    67:1e:c5:0f:81:3a:d3:25:0e:1b:c0:c0:30:55:a7:
                    c3:50:2a:ab:1e:0d:27:2a:d3:0c:d4:f7:06:5e:c1:
                    96:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:45:F4:42:CE:50:76:58:CC:84:AD:5A:7E:58:79:31:32:97:CC:EE
            X509v3 Authority Key Identifier:
                keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/MkX0Qs5QdljMhK1aflh5MTKXzO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.254.25.0-159.254.26.255
                  159.254.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:0d:3b:fa:4b:66:7f:31:bc:22:e7:69:cd:65:ba:f3:54:29:
         43:3e:03:b4:68:f7:78:0e:e2:4c:e5:e0:48:4f:b6:fb:33:e5:
         35:b8:a6:af:18:f2:1c:ce:8f:cc:7f:55:9a:cb:06:c6:c3:4e:
         25:b0:2c:fd:39:21:d3:68:2c:35:b2:68:9c:44:69:84:08:e1:
         78:26:21:dd:5a:53:27:80:f6:b2:69:a5:c8:94:b6:d6:95:47:
         70:c4:fc:eb:4e:78:1d:8a:99:be:7b:86:59:7e:7f:47:e0:aa:
         70:1c:9f:ca:15:27:d0:e7:da:00:4f:93:c5:22:1e:af:5e:f9:
         1d:1c:a9:ab:24:6f:01:86:ac:34:54:44:b5:30:14:c3:e5:eb:
         8a:c9:3d:e0:38:3e:07:0f:3f:6f:b4:5f:56:65:96:78:2f:06:
         e6:82:8b:97:ad:0e:21:6a:9d:db:74:65:1a:2d:40:aa:3a:c4:
         b0:4a:4a:99:26:06:34:ce:bf:8b:ad:b0:6f:ce:7a:74:34:a0:
         c4:57:41:ee:15:91:7e:5b:ac:85:0a:08:7f:eb:50:f2:b8:cd:
         d4:5a:11:a6:87:e4:71:26:4b:ea:de:60:92:a1:38:b6:71:e6:
         ac:05:aa:25:99:65:3d:cb:d6:e5:dc:00:d8:c2:09:e8:96:f0:
         58:e9:28:34
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZx44/w9eQs9BPRkihSm8hCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwMjIwMDIzMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ1ZjQ0MmNlNTA3NjU4Y2M4NGFkNWE3ZTU4NzkzMTMyOTdjY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKxljLp5yCAkR4bPcUJDlLKLY3ZP
yjrwvPgkvw40JDm2xEggpwyFSU9n1afTxH1n2JiwaboYHs8jW8L3M4Uaea2RM+Ut
yY53eMftREH4HkMSqC9ID13917tRuZg4lRVJJvurITWKdeZ/KfrNm6ygUCnnhJ99
siboMkfNULyhXcxkC2poce2jul8Vqq9erUPgs4v3h4kYILTXv7vkvqAyVas1OV8/
Yc8PGqbYtV+q0dS17u/pOZAZscmcOPeqiDQQ9fpdlKUmMpc1fHmsoJ2XZb8gLHlZ
OkPxVf2kjR6ie9JnHsUPgTrTJQ4bwMAwVafDUCqrHg0nKtMM1PcGXsGW2wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDJF9ELOUHZYzIStWn5YeTEyl8zuMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvTWtYMFFzNVFkbGpNaEsxYWZsaDVNVEtYek80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBACf/hkD
BACf/hoDBACf/hwwDQYJKoZIhvcNAQELBQADggEBAJcNO/pLZn8xvCLnac1luvNU
KUM+A7Ro93gO4kzl4EhPtvsz5TW4pq8Y8hzOj8x/VZrLBsbDTiWwLP05IdNoLDWy
aJxEaYQI4XgmId1aUyeA9rJppciUttaVR3DE/OtOeB2Kmb57hll+f0fgqnAcn8oV
J9Dn2gBPk8UiHq9e+R0cqaskbwGGrDRURLUwFMPl64rJPeA4PgcPP2+0X1Zllngv
BuaCi5etDiFqndt0ZRotQKo6xLBKSpkmBjTOv4utsG/OenQ0oMRXQe4VkX5brIUK
CH/rUPK4zdRaEaaH5HEmS+reYJKhOLZx5qwFqiWZZT3L1uXcANjCCeiW8FjpKDQ=
-----END CERTIFICATE-----