Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/jLxBob7aKY5K1orRaAbGgm6gMyQ.roa
File:                     jLxBob7aKY5K1orRaAbGgm6gMyQ.roa (raw, json)
Hash identifier:          ukoK53Cskv2Gxb2dHLmM7E6j2pBElUu7CLCtOM3ynyw=
Subject key identifier:   8C:BC:41:A1:BE:DA:29:8E:4A:D6:8A:D1:68:06:C6:82:6E:A0:33:24
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0199DE510FCFEDE22300AE1FAF8B53A52022
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/jLxBob7aKY5K1orRaAbGgm6gMyQ.roa
Signing time:             Mon 13 Oct 2025 16:04:38 +0000
ROA not before:           Mon 13 Oct 2025 16:04:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        89.106.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:de:51:0f:cf:ed:e2:23:00:ae:1f:af:8b:53:a5:20:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 13 16:04:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cbc41a1beda298e4ad68ad16806c6826ea03324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1e:de:e7:c9:fb:f9:3f:32:15:dc:c6:d5:6d:
                    de:3a:34:a8:ca:2a:ce:54:f5:f6:89:f9:fa:dc:a0:
                    af:bf:c0:9a:4b:ae:ed:49:66:08:e8:7f:79:6c:28:
                    17:01:a6:88:a2:a5:0b:a7:53:09:15:cc:43:20:ef:
                    8b:8d:23:d4:38:6c:53:dc:e6:88:af:ec:bc:34:ee:
                    85:8f:bd:ce:ee:c1:e3:f3:9b:32:b8:70:ef:d2:38:
                    cf:44:a9:a0:3d:0d:32:55:53:22:15:50:75:4e:9b:
                    84:00:bc:06:1a:46:b4:8b:5e:b2:0d:1c:03:d6:0f:
                    7f:aa:c1:fb:7a:4f:04:f7:79:e4:7b:bd:53:1e:6e:
                    6b:c4:27:86:6d:b9:5b:ee:48:e1:b0:fb:44:60:24:
                    cc:b0:37:47:40:72:d3:fc:b9:6f:dc:fe:3d:a8:17:
                    f3:78:a1:48:02:5e:66:b7:ce:aa:70:05:09:4a:52:
                    db:27:a9:ea:af:c8:49:12:c6:77:36:3b:ec:aa:60:
                    a2:33:24:37:c5:b7:8a:1d:9c:2d:44:bf:10:fd:60:
                    61:40:33:07:8a:b1:be:0e:01:d2:fe:ec:b3:44:48:
                    42:17:5b:8f:ec:84:de:84:7a:91:90:79:dc:f5:3d:
                    ac:1b:ac:f3:a5:7d:5d:24:02:13:76:54:e7:08:07:
                    65:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:BC:41:A1:BE:DA:29:8E:4A:D6:8A:D1:68:06:C6:82:6E:A0:33:24
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/jLxBob7aKY5K1orRaAbGgm6gMyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:d8:cc:a2:eb:ab:f0:06:e1:11:f7:ce:5f:90:46:36:66:fb:
         0a:f9:a1:65:87:f6:0d:94:22:de:d3:4d:35:bc:3b:39:f8:f3:
         d6:ab:90:5c:54:ad:2a:16:55:e3:87:49:17:7b:26:c9:32:a3:
         cf:c4:f6:ea:1e:62:41:de:b8:2a:ca:10:68:db:de:a9:60:32:
         71:e2:4a:e5:5e:98:38:6b:ce:0e:8a:8f:f0:41:68:70:1a:51:
         bd:5c:13:e6:f9:6f:c2:55:b8:22:3d:93:fd:cf:48:f6:b0:1f:
         8d:5d:fb:dd:66:67:61:af:ad:51:59:fc:84:33:5c:37:e9:f5:
         6c:81:e7:78:22:ec:74:a5:e7:87:71:fe:70:b7:a6:b9:d4:24:
         dc:b5:ed:60:20:c0:a8:c5:cf:f3:8c:c1:b9:6e:fd:72:ea:01:
         07:69:a8:11:9a:8a:88:74:5e:c7:31:07:f1:38:85:0f:c5:ae:
         e0:0d:c8:92:c2:e0:50:9c:07:c8:de:10:d7:30:1b:59:df:d5:
         17:01:76:e0:e1:09:7f:1f:96:0e:a1:12:47:87:ab:79:1a:d9:
         6d:53:fa:f6:2b:fe:67:b6:ab:9c:f6:69:95:f5:8e:b1:e3:ec:
         ab:be:ea:2b:5a:a3:bd:ce:13:59:c9:d5:0b:c5:3f:99:6f:9f:
         78:f9:9b:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZneUQ/P7eIjAK4fr4tTpSAiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUxMDEzMTYwNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2JjNDFhMWJlZGEyOThlNGFkNjhhZDE2ODA2YzY4MjZlYTAzMzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsx7e58n7+T8yFdzG1W3eOjSoyirO
VPX2ifn63KCvv8CaS67tSWYI6H95bCgXAaaIoqULp1MJFcxDIO+LjSPUOGxT3OaI
r+y8NO6Fj73O7sHj85syuHDv0jjPRKmgPQ0yVVMiFVB1TpuEALwGGka0i16yDRwD
1g9/qsH7ek8E93nke71THm5rxCeGbblb7kjhsPtEYCTMsDdHQHLT/Llv3P49qBfz
eKFIAl5mt86qcAUJSlLbJ6nqr8hJEsZ3NjvsqmCiMyQ3xbeKHZwtRL8Q/WBhQDMH
irG+DgHS/uyzREhCF1uP7ITehHqRkHnc9T2sG6zzpX1dJAITdlTnCAdl4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIy8QaG+2imOStaK0WgGxoJuoDMkMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvakx4Qm9iN2FLWTVLMW9yUmFBYkdnbTZnTXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoOMA0G
CSqGSIb3DQEBCwUAA4IBAQAA2Myi66vwBuER985fkEY2ZvsK+aFlh/YNlCLe0001
vDs5+PPWq5BcVK0qFlXjh0kXeybJMqPPxPbqHmJB3rgqyhBo296pYDJx4krlXpg4
a84Oio/wQWhwGlG9XBPm+W/CVbgiPZP9z0j2sB+NXfvdZmdhr61RWfyEM1w36fVs
ged4Iux0peeHcf5wt6a51CTcte1gIMCoxc/zjMG5bv1y6gEHaagRmoqIdF7HMQfx
OIUPxa7gDciSwuBQnAfI3hDXMBtZ39UXAXbg4Ql/H5YOoRJHh6t5GtltU/r2K/5n
tquc9mmV9Y6x4+yrvuorWqO9zhNZydULxT+Zb594+ZsC
-----END CERTIFICATE-----