Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/UfP44Bx9qsuV7j9iVmBz97z5_dQ.roa
File:                     UfP44Bx9qsuV7j9iVmBz97z5_dQ.roa (raw, json)
Hash identifier:          KynSlNc4YnbTpDJJsNaVoDRdRhonHVWrCAph8W7FOBQ=
Subject key identifier:   51:F3:F8:E0:1C:7D:AA:CB:95:EE:3F:62:56:60:73:F7:BC:F9:FD:D4
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019E1CE3E10DBB6F5DAF29D3463A2458BDB3
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/UfP44Bx9qsuV7j9iVmBz97z5_dQ.roa
Signing time:             Tue 12 May 2026 15:52:36 +0000
ROA not before:           Tue 12 May 2026 15:52:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        89.106.2.0/24 maxlen: 24
                          94.229.213.0/24 maxlen: 24
                          94.229.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:51:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:e3:e1:0d:bb:6f:5d:af:29:d3:46:3a:24:58:bd:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May 12 15:52:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=51f3f8e01c7daacb95ee3f62566073f7bcf9fdd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c9:2a:a2:06:da:a1:d1:f8:ef:d3:cb:57:d7:
                    83:c2:53:13:e7:4d:f0:02:28:a4:93:78:b4:1f:93:
                    5b:cb:81:94:60:2d:83:84:a8:0f:6c:d0:fb:03:9e:
                    8e:a4:72:dc:43:ec:e8:a2:1b:82:1d:12:8b:5e:0d:
                    13:79:c1:c7:34:04:56:01:75:be:25:2b:11:9b:37:
                    f9:c4:4b:f2:d1:76:0d:61:12:63:e1:aa:b4:f3:dd:
                    61:b2:cc:89:ea:ee:b5:01:ad:75:81:24:e7:51:54:
                    31:2f:0c:83:ae:fa:ac:fe:80:4b:3f:fd:d7:89:65:
                    51:50:2d:4d:53:3b:30:37:20:8f:e8:4f:76:02:67:
                    d8:0e:d9:fa:ce:4b:d8:c6:4d:0d:7b:41:b0:ab:67:
                    2b:90:34:cc:78:8a:05:c1:21:67:3a:a7:8a:88:b6:
                    21:b2:b7:87:57:1d:e6:23:d9:af:2b:c4:73:1c:7b:
                    c5:f2:2d:37:2d:00:3c:92:95:ae:90:d7:c4:36:be:
                    c8:c9:54:a1:4e:06:07:11:fc:59:dd:4c:3b:d4:78:
                    dd:43:14:ff:0b:e5:10:10:48:7b:0c:be:1d:8c:38:
                    fb:07:68:46:d4:66:2f:1b:5b:21:45:c3:dc:8c:f5:
                    de:d5:01:c2:42:19:fe:3b:2a:92:90:dc:85:fd:f7:
                    c5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:F3:F8:E0:1C:7D:AA:CB:95:EE:3F:62:56:60:73:F7:BC:F9:FD:D4
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/UfP44Bx9qsuV7j9iVmBz97z5_dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.2.0/24
                  94.229.213.0/24
                  94.229.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:32:7a:72:da:e8:b8:be:8d:35:e0:80:a7:74:f7:27:17:59:
         34:7c:72:44:c5:c0:34:04:60:bb:76:71:6a:16:a5:26:8d:3c:
         5a:e9:1b:61:aa:44:ab:9e:83:7b:19:84:93:dd:d6:db:ab:86:
         e7:1d:21:78:db:bc:68:90:32:83:58:0a:6d:23:ae:49:1d:b8:
         21:f5:ff:df:28:ef:c9:6c:32:b8:f7:a4:89:5e:c9:5c:55:ce:
         68:51:38:22:a4:3f:3f:bf:be:f1:80:7d:ef:81:49:5e:56:bd:
         5d:ca:5e:ab:39:30:4f:cb:37:b6:5c:46:1c:47:a3:1b:b5:f1:
         58:6a:46:92:d8:16:4e:99:5c:e1:0a:58:a4:dc:14:13:c9:59:
         29:2c:3f:13:e1:7b:56:b3:68:6e:9a:d0:2e:b3:9b:ae:ef:b5:
         9c:72:6f:a6:cb:ae:ec:80:36:37:1a:79:e1:04:91:e6:3b:1c:
         da:40:21:b0:f3:3d:95:36:fe:42:13:b5:35:fc:19:07:67:bc:
         20:12:23:8f:6f:cf:5e:83:97:03:2c:b1:67:01:5e:2d:20:5b:
         7a:86:42:8e:6b:5e:5a:f7:30:d5:ed:aa:83:3b:40:87:d4:0c:
         30:59:4b:6a:43:23:53:ae:14:7b:99:1d:99:23:d8:77:6d:05:
         d5:22:15:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4c4+ENu29drynTRjokWL2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNTEyMTU1MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWYzZjhlMDFjN2RhYWNiOTVlZTNmNjI1NjYwNzNmN2JjZjlmZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MkqogbaodH479PLV9eDwlMT503w
Aiikk3i0H5Nby4GUYC2DhKgPbND7A56OpHLcQ+zoohuCHRKLXg0TecHHNARWAXW+
JSsRmzf5xEvy0XYNYRJj4aq0891hssyJ6u61Aa11gSTnUVQxLwyDrvqs/oBLP/3X
iWVRUC1NUzswNyCP6E92AmfYDtn6zkvYxk0Ne0Gwq2crkDTMeIoFwSFnOqeKiLYh
sreHVx3mI9mvK8RzHHvF8i03LQA8kpWukNfENr7IyVShTgYHEfxZ3Uw71HjdQxT/
C+UQEEh7DL4djDj7B2hG1GYvG1shRcPcjPXe1QHCQhn+OyqSkNyF/ffF3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFHz+OAcfarLle4/YlZgc/e8+f3UMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvVWZQNDRCeDlxc3VWN2o5aVZtQno5N3o1X2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWWoCAwQA
XuXVAwQAXuXeMA0GCSqGSIb3DQEBCwUAA4IBAQCDMnpy2ui4vo014ICndPcnF1k0
fHJExcA0BGC7dnFqFqUmjTxa6RthqkSrnoN7GYST3dbbq4bnHSF427xokDKDWApt
I65JHbgh9f/fKO/JbDK496SJXslcVc5oUTgipD8/v77xgH3vgUleVr1dyl6rOTBP
yze2XEYcR6MbtfFYakaS2BZOmVzhClik3BQTyVkpLD8T4XtWs2humtAus5uu77Wc
cm+my67sgDY3GnnhBJHmOxzaQCGw8z2VNv5CE7U1/BkHZ7wgEiOPb89eg5cDLLFn
AV4tIFt6hkKOa15a9zDV7aqDO0CH1AwwWUtqQyNTrhR7mR2ZI9h3bQXVIhXA
-----END CERTIFICATE-----