Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/0b18d0-077d-423e-a9e0-515208636abb/1/qq5a5GhMnqyW_z2o9qJD_8uDQNg.roa
File:                     qq5a5GhMnqyW_z2o9qJD_8uDQNg.roa (raw, json)
Hash identifier:          CnJ6pH9bWjuEegu8RAzr/k8+jIGD1iK0ez3alrbbaTw=
Subject key identifier:   AA:AE:5A:E4:68:4C:9E:AC:96:FF:3D:A8:F6:A2:43:FF:CB:83:40:D8
Certificate issuer:       /CN=958e6c4a5062f174ff3cd18bf8a41ba5738db076
Certificate serial:       019E6EFC9300DB457165D730F51858CA5097
Authority key identifier: 95:8E:6C:4A:50:62:F1:74:FF:3C:D1:8B:F8:A4:1B:A5:73:8D:B0:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lY5sSlBi8XT_PNGL-KQbpXONsHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/0b18d0-077d-423e-a9e0-515208636abb/1/qq5a5GhMnqyW_z2o9qJD_8uDQNg.roa
Signing time:             Thu 28 May 2026 14:28:26 +0000
ROA not before:           Thu 28 May 2026 14:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29014
IP address blocks:        2a0e:7b80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/0b18d0-077d-423e-a9e0-515208636abb/1/lY5sSlBi8XT_PNGL-KQbpXONsHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/0b18d0-077d-423e-a9e0-515208636abb/1/lY5sSlBi8XT_PNGL-KQbpXONsHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lY5sSlBi8XT_PNGL-KQbpXONsHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 16:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6e:fc:93:00:db:45:71:65:d7:30:f5:18:58:ca:50:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=958e6c4a5062f174ff3cd18bf8a41ba5738db076
        Validity
            Not Before: May 28 14:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aaae5ae4684c9eac96ff3da8f6a243ffcb8340d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:14:c3:4f:09:28:0a:19:b4:1a:f5:40:7e:e9:
                    1b:f8:21:a3:d9:08:6d:55:18:70:1f:2a:5e:b5:c3:
                    72:b6:f9:30:d4:a6:7c:32:01:e8:bf:69:40:4a:c7:
                    a4:30:25:fe:fc:1a:a6:af:b5:a4:71:09:91:10:d0:
                    8e:5c:c9:08:c5:95:8e:fa:77:c7:fd:0c:3d:00:1a:
                    55:77:93:f2:56:95:62:86:6a:ff:2e:dd:1b:b4:a9:
                    b6:4a:50:8d:1b:68:0d:5c:4a:ab:9b:fa:75:2b:6b:
                    b6:76:ce:88:1a:ad:13:9f:fe:42:1f:7c:ed:b4:ce:
                    8e:c5:35:e5:5d:26:ad:6e:91:52:91:61:29:c5:8b:
                    cc:0e:39:f1:5a:73:0e:3b:a3:2c:2e:b0:5d:bf:af:
                    e8:df:53:76:3e:35:9b:ad:5e:57:8b:38:47:03:54:
                    ae:ae:a6:c3:5f:cd:95:1e:50:2d:db:df:93:6e:ec:
                    e0:6e:6f:0e:f8:ed:c2:34:43:a6:7f:e1:87:dc:c0:
                    9a:3f:fe:6b:4f:30:61:2a:40:b5:89:fe:ac:da:76:
                    7f:55:73:81:d5:6c:ce:12:e2:d9:3a:c0:4f:9f:01:
                    9c:03:2a:3d:b7:bf:2a:42:23:68:1f:c0:bd:6a:5b:
                    3a:4c:dc:2a:bc:4b:fb:56:8a:33:14:57:88:76:d8:
                    87:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:AE:5A:E4:68:4C:9E:AC:96:FF:3D:A8:F6:A2:43:FF:CB:83:40:D8
            X509v3 Authority Key Identifier:
                keyid:95:8E:6C:4A:50:62:F1:74:FF:3C:D1:8B:F8:A4:1B:A5:73:8D:B0:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lY5sSlBi8XT_PNGL-KQbpXONsHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/0b18d0-077d-423e-a9e0-515208636abb/1/qq5a5GhMnqyW_z2o9qJD_8uDQNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/0b18d0-077d-423e-a9e0-515208636abb/1/lY5sSlBi8XT_PNGL-KQbpXONsHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:a7:6a:84:18:b7:54:62:aa:bd:9e:af:78:89:f7:32:52:2c:
         af:ec:8b:06:f7:44:0f:d4:7d:d0:11:29:15:d7:56:6e:e3:b8:
         2d:42:c2:03:1c:64:fd:8e:e1:26:3c:74:37:3f:6b:71:1d:7f:
         77:1d:80:ae:d6:91:d0:1f:75:b2:57:58:bd:63:50:f1:4d:f7:
         87:bc:b7:29:9c:d6:f7:5a:a8:71:50:41:5a:07:22:b5:a4:21:
         3d:81:8d:dd:fb:13:ca:7c:ee:20:2c:d5:78:28:4f:c8:f1:51:
         4e:b5:4a:35:16:dd:33:e8:88:2e:00:02:35:60:95:dd:d9:3c:
         de:92:23:58:4e:60:9d:e9:95:23:50:cc:5e:5d:9c:eb:cf:ef:
         ce:c5:e1:d2:f4:a8:7c:2f:d9:fa:7e:bc:8c:8e:45:4e:db:31:
         cd:b4:8b:78:4b:d6:c5:85:b2:65:9b:d2:8f:fb:2b:c4:05:28:
         d3:dc:81:1a:d0:1e:07:64:92:a1:ec:6b:c1:23:bd:0a:ee:60:
         37:d5:5b:b6:df:6f:9d:58:b1:72:c8:67:a1:a2:27:5a:6c:c8:
         a2:46:a2:69:a2:5f:3c:2a:0b:41:30:6c:7f:02:a5:04:44:2d:
         d3:a7:20:59:fd:b8:ea:2f:9d:0a:c2:d7:74:b9:37:54:90:e0:
         a0:f2:2d:b1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5u/JMA20VxZdcw9RhYylCXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1OGU2YzRhNTA2MmYxNzRmZjNjZDE4YmY4YTQxYmE1NzM4
ZGIwNzYwHhcNMjYwNTI4MTQyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWFlNWFlNDY4NGM5ZWFjOTZmZjNkYThmNmEyNDNmZmNiODM0MGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRTDTwkoChm0GvVAfukb+CGj2Qht
VRhwHypetcNytvkw1KZ8MgHov2lASsekMCX+/Bqmr7WkcQmRENCOXMkIxZWO+nfH
/Qw9ABpVd5PyVpVihmr/Lt0btKm2SlCNG2gNXEqrm/p1K2u2ds6IGq0Tn/5CH3zt
tM6OxTXlXSatbpFSkWEpxYvMDjnxWnMOO6MsLrBdv6/o31N2PjWbrV5XizhHA1Su
rqbDX82VHlAt29+Tbuzgbm8O+O3CNEOmf+GH3MCaP/5rTzBhKkC1if6s2nZ/VXOB
1WzOEuLZOsBPnwGcAyo9t78qQiNoH8C9als6TNwqvEv7VoozFFeIdtiHTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKquWuRoTJ6slv89qPaiQ//Lg0DYMB8GA1UdIwQY
MBaAFJWObEpQYvF0/zzRi/ikG6VzjbB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFk1c1NsQmk4WFRfUE5HTC1LUWJwWE9Oc0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8wYjE4ZDAtMDc3ZC00MjNlLWE5ZTAt
NTE1MjA4NjM2YWJiLzEvcXE1YTVHaE1ucXlXX3oybzlxSkRfOHVEUU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8wYjE4ZDAtMDc3ZC00MjNlLWE5ZTAtNTE1MjA4NjM2YWJi
LzEvbFk1c1NsQmk4WFRfUE5HTC1LUWJwWE9Oc0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg57gDAN
BgkqhkiG9w0BAQsFAAOCAQEAY6dqhBi3VGKqvZ6veIn3MlIsr+yLBvdED9R90BEp
FddWbuO4LULCAxxk/Y7hJjx0Nz9rcR1/dx2ArtaR0B91sldYvWNQ8U33h7y3KZzW
91qocVBBWgcitaQhPYGN3fsTynzuICzVeChPyPFRTrVKNRbdM+iILgACNWCV3dk8
3pIjWE5gnemVI1DMXl2c68/vzsXh0vSofC/Z+n68jI5FTtsxzbSLeEvWxYWyZZvS
j/srxAUo09yBGtAeB2SSoexrwSO9Cu5gN9Vbtt9vnVixcshnoaInWmzIokaiaaJf
PCoLQTBsfwKlBEQt06cgWf246i+dCsLXdLk3VJDgoPItsQ==
-----END CERTIFICATE-----