Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/QNiHEratRmL15qveLmouG89fHtw.roa
File:                     QNiHEratRmL15qveLmouG89fHtw.roa (raw, json)
Hash identifier:          rZ3LtJY3g+4OvleTn/urPwcIBGy6pEReCVnBe87jlzw=
Subject key identifier:   40:D8:87:12:B6:AD:46:62:F5:E6:AB:DE:2E:6A:2E:1B:CF:5F:1E:DC
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019E205EAF98E33AA740555EAB35C580DACA
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/QNiHEratRmL15qveLmouG89fHtw.roa
Signing time:             Wed 13 May 2026 08:05:36 +0000
ROA not before:           Wed 13 May 2026 08:05:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210699
IP address blocks:        89.126.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:5e:af:98:e3:3a:a7:40:55:5e:ab:35:c5:80:da:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: May 13 08:05:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40d88712b6ad4662f5e6abde2e6a2e1bcf5f1edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:05:4e:35:f7:ae:6b:1b:a1:06:b9:42:96:fe:
                    e1:3d:80:59:12:f5:31:62:a5:41:0e:25:35:b9:b4:
                    3d:00:4b:d5:a3:e7:e4:d2:56:80:b5:49:34:62:b7:
                    05:22:e4:12:93:98:ee:03:42:f4:43:34:37:d8:2d:
                    3a:fc:fc:1c:16:a1:14:40:ca:5f:69:02:32:43:70:
                    5d:75:80:90:2b:43:ea:b5:1e:b5:9b:49:5b:38:b3:
                    87:fb:da:15:71:a2:dc:17:81:7d:7a:5f:bb:18:95:
                    3f:ce:f5:e4:bc:62:b7:77:e5:10:3a:5e:4e:8f:e2:
                    45:47:7b:f0:38:9f:6b:cd:ca:5b:ca:fd:13:d6:2c:
                    02:6b:38:9f:d5:4e:45:06:98:f2:ea:2c:f0:ab:ed:
                    b8:10:89:af:a2:20:9b:b6:72:e7:f7:45:cf:76:c3:
                    17:33:5c:94:31:42:56:d6:04:c9:ed:48:ca:c8:01:
                    1b:b2:e8:be:e5:7e:ec:14:6d:4e:b4:f7:20:07:b0:
                    f9:eb:40:55:32:d4:e3:d9:a8:b5:14:4a:3b:bf:0a:
                    19:5d:b7:6f:02:de:c7:e2:2f:8f:55:f8:74:1b:4d:
                    fe:fa:11:ca:78:8e:9e:a6:33:69:c3:3e:2c:2a:cb:
                    32:f8:98:8c:e6:c1:5e:78:8d:21:a3:32:2a:0d:d5:
                    a4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D8:87:12:B6:AD:46:62:F5:E6:AB:DE:2E:6A:2E:1B:CF:5F:1E:DC
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/QNiHEratRmL15qveLmouG89fHtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.126.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:0d:f3:4b:76:e6:25:82:3d:c2:2a:5a:a7:c0:e3:48:42:26:
         5a:ea:23:a4:b6:40:bb:61:11:16:5c:86:f5:46:77:fe:95:07:
         f7:5d:2a:2b:2f:ae:3d:e0:df:fd:f4:d2:19:bf:91:f0:c0:29:
         9c:7f:02:82:3a:07:b7:21:63:a9:14:7f:5f:f9:ff:34:70:d7:
         9a:b4:02:93:f9:f1:42:26:60:04:2a:16:b5:e6:b3:d5:c0:b8:
         cb:e1:3c:9f:32:b3:c1:47:c8:e5:5b:b1:e7:39:f1:4b:47:f9:
         b6:da:9e:a2:b9:15:35:74:85:db:3b:b4:04:09:dc:b4:0c:b0:
         c0:aa:5d:e8:47:92:e8:da:57:24:7a:30:c2:f6:0d:1a:dc:90:
         be:1e:a0:81:12:7f:27:72:06:04:c8:19:ac:b6:6e:0e:92:dc:
         b6:a0:db:5e:02:e3:15:01:ba:72:5c:a2:e8:81:fc:e9:4d:39:
         8e:a8:7b:6f:02:6d:ad:04:2c:d5:4a:db:62:83:d9:72:84:8d:
         a5:5c:14:70:25:d8:a0:8a:b1:dc:90:e4:e9:14:8c:ad:d1:47:
         09:c0:58:86:09:5f:fc:39:d0:8b:fb:06:f0:29:75:03:39:35:
         a5:47:03:3d:ab:aa:0e:bf:37:e2:c9:17:5b:d8:94:46:bf:4e:
         5a:85:1e:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4gXq+Y4zqnQFVeqzXFgNrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwNTEzMDgwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQ4ODcxMmI2YWQ0NjYyZjVlNmFiZGUyZTZhMmUxYmNmNWYxZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowVONfeuaxuhBrlClv7hPYBZEvUx
YqVBDiU1ubQ9AEvVo+fk0laAtUk0YrcFIuQSk5juA0L0QzQ32C06/PwcFqEUQMpf
aQIyQ3BddYCQK0PqtR61m0lbOLOH+9oVcaLcF4F9el+7GJU/zvXkvGK3d+UQOl5O
j+JFR3vwOJ9rzcpbyv0T1iwCazif1U5FBpjy6izwq+24EImvoiCbtnLn90XPdsMX
M1yUMUJW1gTJ7UjKyAEbsui+5X7sFG1OtPcgB7D560BVMtTj2ai1FEo7vwoZXbdv
At7H4i+PVfh0G03++hHKeI6epjNpwz4sKssy+JiM5sFeeI0hozIqDdWk5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDYhxK2rUZi9ear3i5qLhvPXx7cMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvUU5pSEVyYXRSbUwxNXF2ZUxtb3VHODlmSHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX7iMA0G
CSqGSIb3DQEBCwUAA4IBAQBqDfNLduYlgj3CKlqnwONIQiZa6iOktkC7YREWXIb1
Rnf+lQf3XSorL6494N/99NIZv5HwwCmcfwKCOge3IWOpFH9f+f80cNeatAKT+fFC
JmAEKha15rPVwLjL4TyfMrPBR8jlW7HnOfFLR/m22p6iuRU1dIXbO7QECdy0DLDA
ql3oR5Lo2lckejDC9g0a3JC+HqCBEn8ncgYEyBmstm4Okty2oNteAuMVAbpyXKLo
gfzpTTmOqHtvAm2tBCzVSttig9lyhI2lXBRwJdigirHckOTpFIyt0UcJwFiGCV/8
OdCL+wbwKXUDOTWlRwM9q6oOvzfiyRdb2JRGv05ahR56
-----END CERTIFICATE-----