Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/yFq332nWFdiqD5k33xmPlYMI9Po.roa
File:                     yFq332nWFdiqD5k33xmPlYMI9Po.roa (raw, json)
Hash identifier:          EtwbF3PSgqJjlOdjql8GO41noLHKBbeJXtlCFsZpbMg=
Subject key identifier:   C8:5A:B7:DF:69:D6:15:D8:AA:0F:99:37:DF:19:8F:95:83:08:F4:FA
Certificate issuer:       /CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
Certificate serial:       019C56DB2AEB3CED8D215959626FB453B3BB
Authority key identifier: 55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/yFq332nWFdiqD5k33xmPlYMI9Po.roa
Signing time:             Fri 13 Feb 2026 11:55:29 +0000
ROA not before:           Fri 13 Feb 2026 11:55:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26383
IP address blocks:        208.92.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:56:db:2a:eb:3c:ed:8d:21:59:59:62:6f:b4:53:b3:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
        Validity
            Not Before: Feb 13 11:55:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c85ab7df69d615d8aa0f9937df198f958308f4fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:00:d3:ea:75:04:38:19:be:e1:cf:db:7c:80:
                    20:e5:38:95:38:98:da:39:2d:f7:16:5c:95:ce:b0:
                    08:1b:73:46:7f:f2:14:a8:40:f5:28:76:0d:23:d8:
                    fe:12:8a:bb:cc:22:dd:f0:50:2f:29:ff:5a:6a:71:
                    34:9b:33:fb:8e:0d:8c:be:6f:ac:63:e2:4c:f5:39:
                    55:cb:65:b5:2d:f0:69:43:e4:a3:58:74:9a:4d:7a:
                    0d:ab:09:20:3e:ac:a8:7b:b5:41:e6:06:e8:16:07:
                    87:37:8b:b5:5c:f0:e7:dc:db:91:41:97:d4:d0:47:
                    d9:c6:8b:af:b1:2a:0c:c9:5b:63:bf:14:f2:d1:06:
                    fd:fd:e7:f5:b8:ad:e5:84:34:7d:3d:cf:19:c5:84:
                    80:97:0b:87:5f:58:20:e9:f1:6a:8a:45:70:aa:d8:
                    d0:60:dc:59:5f:d7:b4:8f:f4:d7:04:cb:86:0a:d5:
                    01:3f:b1:64:16:1b:54:1e:b0:ad:72:78:2e:8a:b5:
                    98:fb:7d:ba:e0:ff:14:39:da:77:83:b1:f4:a2:a5:
                    00:a1:08:af:c6:36:85:19:37:e9:22:91:63:fe:56:
                    a9:70:cc:c6:7b:63:fb:1b:89:44:82:66:c3:5a:74:
                    e7:a4:a8:12:2b:4d:17:69:70:91:d8:24:58:75:6d:
                    95:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:5A:B7:DF:69:D6:15:D8:AA:0F:99:37:DF:19:8F:95:83:08:F4:FA
            X509v3 Authority Key Identifier:
                keyid:55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/yFq332nWFdiqD5k33xmPlYMI9Po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.92.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:15:0f:3d:09:27:86:d9:ed:44:82:9f:43:af:4c:c9:e0:6b:
         ed:77:28:4d:f8:65:f3:ca:2d:6e:a9:92:cb:45:5f:6b:b2:e0:
         c5:1a:ed:20:77:aa:f6:61:83:20:f4:c4:a5:d4:e7:cc:c2:88:
         93:27:43:41:e8:1c:62:4a:f1:e4:e8:21:b5:b8:12:c3:fc:92:
         23:bb:05:d0:a5:b9:a2:93:cd:ff:3e:8f:f1:0c:4d:ce:f4:83:
         bb:30:fb:e0:60:a0:c5:c8:4d:73:8c:7b:fd:09:2d:c8:26:9b:
         b4:25:50:cd:db:92:fd:07:13:38:fe:7e:90:fd:a3:62:25:4a:
         fb:93:df:26:7a:e4:f1:1e:43:1c:a0:08:83:5a:6a:af:38:62:
         0d:08:b0:7d:75:2d:ee:f2:55:e3:af:90:d4:7c:5b:25:c0:14:
         9e:9d:23:5b:7f:35:e0:dc:83:e5:bc:ee:84:f2:ab:ea:5d:36:
         20:a7:7c:bd:c4:a5:e2:71:47:a4:22:88:5c:f9:00:3e:17:df:
         dc:9d:f5:13:ce:46:a7:62:18:0d:d2:21:f4:52:8e:4f:83:c3:
         92:16:77:70:ae:d5:5c:1f:61:79:d2:fa:66:42:ed:d2:41:8d:
         a8:d4:76:7b:80:5e:2b:31:fd:f5:6f:bb:cb:c9:53:4c:38:e5:
         b4:ba:6d:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxW2yrrPO2NIVlZYm+0U7O7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YzliMjAyNWUwZTY5NTgwOGY2YjYxZWUyNzZhZWQ0ZmI1
NjgwY2QwHhcNMjYwMjEzMTE1NTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODVhYjdkZjY5ZDYxNWQ4YWEwZjk5MzdkZjE5OGY5NTgzMDhmNGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowDT6nUEOBm+4c/bfIAg5TiVOJja
OS33FlyVzrAIG3NGf/IUqED1KHYNI9j+Eoq7zCLd8FAvKf9aanE0mzP7jg2Mvm+s
Y+JM9TlVy2W1LfBpQ+SjWHSaTXoNqwkgPqyoe7VB5gboFgeHN4u1XPDn3NuRQZfU
0EfZxouvsSoMyVtjvxTy0Qb9/ef1uK3lhDR9Pc8ZxYSAlwuHX1gg6fFqikVwqtjQ
YNxZX9e0j/TXBMuGCtUBP7FkFhtUHrCtcnguirWY+3264P8UOdp3g7H0oqUAoQiv
xjaFGTfpIpFj/lapcMzGe2P7G4lEgmbDWnTnpKgSK00XaXCR2CRYdW2VGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhat99p1hXYqg+ZN98Zj5WDCPT6MB8GA1UdIwQY
MBaAFFXJsgJeDmlYCPa2HuJ2rtT7VoDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUt
NzFiZTBkNTE5MTlkLzEveUZxMzMybldGZGlxRDVrMzN4bVBsWU1JOVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUtNzFiZTBkNTE5MTlk
LzEvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0FzjMA0G
CSqGSIb3DQEBCwUAA4IBAQAFFQ89CSeG2e1Egp9Dr0zJ4GvtdyhN+GXzyi1uqZLL
RV9rsuDFGu0gd6r2YYMg9MSl1OfMwoiTJ0NB6BxiSvHk6CG1uBLD/JIjuwXQpbmi
k83/Po/xDE3O9IO7MPvgYKDFyE1zjHv9CS3IJpu0JVDN25L9BxM4/n6Q/aNiJUr7
k98meuTxHkMcoAiDWmqvOGINCLB9dS3u8lXjr5DUfFslwBSenSNbfzXg3IPlvO6E
8qvqXTYgp3y9xKXicUekIohc+QA+F9/cnfUTzkanYhgN0iH0Uo5Pg8OSFndwrtVc
H2F50vpmQu3SQY2o1HZ7gF4rMf31b7vLyVNMOOW0um0C
-----END CERTIFICATE-----