Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/UxHa9CwfyUNcEMddAzjF5IIGwfI.roa
File:                     UxHa9CwfyUNcEMddAzjF5IIGwfI.roa (raw, json)
Hash identifier:          A6K+jWpq319pF8WoU4ihgIYUTFe83gei8E3ozN90KX8=
Subject key identifier:   53:11:DA:F4:2C:1F:C9:43:5C:10:C7:5D:03:38:C5:E4:82:06:C1:F2
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019C8510A89E0E02245A41A30E414BBC43C2
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/UxHa9CwfyUNcEMddAzjF5IIGwfI.roa
Signing time:             Sun 22 Feb 2026 11:16:27 +0000
ROA not before:           Sun 22 Feb 2026 11:16:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200817
IP address blocks:        131.222.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:85:10:a8:9e:0e:02:24:5a:41:a3:0e:41:4b:bc:43:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Feb 22 11:16:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5311daf42c1fc9435c10c75d0338c5e48206c1f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:08:8f:0f:06:a1:9e:59:bc:41:1b:0c:41:85:
                    6c:91:d0:13:2d:90:ec:64:62:d9:3c:12:4a:a4:89:
                    0f:1e:dc:25:73:6c:fd:b0:84:f6:32:3b:ed:ca:df:
                    25:6c:02:9a:07:ea:cc:cc:d2:b1:1e:04:a7:e5:96:
                    ed:af:64:4c:1b:f3:b6:80:18:2f:b0:41:2c:f0:b0:
                    11:cf:e4:1c:f1:55:4f:6d:5b:16:06:0a:d9:b4:a1:
                    c5:39:22:18:15:95:e5:f9:dd:7e:d1:00:ac:3d:46:
                    21:4c:3b:78:84:72:79:32:de:0d:71:8e:f7:dc:59:
                    09:82:37:dd:26:76:7c:2d:b8:3b:b6:12:5e:1c:04:
                    e7:02:22:7d:84:9a:7a:a1:f9:53:8b:9c:d5:80:32:
                    c9:5e:07:0c:b9:bf:56:75:ef:b5:ce:5b:2c:34:20:
                    d1:06:a3:e5:55:58:1d:11:d1:3f:91:b7:50:ed:bb:
                    30:1e:53:74:9a:b0:a4:58:f1:84:2e:22:66:ae:68:
                    3e:63:3a:b8:f9:82:78:a2:ac:6e:fd:8e:16:1d:3b:
                    2a:94:0a:c9:36:50:d3:d2:14:b6:0a:28:d6:cd:2d:
                    2f:e0:55:51:52:57:4c:03:0d:49:b1:87:84:2e:67:
                    eb:d3:48:7a:13:44:11:34:8a:21:eb:98:0e:75:52:
                    a9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:11:DA:F4:2C:1F:C9:43:5C:10:C7:5D:03:38:C5:E4:82:06:C1:F2
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/UxHa9CwfyUNcEMddAzjF5IIGwfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:89:6f:10:c0:11:03:27:f7:d7:23:4b:c5:95:02:71:ec:c0:
         8e:07:72:5c:8f:cd:8a:ba:17:92:bd:f4:f7:88:3a:a7:db:f5:
         7d:73:69:69:b5:dc:34:b8:1d:be:27:d2:8f:cd:19:95:30:3f:
         53:33:99:9a:c6:4b:dd:d5:d1:84:77:4f:43:5c:41:55:9a:ca:
         2e:30:6b:df:fb:b5:f6:19:cb:ec:3f:c8:e8:80:5f:ec:49:dd:
         44:3f:92:9c:a2:4c:c3:e4:d9:5b:51:8a:c1:57:df:36:27:fe:
         8c:da:ec:06:5d:93:7e:4e:12:30:8e:87:ff:91:ff:cd:4d:f2:
         04:13:f5:95:78:e1:35:d7:42:ae:bd:64:a8:8b:9c:f6:43:84:
         78:fd:e2:57:55:50:bf:04:15:68:c1:9b:c3:b6:8b:16:48:a9:
         29:ff:92:44:d1:92:54:3c:9c:de:d6:a8:0e:23:5a:b7:8e:58:
         4d:97:a7:fc:9c:42:95:34:06:06:3c:a2:f0:77:18:8d:af:9b:
         69:3a:90:6a:96:8c:ef:8b:bc:af:b7:26:37:5b:b2:2a:81:c3:
         53:a4:30:17:41:f6:1e:00:41:c8:69:5e:06:89:dc:a0:c6:ea:
         53:e9:81:04:ad:c4:4b:7a:62:cf:4a:48:61:7f:fa:8e:3a:db:
         48:b5:8b:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyFEKieDgIkWkGjDkFLvEPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwMjIyMTExNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzExZGFmNDJjMWZjOTQzNWMxMGM3NWQwMzM4YzVlNDgyMDZjMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgiPDwahnlm8QRsMQYVskdATLZDs
ZGLZPBJKpIkPHtwlc2z9sIT2Mjvtyt8lbAKaB+rMzNKxHgSn5Zbtr2RMG/O2gBgv
sEEs8LARz+Qc8VVPbVsWBgrZtKHFOSIYFZXl+d1+0QCsPUYhTDt4hHJ5Mt4NcY73
3FkJgjfdJnZ8Lbg7thJeHATnAiJ9hJp6oflTi5zVgDLJXgcMub9Wde+1zlssNCDR
BqPlVVgdEdE/kbdQ7bswHlN0mrCkWPGELiJmrmg+Yzq4+YJ4oqxu/Y4WHTsqlArJ
NlDT0hS2CijWzS0v4FVRUldMAw1JsYeELmfr00h6E0QRNIoh65gOdVKpPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMR2vQsH8lDXBDHXQM4xeSCBsHyMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvVXhIYTlDd2Z5VU5jRU1kZEF6akY1SUlHd2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg97iMA0G
CSqGSIb3DQEBCwUAA4IBAQBDiW8QwBEDJ/fXI0vFlQJx7MCOB3Jcj82KuheSvfT3
iDqn2/V9c2lptdw0uB2+J9KPzRmVMD9TM5maxkvd1dGEd09DXEFVmsouMGvf+7X2
GcvsP8jogF/sSd1EP5KcokzD5NlbUYrBV982J/6M2uwGXZN+ThIwjof/kf/NTfIE
E/WVeOE110KuvWSoi5z2Q4R4/eJXVVC/BBVowZvDtosWSKkp/5JE0ZJUPJze1qgO
I1q3jlhNl6f8nEKVNAYGPKLwdxiNr5tpOpBqlozvi7yvtyY3W7IqgcNTpDAXQfYe
AEHIaV4GidygxupT6YEErcRLemLPSkhhf/qOOttItYsj
-----END CERTIFICATE-----