Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/AHXE5zE6Dibj4vBuyqtjH9izM0A.roa
File:                     AHXE5zE6Dibj4vBuyqtjH9izM0A.roa (raw, json)
Hash identifier:          FuRo5Hu4yhUEnyMQZkyeyKvJXWvWU2jVjkpwh+ACVy4=
Subject key identifier:   00:75:C4:E7:31:3A:0E:26:E3:E2:F0:6E:CA:AB:63:1F:D8:B3:33:40
Certificate issuer:       /CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
Certificate serial:       019C56DB2B333B1C32F05F414A9EAF60FE06
Authority key identifier: 55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/AHXE5zE6Dibj4vBuyqtjH9izM0A.roa
Signing time:             Fri 13 Feb 2026 11:55:29 +0000
ROA not before:           Fri 13 Feb 2026 11:55:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        64.255.25.0/24 maxlen: 24
                          208.92.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:db:2b:33:3b:1c:32:f0:5f:41:4a:9e:af:60:fe:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
        Validity
            Not Before: Feb 13 11:55:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0075c4e7313a0e26e3e2f06ecaab631fd8b33340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b3:cf:84:91:e2:0b:36:44:71:9b:85:75:13:
                    a6:b1:18:26:32:a7:14:e8:2f:1e:4c:07:b7:15:d1:
                    f6:b4:87:10:0f:13:13:c0:86:1d:77:49:79:23:ea:
                    db:e4:91:27:54:72:1f:39:65:f8:fd:3c:78:d6:90:
                    0e:72:af:40:e4:79:14:67:46:cf:70:b3:64:40:b9:
                    28:03:ed:ea:f3:44:94:df:36:d9:05:d7:70:b2:11:
                    1e:d6:1b:02:d2:a4:d0:bd:ed:7d:c9:db:44:f2:4f:
                    17:3c:b0:8f:4a:03:17:e2:f5:cc:28:e8:be:78:6e:
                    f4:94:43:16:91:43:2b:c3:64:12:6e:33:12:af:f5:
                    39:10:0e:b1:e6:de:f5:7e:18:fa:a3:16:b1:13:1d:
                    81:cc:10:e0:24:7c:96:67:24:50:9a:94:88:65:78:
                    e5:ca:c0:6a:68:0c:65:dc:68:a5:1b:25:bf:5b:e2:
                    cd:8b:8d:b8:da:da:92:97:ed:49:c5:d2:b5:c8:d8:
                    65:ce:5f:c6:7d:9d:36:92:07:b7:d7:81:9d:34:07:
                    ef:75:63:ac:ce:9a:c1:30:82:dc:90:19:72:eb:e4:
                    19:13:98:25:f5:36:c8:53:74:dc:78:04:88:f7:b9:
                    73:6b:e7:40:80:b2:8a:1d:52:2f:4a:44:d2:20:21:
                    ad:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:75:C4:E7:31:3A:0E:26:E3:E2:F0:6E:CA:AB:63:1F:D8:B3:33:40
            X509v3 Authority Key Identifier:
                keyid:55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/AHXE5zE6Dibj4vBuyqtjH9izM0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.255.25.0/24
                  208.92.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7e:62:78:dc:3b:f0:73:48:1a:31:f3:a7:54:f1:a7:bb:50:
         31:48:c5:06:92:51:f2:47:26:f1:87:55:34:86:14:37:32:6e:
         89:2b:1b:27:e6:a2:46:9c:cc:71:47:2e:c7:1e:e7:78:7a:0c:
         05:4e:00:b9:e6:fd:45:7c:c2:3e:c1:81:5f:9b:b3:2b:7f:9a:
         93:90:c1:35:79:96:d6:34:f0:ba:74:b6:01:bb:bb:c9:6e:95:
         d0:35:21:fb:51:fa:a2:73:79:a9:dd:bd:17:76:c8:a1:04:94:
         7e:00:fc:7f:dc:1a:6b:1d:b0:52:56:2e:e1:05:70:be:d4:42:
         4b:b3:d4:29:af:20:61:8c:93:a3:2e:87:6f:c3:1e:ee:d2:6b:
         a2:99:c4:27:50:c8:38:45:36:64:7e:82:51:52:f5:a6:d9:0a:
         a3:5d:02:18:ce:70:39:ee:86:a2:6c:f3:5a:b0:c2:59:57:b3:
         d1:db:43:4c:4d:e0:10:b0:a5:71:69:0e:8e:77:de:19:33:2d:
         7b:80:25:97:0a:66:fd:23:84:6a:22:3c:2e:41:02:e9:ac:bd:
         a0:2d:2a:7b:0b:54:15:95:a7:c4:e4:57:7d:a5:cf:9b:e7:53:
         55:bc:55:c7:ad:7e:33:8b:3b:bd:85:54:35:69:09:1d:69:a9:
         fa:e2:d3:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxW2yszOxwy8F9BSp6vYP4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YzliMjAyNWUwZTY5NTgwOGY2YjYxZWUyNzZhZWQ0ZmI1
NjgwY2QwHhcNMjYwMjEzMTE1NTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDc1YzRlNzMxM2EwZTI2ZTNlMmYwNmVjYWFiNjMxZmQ4YjMzMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7PPhJHiCzZEcZuFdROmsRgmMqcU
6C8eTAe3FdH2tIcQDxMTwIYdd0l5I+rb5JEnVHIfOWX4/Tx41pAOcq9A5HkUZ0bP
cLNkQLkoA+3q80SU3zbZBddwshEe1hsC0qTQve19ydtE8k8XPLCPSgMX4vXMKOi+
eG70lEMWkUMrw2QSbjMSr/U5EA6x5t71fhj6oxaxEx2BzBDgJHyWZyRQmpSIZXjl
ysBqaAxl3GilGyW/W+LNi4242tqSl+1JxdK1yNhlzl/GfZ02kge314GdNAfvdWOs
zprBMILckBly6+QZE5gl9TbIU3TceASI97lza+dAgLKKHVIvSkTSICGt4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAB1xOcxOg4m4+LwbsqrYx/YszNAMB8GA1UdIwQY
MBaAFFXJsgJeDmlYCPa2HuJ2rtT7VoDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUt
NzFiZTBkNTE5MTlkLzEvQUhYRTV6RTZEaWJqNHZCdXlxdGpIOWl6TTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUtNzFiZTBkNTE5MTlk
LzEvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAQP8ZAwQA
0FzjMA0GCSqGSIb3DQEBCwUAA4IBAQAgfmJ43Dvwc0gaMfOnVPGnu1AxSMUGklHy
Rybxh1U0hhQ3Mm6JKxsn5qJGnMxxRy7HHud4egwFTgC55v1FfMI+wYFfm7Mrf5qT
kME1eZbWNPC6dLYBu7vJbpXQNSH7Ufqic3mp3b0XdsihBJR+APx/3BprHbBSVi7h
BXC+1EJLs9QpryBhjJOjLodvwx7u0muimcQnUMg4RTZkfoJRUvWm2QqjXQIYznA5
7oaibPNasMJZV7PR20NMTeAQsKVxaQ6Od94ZMy17gCWXCmb9I4RqIjwuQQLprL2g
LSp7C1QVlafE5Fd9pc+b51NVvFXHrX4zizu9hVQ1aQkdaan64tPM
-----END CERTIFICATE-----