Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/j_3Ftqm-lzj1TntRYs7GVQ4-no4.roa
File:                     j_3Ftqm-lzj1TntRYs7GVQ4-no4.roa (raw, json)
Hash identifier:          uD9N1p5kcD0F5MTrxTTnuG+MRtGjk9UHle8sxsfds2s=
Subject key identifier:   8F:FD:C5:B6:A9:BE:97:38:F5:4E:7B:51:62:CE:C6:55:0E:3E:9E:8E
Certificate issuer:       /CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
Certificate serial:       019740E01A6CC04AFA9CAFBAB9B55AB63850
Authority key identifier: E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/j_3Ftqm-lzj1TntRYs7GVQ4-no4.roa
Signing time:             Thu 05 Jun 2025 16:15:17 +0000
ROA not before:           Thu 05 Jun 2025 16:15:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214497
IP address blocks:        86.54.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 04:10:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:e0:1a:6c:c0:4a:fa:9c:af:ba:b9:b5:5a:b6:38:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
        Validity
            Not Before: Jun  5 16:15:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ffdc5b6a9be9738f54e7b5162cec6550e3e9e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b0:03:32:6f:8d:fd:e2:84:1f:e1:16:c5:e5:
                    a1:13:99:ae:7e:6f:8e:92:3b:a1:f4:fe:f8:c6:bb:
                    6b:03:e6:6e:d3:0f:ad:01:ee:87:14:0f:00:ee:8e:
                    08:70:d5:30:a0:b6:d5:d8:13:b3:7d:4d:9f:bb:6c:
                    a7:1d:d7:01:6a:f0:e1:57:c8:09:b5:58:e4:09:8c:
                    a9:9a:eb:23:ea:8d:eb:71:58:63:c9:33:71:3b:94:
                    0f:c1:8b:3c:87:71:b5:33:80:87:be:46:5a:09:d9:
                    4d:f5:22:0d:16:dd:e7:4f:d4:65:d3:bd:ec:1d:9b:
                    b9:48:bc:e4:3d:d6:70:4a:e1:70:0d:a8:0a:56:d5:
                    a1:74:48:41:31:9d:7c:e5:50:1f:3e:53:50:a9:d7:
                    7a:b8:01:94:a9:56:31:c1:cf:3f:d9:53:d9:0f:a1:
                    87:d2:1a:e2:da:07:c0:99:88:0e:ce:4a:5b:55:88:
                    23:6d:a5:3b:0e:30:6e:7a:7e:b3:06:c8:50:f9:8f:
                    d8:0d:49:ee:da:31:d4:f7:ab:25:57:2a:4c:e8:42:
                    8f:e9:22:d4:26:2b:7e:6f:f6:35:c7:86:43:13:90:
                    e4:e4:4f:12:b8:f8:00:bd:eb:24:ea:10:03:c2:19:
                    b8:21:b6:7e:e8:88:1a:87:b7:90:33:1a:bd:44:85:
                    39:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:FD:C5:B6:A9:BE:97:38:F5:4E:7B:51:62:CE:C6:55:0E:3E:9E:8E
            X509v3 Authority Key Identifier:
                keyid:E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/j_3Ftqm-lzj1TntRYs7GVQ4-no4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.54.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:54:ed:3f:b7:0b:85:b7:3c:9f:73:31:59:d9:32:39:66:d4:
         ec:44:93:45:cc:bd:55:01:a5:d2:9c:8b:df:d9:31:a9:26:d4:
         f6:40:47:42:20:67:31:f7:29:a6:a1:52:47:ee:96:99:35:64:
         38:e2:99:3d:56:bd:52:d4:61:c9:0e:7f:c7:15:fb:5f:6a:55:
         fc:4e:6c:d8:62:95:86:80:c1:9e:ee:67:65:be:00:13:86:48:
         95:75:0e:10:74:72:c8:62:91:36:53:06:c7:40:f4:a1:c0:19:
         70:d9:38:ed:31:00:e1:8e:f6:67:1d:25:e0:88:c8:e0:7a:12:
         a0:cb:46:56:72:27:ba:83:3d:1f:35:79:6d:cc:0a:6e:19:4e:
         96:0b:34:6d:75:3e:c6:dd:61:14:19:99:5f:86:10:ae:52:a4:
         1e:9a:3b:bb:6c:e7:15:01:4f:a1:51:0d:0e:5f:63:96:d6:4f:
         b8:a8:72:17:02:07:d0:08:f6:a4:3b:c7:78:49:bb:34:4a:c2:
         35:73:50:05:86:91:96:2c:dc:b5:20:b5:0e:27:48:f3:f7:c1:
         6b:80:3b:39:17:16:bb:df:af:50:cc:4e:57:b9:e4:f7:6d:fd:
         cc:21:73:94:3a:55:d2:27:4c:2c:11:d3:64:7d:02:7f:f5:46:
         2f:dd:e4:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdA4BpswEr6nK+6ubVatjhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YzJlMGQzZmRjMjE1YTM4OWM3MDQzY2E1YTFhMDZiZTJj
NTU4ZWYwHhcNMjUwNjA1MTYxNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmZkYzViNmE5YmU5NzM4ZjU0ZTdiNTE2MmNlYzY1NTBlM2U5ZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrADMm+N/eKEH+EWxeWhE5mufm+O
kjuh9P74xrtrA+Zu0w+tAe6HFA8A7o4IcNUwoLbV2BOzfU2fu2ynHdcBavDhV8gJ
tVjkCYypmusj6o3rcVhjyTNxO5QPwYs8h3G1M4CHvkZaCdlN9SINFt3nT9Rl073s
HZu5SLzkPdZwSuFwDagKVtWhdEhBMZ185VAfPlNQqdd6uAGUqVYxwc8/2VPZD6GH
0hri2gfAmYgOzkpbVYgjbaU7DjBuen6zBshQ+Y/YDUnu2jHU96slVypM6EKP6SLU
Jit+b/Y1x4ZDE5Dk5E8SuPgAvesk6hADwhm4IbZ+6Igah7eQMxq9RIU5rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/9xbapvpc49U57UWLOxlUOPp6OMB8GA1UdIwQY
MBaAFObC4NP9whWjiccEPKWhoGvixVjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQt
ZjNlMDUyYmFiMTQ0LzEval8zRnRxbS1semoxVG50UllzN0dWUTQtbm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQtZjNlMDUyYmFiMTQ0
LzEvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVjYaMA0G
CSqGSIb3DQEBCwUAA4IBAQDLVO0/twuFtzyfczFZ2TI5ZtTsRJNFzL1VAaXSnIvf
2TGpJtT2QEdCIGcx9ymmoVJH7paZNWQ44pk9Vr1S1GHJDn/HFftfalX8TmzYYpWG
gMGe7mdlvgAThkiVdQ4QdHLIYpE2UwbHQPShwBlw2TjtMQDhjvZnHSXgiMjgehKg
y0ZWcie6gz0fNXltzApuGU6WCzRtdT7G3WEUGZlfhhCuUqQemju7bOcVAU+hUQ0O
X2OW1k+4qHIXAgfQCPakO8d4Sbs0SsI1c1AFhpGWLNy1ILUOJ0jz98FrgDs5Fxa7
369QzE5XueT3bf3MIXOUOlXSJ0wsEdNkfQJ/9UYv3eT1
-----END CERTIFICATE-----