Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/XIHqllXiQ75dwiTpm0BLVs13ydc.roa
File:                     XIHqllXiQ75dwiTpm0BLVs13ydc.roa (raw, json)
Hash identifier:          rq4fzIyxgD0rSmb8ZDZH7Qipo9yBXOQk9IG67zBkkr8=
Subject key identifier:   5C:81:EA:96:55:E2:43:BE:5D:C2:24:E9:9B:40:4B:56:CD:77:C9:D7
Certificate issuer:       /CN=e40b16d369ad27ced85499465328f095b155f431
Certificate serial:       019C6BBBC21A2854E54F549BB9B6BA805B42
Authority key identifier: E4:0B:16:D3:69:AD:27:CE:D8:54:99:46:53:28:F0:95:B1:55:F4:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5AsW02mtJ87YVJlGUyjwlbFV9DE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/XIHqllXiQ75dwiTpm0BLVs13ydc.roa
Signing time:             Tue 17 Feb 2026 13:13:12 +0000
ROA not before:           Tue 17 Feb 2026 13:13:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64289
IP address blocks:        185.225.24.0/24 maxlen: 24
                          185.225.26.0/24 maxlen: 24
                          192.189.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/5AsW02mtJ87YVJlGUyjwlbFV9DE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/5AsW02mtJ87YVJlGUyjwlbFV9DE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5AsW02mtJ87YVJlGUyjwlbFV9DE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:bb:c2:1a:28:54:e5:4f:54:9b:b9:b6:ba:80:5b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e40b16d369ad27ced85499465328f095b155f431
        Validity
            Not Before: Feb 17 13:13:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c81ea9655e243be5dc224e99b404b56cd77c9d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d8:10:10:66:39:d5:c5:44:45:6c:97:7e:17:
                    5f:8e:b1:0c:de:69:a7:2f:9d:a8:a5:ec:62:9f:44:
                    59:d4:6d:f8:b7:07:81:fe:fe:55:8b:e9:6e:b6:1c:
                    3a:19:5c:8f:06:11:9f:2a:8a:b7:4f:68:b3:f7:ff:
                    ca:2a:eb:61:d4:b1:0a:2c:d3:88:7e:15:71:11:c3:
                    f5:be:ea:05:70:10:0f:29:ae:7f:c3:15:b3:85:88:
                    2d:75:51:c5:e0:41:8c:e2:7d:23:8d:ef:ce:81:e1:
                    57:3d:ff:38:f7:4c:8a:5e:1a:ee:ff:d0:49:61:5e:
                    bb:a2:aa:35:a4:ed:d0:5c:ff:a5:d7:0e:02:f7:0b:
                    55:16:ec:ff:7e:19:d0:79:d5:32:37:8f:8e:f1:87:
                    09:71:77:cc:34:dc:45:8b:e6:b1:1a:59:6f:6c:fd:
                    7e:d1:41:e8:5c:d9:18:62:51:65:63:07:7b:44:80:
                    c2:45:f6:0f:e5:2e:54:54:a9:26:7e:8c:67:71:5b:
                    1e:d0:53:a6:4d:1b:df:7a:61:a6:9c:18:c1:26:ca:
                    c9:1b:e7:7e:38:7d:35:fa:be:1a:cf:30:f6:43:80:
                    38:50:4d:17:7b:c7:8e:2f:31:93:28:c0:4c:4b:91:
                    e6:b9:ec:16:32:17:22:62:d1:a0:a0:c8:6d:ed:0f:
                    8a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:81:EA:96:55:E2:43:BE:5D:C2:24:E9:9B:40:4B:56:CD:77:C9:D7
            X509v3 Authority Key Identifier:
                keyid:E4:0B:16:D3:69:AD:27:CE:D8:54:99:46:53:28:F0:95:B1:55:F4:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5AsW02mtJ87YVJlGUyjwlbFV9DE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/XIHqllXiQ75dwiTpm0BLVs13ydc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/5AsW02mtJ87YVJlGUyjwlbFV9DE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.24.0/24
                  185.225.26.0/24
                  192.189.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:41:5a:e1:63:d8:7d:1a:79:90:d1:5d:c0:fe:2b:2c:46:64:
         d4:fb:84:b5:b9:8b:e9:5e:b1:b8:cf:77:ee:e9:11:c0:ee:55:
         5e:87:73:4c:66:ee:3c:f0:83:a7:37:f4:f2:83:37:af:ea:63:
         3e:f9:bf:7e:a8:c1:56:e6:1b:4e:74:4e:f1:2b:36:36:b7:66:
         55:20:b5:47:ff:9f:7d:76:fb:62:a4:e4:45:a8:ff:64:22:12:
         dc:90:49:d0:5b:f3:ba:65:c8:07:2a:30:4a:56:2b:1d:b5:17:
         70:15:a7:11:47:12:87:fc:05:df:aa:e3:87:1b:bf:00:d9:84:
         28:5a:0a:97:5b:44:72:3f:a2:1e:15:a7:ae:9c:ee:05:9d:b0:
         d9:97:ca:65:c4:31:f3:7c:59:e2:75:3c:35:23:94:e8:a2:94:
         ba:fe:dc:cc:c6:0b:f4:cc:fe:5a:73:7e:b5:37:3c:e4:cd:9f:
         b3:3a:77:32:a1:91:d4:78:d1:73:0b:b4:19:77:7c:b9:7a:18:
         9a:8c:e2:99:f1:12:8d:53:62:e0:0f:9d:b8:66:50:35:b8:32:
         ae:ef:21:f8:8f:c4:72:fd:ed:8f:40:79:f3:d8:ad:75:9a:73:
         70:92:35:38:db:bc:91:04:d4:24:d4:8c:89:0b:79:8e:f4:f2:
         0c:a1:4d:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZxru8IaKFTlT1Sbuba6gFtCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0MGIxNmQzNjlhZDI3Y2VkODU0OTk0NjUzMjhmMDk1YjE1
NWY0MzEwHhcNMjYwMjE3MTMxMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzgxZWE5NjU1ZTI0M2JlNWRjMjI0ZTk5YjQwNGI1NmNkNzdjOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtgQEGY51cVERWyXfhdfjrEM3mmn
L52opexin0RZ1G34tweB/v5Vi+luthw6GVyPBhGfKoq3T2iz9//KKuth1LEKLNOI
fhVxEcP1vuoFcBAPKa5/wxWzhYgtdVHF4EGM4n0jje/OgeFXPf8490yKXhru/9BJ
YV67oqo1pO3QXP+l1w4C9wtVFuz/fhnQedUyN4+O8YcJcXfMNNxFi+axGllvbP1+
0UHoXNkYYlFlYwd7RIDCRfYP5S5UVKkmfoxncVse0FOmTRvfemGmnBjBJsrJG+d+
OH01+r4azzD2Q4A4UE0Xe8eOLzGTKMBMS5HmuewWMhciYtGgoMht7Q+KYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFyB6pZV4kO+XcIk6ZtAS1bNd8nXMB8GA1UdIwQY
MBaAFOQLFtNprSfO2FSZRlMo8JWxVfQxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUFzVzAybXRKODdZVkpsR1V5andsYkZWOURFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8xNWNiNTEtNGNlYS00NWUzLWE3NjAt
MDM3MWQ0YjQ1NDdhLzEvWElIcWxsWGlRNzVkd2lUcG0wQkxWczEzeWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8xNWNiNTEtNGNlYS00NWUzLWE3NjAtMDM3MWQ0YjQ1NDdh
LzEvNUFzVzAybXRKODdZVkpsR1V5andsYkZWOURFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAueEYAwQA
ueEaAwQAwL2dMA0GCSqGSIb3DQEBCwUAA4IBAQBSQVrhY9h9GnmQ0V3A/issRmTU
+4S1uYvpXrG4z3fu6RHA7lVeh3NMZu488IOnN/Tygzev6mM++b9+qMFW5htOdE7x
KzY2t2ZVILVH/599dvtipORFqP9kIhLckEnQW/O6ZcgHKjBKVisdtRdwFacRRxKH
/AXfquOHG78A2YQoWgqXW0RyP6IeFaeunO4FnbDZl8plxDHzfFnidTw1I5ToopS6
/tzMxgv0zP5ac361NzzkzZ+zOncyoZHUeNFzC7QZd3y5ehiajOKZ8RKNU2LgD524
ZlA1uDKu7yH4j8Ry/e2PQHnz2K11mnNwkjU427yRBNQk1IyJC3mO9PIMoU1u
-----END CERTIFICATE-----