Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/wqQrBNG_uFAXnOqfwvQSAxQ1q4g.roa
File:                     wqQrBNG_uFAXnOqfwvQSAxQ1q4g.roa (raw, json)
Hash identifier:          uu2Dr1aSzwaF2BP1nFAA19RlyyJjn+ooVS/WdvtMPQ0=
Subject key identifier:   C2:A4:2B:04:D1:BF:B8:50:17:9C:EA:9F:C2:F4:12:03:14:35:AB:88
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019CA9AEBD9D23C34F8C4776A3D404ED3632
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/wqQrBNG_uFAXnOqfwvQSAxQ1q4g.roa
Signing time:             Sun 01 Mar 2026 13:55:27 +0000
ROA not before:           Sun 01 Mar 2026 13:55:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        46.29.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a9:ae:bd:9d:23:c3:4f:8c:47:76:a3:d4:04:ed:36:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Mar  1 13:55:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2a42b04d1bfb850179cea9fc2f412031435ab88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:04:0e:50:de:93:14:2a:ee:f9:62:11:80:d4:
                    6e:81:c0:86:60:2a:5b:b9:d0:19:0d:05:5d:0c:13:
                    bc:b5:0e:7d:ee:61:ee:5e:40:e9:7f:a8:51:53:59:
                    22:8c:05:02:7a:56:52:89:6b:4b:eb:a9:be:50:b3:
                    5d:97:ec:7c:01:55:a8:c6:d9:8b:65:80:a8:26:27:
                    67:c9:01:c2:cc:57:a0:18:f0:46:93:64:b1:8f:bc:
                    d3:4d:5f:db:01:7c:ea:c2:17:5f:04:f0:72:9d:6a:
                    69:5c:bc:68:2d:02:91:24:70:eb:70:d1:38:5b:14:
                    5c:3e:12:8f:30:0a:e9:18:71:03:2c:53:2f:9e:a7:
                    db:1a:84:83:3a:3f:38:0f:00:45:05:ea:b8:db:e7:
                    66:cd:5b:ee:ef:44:ad:dc:f1:43:74:57:45:71:77:
                    f7:ed:a3:ed:13:a1:cf:4e:bc:c0:c8:8d:e7:35:bf:
                    d5:70:ed:e8:bb:5c:a0:07:c7:f9:85:bf:8f:a0:f5:
                    46:67:77:91:39:eb:8e:17:e4:74:ad:44:09:59:67:
                    f4:75:55:9e:ff:35:38:ca:fd:93:d3:f9:b1:cd:e3:
                    2f:f2:47:cf:ba:da:1b:df:1d:c8:12:7e:c8:50:c8:
                    9e:32:e5:0e:8d:7e:c9:20:f4:51:8f:77:b2:e4:c1:
                    01:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A4:2B:04:D1:BF:B8:50:17:9C:EA:9F:C2:F4:12:03:14:35:AB:88
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/wqQrBNG_uFAXnOqfwvQSAxQ1q4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:f6:34:09:d5:79:d3:a4:11:87:95:72:f1:ef:88:9f:95:64:
         84:6b:d4:fe:0a:74:05:13:e8:76:74:ac:86:26:6a:02:4b:5e:
         3d:10:e3:c6:28:be:fc:89:5c:d2:44:89:df:16:17:24:4e:a6:
         af:a4:40:df:fe:cf:46:3d:c9:aa:3a:da:34:a9:70:b5:18:6e:
         90:13:ee:80:50:04:e1:9c:69:78:c8:56:64:5c:1f:8d:ec:37:
         db:30:4d:73:4d:49:68:51:55:0c:cc:1d:b1:fb:5b:4a:a5:aa:
         d5:8b:2f:35:cb:51:21:e3:63:37:9c:18:26:bd:24:70:34:8e:
         4f:46:f7:3a:2e:b0:82:80:96:2e:85:c1:85:fb:12:c1:6e:d5:
         7c:0c:86:01:dc:d2:3b:98:91:ca:e8:f9:9a:d8:3f:78:04:02:
         40:2d:af:e3:6d:43:96:b2:e2:ff:a1:ad:40:5f:17:15:78:12:
         88:b9:45:99:97:6f:ab:d4:8c:2c:ec:36:81:87:58:37:6c:af:
         e3:65:8c:aa:98:5e:9c:7f:2d:ce:17:7a:6d:83:9a:0d:33:01:
         8c:a5:25:16:f4:9d:aa:ab:b8:11:5f:26:54:0f:56:6c:ae:3a:
         a6:04:14:59:35:38:24:50:4c:ef:8c:fc:c6:dd:08:5f:76:76:
         1a:97:8c:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyprr2dI8NPjEd2o9QE7TYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMzAxMTM1NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmE0MmIwNGQxYmZiODUwMTc5Y2VhOWZjMmY0MTIwMzE0MzVhYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQQOUN6TFCru+WIRgNRugcCGYCpb
udAZDQVdDBO8tQ597mHuXkDpf6hRU1kijAUCelZSiWtL66m+ULNdl+x8AVWoxtmL
ZYCoJidnyQHCzFegGPBGk2Sxj7zTTV/bAXzqwhdfBPBynWppXLxoLQKRJHDrcNE4
WxRcPhKPMArpGHEDLFMvnqfbGoSDOj84DwBFBeq42+dmzVvu70St3PFDdFdFcXf3
7aPtE6HPTrzAyI3nNb/VcO3ou1ygB8f5hb+PoPVGZ3eROeuOF+R0rUQJWWf0dVWe
/zU4yv2T0/mxzeMv8kfPutob3x3IEn7IUMieMuUOjX7JIPRRj3ey5MEB8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKkKwTRv7hQF5zqn8L0EgMUNauIMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvd3FRckJOR191RkFYbk9xZnd2UVNBeFExcTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0YMA0G
CSqGSIb3DQEBCwUAA4IBAQBt9jQJ1XnTpBGHlXLx74iflWSEa9T+CnQFE+h2dKyG
JmoCS149EOPGKL78iVzSRInfFhckTqavpEDf/s9GPcmqOto0qXC1GG6QE+6AUATh
nGl4yFZkXB+N7DfbME1zTUloUVUMzB2x+1tKparViy81y1Eh42M3nBgmvSRwNI5P
Rvc6LrCCgJYuhcGF+xLBbtV8DIYB3NI7mJHK6Pma2D94BAJALa/jbUOWsuL/oa1A
XxcVeBKIuUWZl2+r1Iws7DaBh1g3bK/jZYyqmF6cfy3OF3ptg5oNMwGMpSUW9J2q
q7gRXyZUD1ZsrjqmBBRZNTgkUEzvjPzG3QhfdnYal4w/
-----END CERTIFICATE-----