Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/rqG_2unk6rqLAAGwTjA7INdmsnA.roa
File:                     rqG_2unk6rqLAAGwTjA7INdmsnA.roa (raw, json)
Hash identifier:          swAyMP0nCxaat0iD3xapapMZDZJw1Cx6CnzTOo34jJs=
Subject key identifier:   AE:A1:BF:DA:E9:E4:EA:BA:8B:00:01:B0:4E:30:3B:20:D7:66:B2:70
Certificate issuer:       /CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
Certificate serial:       019997D463A711A64BF74B76D83FF536E857
Authority key identifier: E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/rqG_2unk6rqLAAGwTjA7INdmsnA.roa
Signing time:             Mon 29 Sep 2025 23:35:02 +0000
ROA not before:           Mon 29 Sep 2025 23:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        86.54.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:97:d4:63:a7:11:a6:4b:f7:4b:76:d8:3f:f5:36:e8:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
        Validity
            Not Before: Sep 29 23:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aea1bfdae9e4eaba8b0001b04e303b20d766b270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:98:bb:83:09:84:ef:f2:a8:28:cd:7e:44:15:
                    f1:96:0a:76:a2:73:6d:cf:43:8d:d9:f9:17:1a:28:
                    a3:99:b3:61:7b:2e:28:99:72:73:01:a8:25:50:c3:
                    ad:8e:f4:6e:74:45:8b:f1:41:4c:37:ad:84:aa:6e:
                    c4:cd:b7:91:79:51:22:89:14:ad:b4:04:b1:6f:69:
                    04:19:4d:3e:3e:ad:0a:a4:6a:f6:74:5b:2b:03:81:
                    07:4a:0a:a3:ef:f2:ec:6c:2d:77:ca:c7:00:a4:22:
                    58:3b:47:50:d0:51:b6:77:8a:1b:42:55:07:86:93:
                    63:4e:97:96:0b:85:9b:c8:ef:de:6e:09:4a:50:6a:
                    02:56:ef:d2:9f:40:0b:c3:1b:f1:4e:fe:f2:bc:ed:
                    13:c2:86:63:79:e5:10:c2:85:d6:e8:b9:3e:e4:2b:
                    79:fa:96:25:23:0b:f1:8f:78:bf:5d:02:73:37:e1:
                    e3:98:ad:c5:03:16:dc:08:bc:3b:49:ad:78:63:79:
                    4b:4a:de:4d:14:8c:c4:9d:9b:6c:ff:1a:ef:49:54:
                    ba:de:43:7a:2e:6d:39:ad:f6:d0:d0:22:6e:be:c1:
                    da:a0:ae:c7:a7:b2:9a:a8:bc:97:d2:63:ed:4c:21:
                    2f:66:14:20:d4:9e:ef:06:e3:64:1c:8d:28:bb:a4:
                    6c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:A1:BF:DA:E9:E4:EA:BA:8B:00:01:B0:4E:30:3B:20:D7:66:B2:70
            X509v3 Authority Key Identifier:
                keyid:E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/rqG_2unk6rqLAAGwTjA7INdmsnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.54.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:6d:94:e0:60:b6:cf:2c:3e:b0:1c:18:2a:02:82:ab:83:3f:
         19:ee:b7:a5:4d:bf:e8:29:a3:b7:91:7a:ca:4e:e7:7a:bb:e4:
         9a:38:02:b5:6d:f6:c3:22:f4:82:76:7c:dc:56:d0:7d:6b:9a:
         51:85:ae:0d:4d:8f:79:f4:1a:d0:80:00:9c:5e:36:6f:b5:7a:
         9f:d0:44:48:85:18:3d:af:73:23:98:f6:8d:86:70:29:8f:04:
         5d:dc:57:65:0c:43:74:b2:52:24:76:5b:22:ca:5a:f0:4a:7b:
         9c:ee:9c:ca:c4:d0:e9:86:03:b9:3f:16:22:f7:3f:36:41:d6:
         53:a9:3e:79:7c:37:c1:07:5c:97:c7:56:19:24:0d:bf:c1:a4:
         08:f3:bb:70:7d:36:ea:d8:56:21:4b:93:e4:6f:74:e9:7e:a8:
         89:0c:d3:01:27:89:81:ae:a1:09:e7:fc:73:7f:10:50:25:df:
         9d:04:e9:14:2c:da:5b:ad:32:45:b9:89:ae:cb:71:77:50:14:
         0b:59:1f:36:84:aa:f5:27:50:a9:5b:c7:a5:19:2c:79:7f:43:
         a9:69:08:f7:f1:f3:a1:33:61:b8:68:0d:51:d0:c4:88:11:23:
         71:66:59:e1:cc:4e:ba:3f:2a:a8:3c:2b:30:3a:34:b9:be:9d:
         a1:c4:81:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmX1GOnEaZL90t22D/1NuhXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YzJlMGQzZmRjMjE1YTM4OWM3MDQzY2E1YTFhMDZiZTJj
NTU4ZWYwHhcNMjUwOTI5MjMzNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWExYmZkYWU5ZTRlYWJhOGIwMDAxYjA0ZTMwM2IyMGQ3NjZiMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15i7gwmE7/KoKM1+RBXxlgp2onNt
z0ON2fkXGiijmbNhey4omXJzAaglUMOtjvRudEWL8UFMN62Eqm7EzbeReVEiiRSt
tASxb2kEGU0+Pq0KpGr2dFsrA4EHSgqj7/LsbC13yscApCJYO0dQ0FG2d4obQlUH
hpNjTpeWC4WbyO/ebglKUGoCVu/Sn0ALwxvxTv7yvO0TwoZjeeUQwoXW6Lk+5Ct5
+pYlIwvxj3i/XQJzN+HjmK3FAxbcCLw7Sa14Y3lLSt5NFIzEnZts/xrvSVS63kN6
Lm05rfbQ0CJuvsHaoK7Hp7KaqLyX0mPtTCEvZhQg1J7vBuNkHI0ou6RsoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6hv9rp5Oq6iwABsE4wOyDXZrJwMB8GA1UdIwQY
MBaAFObC4NP9whWjiccEPKWhoGvixVjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQt
ZjNlMDUyYmFiMTQ0LzEvcnFHXzJ1bms2cnFMQUFHd1RqQTdJTmRtc25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQtZjNlMDUyYmFiMTQ0
LzEvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVjYaMA0G
CSqGSIb3DQEBCwUAA4IBAQB5bZTgYLbPLD6wHBgqAoKrgz8Z7relTb/oKaO3kXrK
Tud6u+SaOAK1bfbDIvSCdnzcVtB9a5pRha4NTY959BrQgACcXjZvtXqf0ERIhRg9
r3MjmPaNhnApjwRd3FdlDEN0slIkdlsiylrwSnuc7pzKxNDphgO5PxYi9z82QdZT
qT55fDfBB1yXx1YZJA2/waQI87twfTbq2FYhS5Pkb3TpfqiJDNMBJ4mBrqEJ5/xz
fxBQJd+dBOkULNpbrTJFuYmuy3F3UBQLWR82hKr1J1CpW8elGSx5f0OpaQj38fOh
M2G4aA1R0MSIESNxZlnhzE66PyqoPCswOjS5vp2hxIF5
-----END CERTIFICATE-----