Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/cWl89VBsTBMoMPmQP6-TNFiQEzw.roa
File:                     cWl89VBsTBMoMPmQP6-TNFiQEzw.roa (raw, json)
Hash identifier:          u/e4A2gv/JdE7voWCbR2U7eWdjhLFAYpOfky3C8ID7w=
Subject key identifier:   71:69:7C:F5:50:6C:4C:13:28:30:F9:90:3F:AF:93:34:58:90:13:3C
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0199FD4284CAE92C3E35A20723BA544AC126
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/cWl89VBsTBMoMPmQP6-TNFiQEzw.roa
Signing time:             Sun 19 Oct 2025 16:16:59 +0000
ROA not before:           Sun 19 Oct 2025 16:16:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        77.111.108.0/24 maxlen: 24
                          85.208.11.0/24 maxlen: 24
                          94.229.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fd:42:84:ca:e9:2c:3e:35:a2:07:23:ba:54:4a:c1:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 19 16:16:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71697cf5506c4c132830f9903faf93345890133c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f1:4f:47:0b:c7:62:53:bc:54:5e:19:0d:b4:
                    cd:96:71:7c:16:b1:46:c8:4c:17:85:e2:e5:54:ad:
                    4c:67:b2:60:0f:1b:d6:ad:bf:ab:30:57:47:04:52:
                    24:8d:e6:40:2c:e1:a5:b7:99:78:01:d7:1c:1c:13:
                    bf:c5:30:c2:ad:20:96:c0:f6:8a:08:d3:a0:48:54:
                    65:e4:59:95:ed:ae:1c:2b:65:7c:63:19:b2:95:3f:
                    36:7a:56:66:6f:a8:d5:a1:a6:e3:82:ec:85:90:85:
                    fe:5d:63:3e:ab:11:1c:45:41:fb:96:fe:50:85:cc:
                    07:ef:23:79:e0:04:cd:ca:cb:b6:95:27:99:b5:fe:
                    47:f3:51:7f:31:39:4e:2c:ba:b6:0a:12:5d:94:9e:
                    b4:76:01:f5:b6:6d:8a:d5:29:c9:82:8b:dd:3f:c5:
                    0c:00:47:4f:e4:a8:27:2d:53:b8:72:39:ba:77:ee:
                    d3:e6:34:75:16:d5:79:eb:4b:38:bc:fb:82:21:96:
                    c0:a4:b8:2d:a6:52:04:98:b8:d7:5c:f8:03:aa:d6:
                    11:a8:53:87:de:b4:14:c6:b6:07:a8:bc:06:8e:41:
                    cb:9f:fc:19:48:f0:ac:58:32:e3:92:bc:ae:b0:fe:
                    f6:42:b5:3b:c8:91:fa:2f:28:c4:11:51:72:72:78:
                    76:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:69:7C:F5:50:6C:4C:13:28:30:F9:90:3F:AF:93:34:58:90:13:3C
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/cWl89VBsTBMoMPmQP6-TNFiQEzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.108.0/24
                  85.208.11.0/24
                  94.229.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:cf:a2:09:cc:ac:90:e4:8c:97:32:16:bd:03:2f:30:88:89:
         7a:96:90:48:ef:3b:31:a4:b7:8b:8e:f5:d9:dc:4d:88:6a:0e:
         28:73:b5:8b:93:4f:cf:db:63:f5:e4:08:18:dc:91:1f:ae:fb:
         a7:98:fd:7c:84:c9:35:dd:08:a1:eb:c1:69:1c:88:d5:43:3f:
         8e:98:0b:89:4e:bd:57:d6:d9:80:9e:ab:5e:ce:cf:57:d4:47:
         37:5b:f6:cd:a0:91:f2:6d:79:36:7b:e8:41:4e:ab:b0:f5:b1:
         5e:4e:71:db:4c:d4:8d:cb:fe:9a:66:eb:89:4d:e4:27:62:6e:
         05:28:c2:87:1a:51:40:7f:10:35:41:fe:c1:e6:71:88:d9:40:
         b4:32:3f:e5:96:a1:7b:a6:2e:b4:57:87:b6:2e:d7:06:71:7c:
         98:ae:5c:ee:44:26:88:4d:69:c1:7b:45:f2:72:9e:7d:e4:24:
         d4:b9:fe:c6:fa:02:73:c5:8f:ea:bf:f7:25:e9:f8:00:6a:37:
         f6:2c:38:6a:b0:32:72:d2:57:7f:72:b0:6d:df:1c:92:4a:96:
         c5:f2:91:27:c7:6e:6d:66:f1:dd:20:5f:d6:03:ed:51:23:3e:
         d3:37:8d:e0:e2:3a:66:06:29:01:14:78:86:af:cd:37:a5:cf:
         30:32:32:c8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZn9QoTK6Sw+NaIHI7pUSsEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUxMDE5MTYxNjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTY5N2NmNTUwNmM0YzEzMjgzMGY5OTAzZmFmOTMzNDU4OTAxMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvFPRwvHYlO8VF4ZDbTNlnF8FrFG
yEwXheLlVK1MZ7JgDxvWrb+rMFdHBFIkjeZALOGlt5l4AdccHBO/xTDCrSCWwPaK
CNOgSFRl5FmV7a4cK2V8YxmylT82elZmb6jVoabjguyFkIX+XWM+qxEcRUH7lv5Q
hcwH7yN54ATNysu2lSeZtf5H81F/MTlOLLq2ChJdlJ60dgH1tm2K1SnJgovdP8UM
AEdP5KgnLVO4cjm6d+7T5jR1FtV560s4vPuCIZbApLgtplIEmLjXXPgDqtYRqFOH
3rQUxrYHqLwGjkHLn/wZSPCsWDLjkryusP72QrU7yJH6LyjEEVFycnh2FQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHFpfPVQbEwTKDD5kD+vkzRYkBM8MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvY1dsODlWQnNUQk1vTVBtUVA2LVRORmlRRXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATW9sAwQA
VdALAwQAXuXRMA0GCSqGSIb3DQEBCwUAA4IBAQCez6IJzKyQ5IyXMha9Ay8wiIl6
lpBI7zsxpLeLjvXZ3E2Iag4oc7WLk0/P22P15AgY3JEfrvunmP18hMk13Qih68Fp
HIjVQz+OmAuJTr1X1tmAnqtezs9X1Ec3W/bNoJHybXk2e+hBTquw9bFeTnHbTNSN
y/6aZuuJTeQnYm4FKMKHGlFAfxA1Qf7B5nGI2UC0Mj/llqF7pi60V4e2LtcGcXyY
rlzuRCaITWnBe0Xycp595CTUuf7G+gJzxY/qv/cl6fgAajf2LDhqsDJy0ld/crBt
3xySSpbF8pEnx25tZvHdIF/WA+1RIz7TN43g4jpmBikBFHiGr803pc8wMjLI
-----END CERTIFICATE-----