Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/TexkHOYGvEdIsxWas1n6VS_EWD0.roa
File:                     TexkHOYGvEdIsxWas1n6VS_EWD0.roa (raw, json)
Hash identifier:          MqqBSFeAaXjKG1keANcdqoOvhNiW8htmFOIZhJcOQgA=
Subject key identifier:   4D:EC:64:1C:E6:06:BC:47:48:B3:15:9A:B3:59:FA:55:2F:C4:58:3D
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       019C9B376ECCCF55CEA3A820A4065DCDA8B1
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/TexkHOYGvEdIsxWas1n6VS_EWD0.roa
Signing time:             Thu 26 Feb 2026 18:30:27 +0000
ROA not before:           Thu 26 Feb 2026 18:30:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26042
IP address blocks:        185.240.238.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9b:37:6e:cc:cf:55:ce:a3:a8:20:a4:06:5d:cd:a8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Feb 26 18:30:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4dec641ce606bc4748b3159ab359fa552fc4583d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:54:c2:6d:2e:5e:8d:e6:14:e6:d0:c2:5a:a0:
                    f1:63:f3:7f:15:f2:42:fc:3b:20:4e:d1:9a:aa:7a:
                    30:3b:3a:a9:03:3a:c3:af:27:c1:16:7e:a9:94:8d:
                    44:25:33:29:e1:5b:de:ef:f2:1d:18:d7:d1:86:94:
                    db:54:ec:3e:6f:26:b1:91:2e:69:a8:85:d7:4a:2c:
                    46:56:19:b6:b3:43:97:f4:a0:bf:17:a5:fe:d6:ba:
                    51:41:cc:38:c9:3f:23:af:36:4b:be:ed:7b:50:11:
                    b8:b9:67:20:be:d6:6a:93:63:b5:cc:ee:73:d9:1d:
                    05:a7:27:63:4c:49:f3:15:6b:5a:aa:5e:3c:73:c4:
                    32:d0:63:66:b5:84:6d:eb:47:3d:cd:12:c9:66:92:
                    9a:8c:b9:1c:4c:8e:8f:cf:3e:74:10:84:d8:6b:a4:
                    20:6a:e4:8d:f5:b7:b8:9f:4a:f2:c6:fd:a8:bc:f4:
                    da:f5:a2:09:b7:5b:2e:8d:2b:a2:43:95:c8:48:ae:
                    d5:98:42:ac:6f:3f:9f:dc:0b:9f:ee:09:a2:4a:91:
                    33:81:ad:be:62:5a:37:b6:5b:ac:45:79:53:83:90:
                    e2:65:39:0f:ab:e4:36:0f:d3:ca:9a:0b:c9:b0:dc:
                    f2:ff:04:5d:14:7f:e2:26:07:77:f7:20:9c:69:2d:
                    c8:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EC:64:1C:E6:06:BC:47:48:B3:15:9A:B3:59:FA:55:2F:C4:58:3D
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/TexkHOYGvEdIsxWas1n6VS_EWD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:5f:aa:d7:ba:2c:8f:26:e9:b9:30:8a:4b:59:3b:ac:27:fe:
         97:14:ce:df:b6:01:eb:68:0a:0c:2a:37:bf:3f:3e:27:2d:d5:
         7f:75:1f:fb:5b:7a:85:f8:37:9c:40:1a:a0:e2:c4:d2:35:0e:
         6e:a6:86:db:26:6c:52:4b:69:12:a1:3f:21:0a:a8:2f:ab:48:
         ec:e9:02:ee:32:fd:9d:f2:81:b9:83:55:c6:f6:9e:ab:09:08:
         85:74:92:a6:77:96:48:4c:85:d2:54:ea:a9:3a:28:69:f2:a2:
         b7:87:b9:35:3e:0d:ed:bd:76:7b:b5:90:d8:56:ab:da:58:be:
         ff:58:75:83:3f:62:4e:ab:ed:29:aa:24:c2:75:bb:da:8a:1e:
         9c:c8:7f:3e:2a:99:45:c6:50:ee:f3:60:6e:50:07:a3:4b:9c:
         a6:ec:db:01:00:27:2a:f4:6f:ed:5b:47:5a:cf:14:1d:55:82:
         cf:4d:bf:86:40:8c:6c:93:83:cc:98:f4:a1:6c:79:fa:0b:f2:
         72:3f:1c:fc:3d:2b:82:62:02:e5:9b:7b:8a:ac:c3:51:cd:74:
         ef:62:e1:df:31:3f:7a:54:08:8f:02:c0:62:f7:1e:ce:8b:83:
         ac:72:8c:a9:3f:4c:b6:24:8f:9a:18:62:c4:91:3f:e9:53:d1:
         ad:b0:b8:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZybN27Mz1XOo6ggpAZdzaixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjYwMjI2MTgzMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGVjNjQxY2U2MDZiYzQ3NDhiMzE1OWFiMzU5ZmE1NTJmYzQ1ODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFTCbS5ejeYU5tDCWqDxY/N/FfJC
/DsgTtGaqnowOzqpAzrDryfBFn6plI1EJTMp4Vve7/IdGNfRhpTbVOw+byaxkS5p
qIXXSixGVhm2s0OX9KC/F6X+1rpRQcw4yT8jrzZLvu17UBG4uWcgvtZqk2O1zO5z
2R0FpydjTEnzFWtaql48c8Qy0GNmtYRt60c9zRLJZpKajLkcTI6Pzz50EITYa6Qg
auSN9be4n0ryxv2ovPTa9aIJt1sujSuiQ5XISK7VmEKsbz+f3Auf7gmiSpEzga2+
Ylo3tlusRXlTg5DiZTkPq+Q2D9PKmgvJsNzy/wRdFH/iJgd39yCcaS3I8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3sZBzmBrxHSLMVmrNZ+lUvxFg9MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvVGV4a0hPWUd2RWRJc3hXYXMxbjZWU19FV0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufDuMA0G
CSqGSIb3DQEBCwUAA4IBAQCnX6rXuiyPJum5MIpLWTusJ/6XFM7ftgHraAoMKje/
Pz4nLdV/dR/7W3qF+DecQBqg4sTSNQ5upobbJmxSS2kSoT8hCqgvq0js6QLuMv2d
8oG5g1XG9p6rCQiFdJKmd5ZITIXSVOqpOihp8qK3h7k1Pg3tvXZ7tZDYVqvaWL7/
WHWDP2JOq+0pqiTCdbvaih6cyH8+KplFxlDu82BuUAejS5ym7NsBACcq9G/tW0da
zxQdVYLPTb+GQIxsk4PMmPShbHn6C/JyPxz8PSuCYgLlm3uKrMNRzXTvYuHfMT96
VAiPAsBi9x7Oi4OscoypP0y2JI+aGGLEkT/pU9GtsLhp
-----END CERTIFICATE-----