Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/FDRPldO3dsD0neaRIBLq02VpkNI.roa
File:                     FDRPldO3dsD0neaRIBLq02VpkNI.roa (raw, json)
Hash identifier:          wUeLryiuhJDKjDlLQkd0Vnaj7yUNZq3RLMQS/oaFKxE=
Subject key identifier:   14:34:4F:95:D3:B7:76:C0:F4:9D:E6:91:20:12:EA:D3:65:69:90:D2
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0199CF20FA21E9EF598A17436098566480D5
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/FDRPldO3dsD0neaRIBLq02VpkNI.roa
Signing time:             Fri 10 Oct 2025 17:17:48 +0000
ROA not before:           Fri 10 Oct 2025 17:17:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        89.106.26.0/24 maxlen: 24
                          94.229.215.0/24 maxlen: 24
                          194.36.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cf:20:fa:21:e9:ef:59:8a:17:43:60:98:56:64:80:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 10 17:17:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14344f95d3b776c0f49de6912012ead3656990d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cb:76:fa:b8:5b:e7:8f:ad:fd:71:03:41:c6:
                    ab:79:b5:a0:d8:a5:87:e9:98:d5:d0:01:4a:08:77:
                    aa:79:a3:85:a3:5d:3b:1a:a7:19:64:e5:30:40:12:
                    5b:b0:e9:df:25:2e:4e:cb:7b:64:a4:43:55:7f:c9:
                    6f:09:55:c5:95:19:f9:76:79:72:8a:64:08:d3:3d:
                    5d:19:fb:2f:6e:ba:1b:f7:22:77:53:1a:cd:ca:d9:
                    5e:98:cc:d7:8e:5f:b8:0a:81:43:a3:19:c7:a3:7e:
                    ab:51:b4:a2:0f:fd:0a:26:cc:69:3c:1e:31:61:da:
                    22:bb:e1:0f:71:02:66:83:7c:af:dc:20:ef:fe:18:
                    11:28:0e:24:bc:13:d3:00:31:15:95:61:88:05:c0:
                    b0:fa:72:d4:92:4e:06:74:f5:ef:35:d9:a6:ed:cb:
                    f6:d6:ec:1a:a2:a8:c3:1e:49:92:1c:88:a4:2f:01:
                    81:e7:de:59:04:4c:b4:b7:27:95:ce:65:79:95:44:
                    6f:fd:a9:bb:a4:63:7d:e2:6c:68:6e:8d:65:e7:be:
                    be:af:73:94:b4:4b:71:54:bd:4e:6c:a6:b6:ca:95:
                    6c:cd:d6:e6:a8:e1:7d:bf:d3:70:0d:92:36:d6:0a:
                    a0:39:e9:b6:b0:d2:5d:ff:20:64:7b:c9:5e:63:f6:
                    5d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:34:4F:95:D3:B7:76:C0:F4:9D:E6:91:20:12:EA:D3:65:69:90:D2
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/FDRPldO3dsD0neaRIBLq02VpkNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.26.0/24
                  94.229.215.0/24
                  194.36.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:e4:81:59:8a:cf:28:fe:43:bb:38:79:e8:55:4b:61:cf:ce:
         e1:2c:a9:e0:43:67:9d:8f:7a:23:cf:94:12:7e:4b:68:32:a3:
         ed:8c:e5:35:c5:bc:0a:bd:65:1f:cc:d3:ef:9a:cb:c0:ea:f1:
         a7:39:e4:96:f7:86:42:f4:4f:a0:dc:73:9e:81:05:26:ca:a1:
         7c:d0:2c:96:3a:82:10:04:c1:7b:8b:c8:5e:81:a4:34:f4:dc:
         c3:40:cf:fb:1e:a7:bb:38:8a:ef:25:2d:63:0b:df:5d:0d:f7:
         28:55:5d:55:41:90:7a:86:36:22:ae:c9:1c:68:b5:d4:e1:bd:
         1d:ad:df:32:c2:44:44:07:cd:58:60:ce:08:b4:d7:e5:02:ff:
         e1:5c:2e:bd:0a:b2:48:ac:3e:58:95:75:41:65:68:d6:3c:20:
         c2:eb:26:04:07:90:b3:75:3a:af:38:89:fd:36:da:57:14:e3:
         f9:9c:e7:01:b6:9d:1d:89:ec:35:c5:04:58:95:70:75:31:29:
         20:0b:30:b9:c4:58:b0:e7:58:6a:19:9f:99:95:bb:cb:2e:50:
         29:57:da:c6:cf:a1:9e:f0:c9:3e:4a:4e:df:56:6a:0f:12:72:
         6a:86:08:5c:ff:8b:b7:c8:ad:c0:0e:8d:a4:8c:51:f9:e6:74:
         4f:96:80:34
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnPIPoh6e9ZihdDYJhWZIDVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUxMDEwMTcxNzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDM0NGY5NWQzYjc3NmMwZjQ5ZGU2OTEyMDEyZWFkMzY1Njk5MGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnct2+rhb54+t/XEDQcarebWg2KWH
6ZjV0AFKCHeqeaOFo107GqcZZOUwQBJbsOnfJS5Oy3tkpENVf8lvCVXFlRn5dnly
imQI0z1dGfsvbrob9yJ3UxrNytlemMzXjl+4CoFDoxnHo36rUbSiD/0KJsxpPB4x
Ydoiu+EPcQJmg3yv3CDv/hgRKA4kvBPTADEVlWGIBcCw+nLUkk4GdPXvNdmm7cv2
1uwaoqjDHkmSHIikLwGB595ZBEy0tyeVzmV5lURv/am7pGN94mxobo1l576+r3OU
tEtxVL1ObKa2ypVszdbmqOF9v9NwDZI21gqgOem2sNJd/yBke8leY/ZdEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBQ0T5XTt3bA9J3mkSAS6tNlaZDSMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvRkRSUGxkTzNkc0QwbmVhUklCTHEwMlZwa05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWWoaAwQA
XuXXAwQAwiQjMA0GCSqGSIb3DQEBCwUAA4IBAQAz5IFZis8o/kO7OHnoVUthz87h
LKngQ2edj3ojz5QSfktoMqPtjOU1xbwKvWUfzNPvmsvA6vGnOeSW94ZC9E+g3HOe
gQUmyqF80CyWOoIQBMF7i8hegaQ09NzDQM/7Hqe7OIrvJS1jC99dDfcoVV1VQZB6
hjYirskcaLXU4b0drd8ywkREB81YYM4ItNflAv/hXC69CrJIrD5YlXVBZWjWPCDC
6yYEB5CzdTqvOIn9NtpXFOP5nOcBtp0diew1xQRYlXB1MSkgCzC5xFiw51hqGZ+Z
lbvLLlApV9rGz6Ge8Mk+Sk7fVmoPEnJqhghc/4u3yK3ADo2kjFH55nRPloA0
-----END CERTIFICATE-----