Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/Ahsz-tNL3LF_YjxGflfsbWY2EXY.roa
File:                     Ahsz-tNL3LF_YjxGflfsbWY2EXY.roa (raw, json)
Hash identifier:          IDB823/zK/udBkADZfcrEWPlrqEtUTwrSKR6Szbuvag=
Subject key identifier:   02:1B:33:FA:D3:4B:DC:B1:7F:62:3C:46:7E:57:EC:6D:66:36:11:76
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019C634EC7F7741E030AEC0B16194DE9449D
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/Ahsz-tNL3LF_YjxGflfsbWY2EXY.roa
Signing time:             Sun 15 Feb 2026 21:57:13 +0000
ROA not before:           Sun 15 Feb 2026 21:57:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213243
IP address blocks:        131.222.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:51:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:63:4e:c7:f7:74:1e:03:0a:ec:0b:16:19:4d:e9:44:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Feb 15 21:57:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=021b33fad34bdcb17f623c467e57ec6d66361176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:71:61:77:7f:df:bf:a5:79:52:2f:07:b9:ce:
                    d2:95:10:da:92:cb:41:a0:cc:e0:66:25:b8:8b:ac:
                    73:b8:4a:c6:9e:2e:cb:ac:a9:03:25:8f:c1:1b:bf:
                    48:c3:f9:43:cb:a5:36:fb:aa:23:6d:64:b0:8a:7b:
                    63:9f:9b:48:87:b3:26:15:76:b8:a0:cc:12:cd:a9:
                    78:7f:49:50:5d:0e:86:bd:53:b6:29:e2:06:77:9e:
                    38:4f:6a:f0:c9:a6:d6:10:a4:00:12:e6:16:5e:09:
                    ac:b8:c5:50:a7:e5:28:23:41:df:f0:67:e2:b8:e2:
                    2c:d1:c5:67:3b:86:25:a7:c1:73:93:ee:b4:4e:73:
                    4f:58:e6:d8:fb:54:f2:e0:4b:fc:d6:58:bf:89:23:
                    6e:5d:23:7d:04:38:ec:45:ea:26:a7:cc:e6:e0:81:
                    b9:31:1f:7c:4a:66:b8:eb:d7:68:93:12:76:92:8e:
                    87:02:33:92:9d:37:ef:60:ad:15:e1:59:b8:fc:ad:
                    2e:05:d6:e3:1e:57:76:61:49:42:f1:11:ba:bd:57:
                    02:93:ff:8a:88:9d:cc:78:bf:12:de:16:60:cf:29:
                    c2:dc:fe:9a:2a:61:d1:ba:4f:34:f9:2e:60:7d:18:
                    a3:bb:f9:38:5e:3b:6a:74:99:00:b6:83:23:b9:70:
                    fb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:1B:33:FA:D3:4B:DC:B1:7F:62:3C:46:7E:57:EC:6D:66:36:11:76
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/Ahsz-tNL3LF_YjxGflfsbWY2EXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:1e:60:10:dd:a4:94:5a:6b:f0:fb:eb:8c:16:b0:4a:b5:b6:
         f8:b2:0c:03:4d:66:37:ee:2a:03:76:27:a6:ac:f9:cb:16:a3:
         84:ad:c8:e2:04:a6:e0:61:d0:2d:f4:2c:86:47:c1:55:6b:45:
         95:40:70:69:03:4a:d8:d4:4b:a8:32:75:e5:1f:4a:97:00:12:
         61:a1:4b:8a:17:06:33:3c:f8:9a:0e:09:3c:db:6c:21:43:56:
         25:fe:a0:08:7d:7c:7b:a2:37:d3:fb:e4:24:b0:e4:a5:96:81:
         04:46:e3:30:5f:2c:3e:12:dc:35:66:aa:8e:04:fe:20:10:e0:
         90:d9:a1:bb:8a:c4:3e:84:d6:17:de:29:63:f5:4d:03:9f:35:
         f4:d0:29:33:16:77:bc:ff:6d:89:24:c2:20:ad:dc:0e:c7:ed:
         e6:4b:7a:65:b7:2a:ce:c3:fe:03:88:78:d6:0e:d0:aa:90:b5:
         ca:8d:15:d0:13:39:67:72:6f:ba:af:76:aa:6d:43:97:13:c4:
         90:18:75:13:12:34:84:d9:bd:42:90:05:52:5a:44:87:77:b9:
         f1:c4:53:9e:62:79:58:e5:1f:8d:2f:21:9e:c6:38:c8:0a:60:
         09:5c:d4:9c:05:9a:07:cc:b6:d2:ef:c7:37:e7:87:6d:89:57:
         36:93:cd:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxjTsf3dB4DCuwLFhlN6USdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwMjE1MjE1NzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjFiMzNmYWQzNGJkY2IxN2Y2MjNjNDY3ZTU3ZWM2ZDY2MzYxMTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3Fhd3/fv6V5Ui8Huc7SlRDakstB
oMzgZiW4i6xzuErGni7LrKkDJY/BG79Iw/lDy6U2+6ojbWSwintjn5tIh7MmFXa4
oMwSzal4f0lQXQ6GvVO2KeIGd544T2rwyabWEKQAEuYWXgmsuMVQp+UoI0Hf8Gfi
uOIs0cVnO4Ylp8Fzk+60TnNPWObY+1Ty4Ev81li/iSNuXSN9BDjsReomp8zm4IG5
MR98Sma469dokxJ2ko6HAjOSnTfvYK0V4Vm4/K0uBdbjHld2YUlC8RG6vVcCk/+K
iJ3MeL8S3hZgzynC3P6aKmHRuk80+S5gfRiju/k4XjtqdJkAtoMjuXD7qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIbM/rTS9yxf2I8Rn5X7G1mNhF2MB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvQWhzei10TkwzTEZfWWp4R2ZsZnNiV1kyRVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg97hMA0G
CSqGSIb3DQEBCwUAA4IBAQBAHmAQ3aSUWmvw++uMFrBKtbb4sgwDTWY37ioDdiem
rPnLFqOErcjiBKbgYdAt9CyGR8FVa0WVQHBpA0rY1EuoMnXlH0qXABJhoUuKFwYz
PPiaDgk822whQ1Yl/qAIfXx7ojfT++QksOSlloEERuMwXyw+Etw1ZqqOBP4gEOCQ
2aG7isQ+hNYX3ilj9U0DnzX00CkzFne8/22JJMIgrdwOx+3mS3pltyrOw/4DiHjW
DtCqkLXKjRXQEzlncm+6r3aqbUOXE8SQGHUTEjSE2b1CkAVSWkSHd7nxxFOeYnlY
5R+NLyGexjjICmAJXNScBZoHzLbS78c354dtiVc2k80V
-----END CERTIFICATE-----