Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/FvVmAA336lp3eaebPDkxSm1qZbk.roa
File:                     FvVmAA336lp3eaebPDkxSm1qZbk.roa (raw, json)
Hash identifier:          8RTMEL7UkepL58v2LI7wlRsS5R89uRWExlRjFv0Tb8Q=
Subject key identifier:   16:F5:66:00:0D:F7:EA:5A:77:79:A7:9B:3C:39:31:4A:6D:6A:65:B9
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0197F51AE1DDEAA128C44E4192AE468D5C44
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/FvVmAA336lp3eaebPDkxSm1qZbk.roa
Signing time:             Thu 10 Jul 2025 16:11:09 +0000
ROA not before:           Thu 10 Jul 2025 16:11:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        94.229.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 18:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:1a:e1:dd:ea:a1:28:c4:4e:41:92:ae:46:8d:5c:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jul 10 16:11:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16f566000df7ea5a7779a79b3c39314a6d6a65b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bf:a9:d7:80:4f:4d:8c:f6:38:5c:45:d0:0d:
                    90:98:15:44:d1:a7:dd:d4:fc:ce:28:6d:24:04:ad:
                    3f:2a:e6:a0:32:a6:e7:d3:51:88:99:29:9c:ec:9f:
                    e4:12:52:c6:25:68:a1:d4:9c:9e:44:64:8c:81:f9:
                    3e:6d:5c:51:38:f4:38:82:2d:f7:e6:3d:39:b4:19:
                    a2:be:88:59:bf:26:6e:0d:c0:5e:e7:83:ef:a3:81:
                    40:b5:af:13:54:e7:8a:a8:03:b4:b4:ee:47:07:9f:
                    5f:62:88:d0:b2:30:74:9d:fd:df:eb:fc:3d:06:dc:
                    65:31:65:d2:17:f2:4b:bf:8a:6d:8c:27:b5:8e:30:
                    5d:9c:05:64:a1:77:cf:2f:e4:c4:7b:de:f0:18:79:
                    9e:75:bb:77:4c:c7:70:08:fb:03:eb:13:61:98:65:
                    0b:aa:2e:c4:1b:19:48:98:bb:b4:d3:56:b1:52:49:
                    3a:84:ee:f9:d2:1e:84:ee:db:4a:c1:73:b0:8a:6c:
                    14:c8:63:f5:3c:27:4d:7d:9b:14:0c:68:37:79:c0:
                    83:ce:c2:8d:c2:8c:a9:5d:79:59:e4:a6:a6:f8:73:
                    02:51:78:b7:6e:d1:d5:99:97:16:15:aa:7b:76:ae:
                    9d:d5:ca:08:19:fe:0f:92:e4:fb:62:a5:7b:cf:1e:
                    57:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F5:66:00:0D:F7:EA:5A:77:79:A7:9B:3C:39:31:4A:6D:6A:65:B9
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/FvVmAA336lp3eaebPDkxSm1qZbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:28:70:cb:72:21:8b:96:b3:96:b9:17:ff:9a:98:1a:d1:a5:
         70:c1:4a:5e:7f:91:e8:03:93:a0:96:d2:c3:5d:64:3a:99:86:
         bc:c2:6b:f9:60:e9:2c:09:11:9e:3e:97:30:c4:7c:28:5e:a4:
         6e:ba:e4:ae:78:25:32:79:6f:19:c4:38:30:61:be:3b:21:a0:
         88:c8:9e:7f:13:ac:e1:5a:65:c7:52:0e:31:44:41:29:75:4c:
         f1:c1:f5:ed:41:e2:53:86:15:00:9d:51:f4:b7:3d:98:84:cc:
         7c:f2:d2:c5:eb:dd:7e:6a:85:8a:ca:92:ea:fd:9c:77:e4:0c:
         7b:4e:7b:f5:e9:46:63:0f:73:66:9b:bc:69:13:d9:c3:41:b8:
         cf:52:db:90:92:9c:5a:82:71:95:b1:5e:90:45:d6:28:b3:94:
         33:77:08:53:60:38:5a:57:2f:b2:b3:91:00:6b:d6:5e:14:b8:
         16:a5:35:0c:14:b7:d0:1d:e4:fc:8d:00:95:24:94:35:a4:7d:
         52:f3:9c:19:5e:84:24:ef:5c:96:d7:80:22:f3:3f:75:bc:3a:
         7c:86:d7:f2:1a:89:72:38:08:22:a2:5c:98:9a:ba:50:a5:2e:
         c5:71:35:07:2d:b3:cf:47:c8:78:88:85:a7:79:14:b8:63:98:
         96:06:97:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf1GuHd6qEoxE5Bkq5GjVxEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNzEwMTYxMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmY1NjYwMDBkZjdlYTVhNzc3OWE3OWIzYzM5MzE0YTZkNmE2NWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArb+p14BPTYz2OFxF0A2QmBVE0afd
1PzOKG0kBK0/KuagMqbn01GImSmc7J/kElLGJWih1JyeRGSMgfk+bVxROPQ4gi33
5j05tBmivohZvyZuDcBe54Pvo4FAta8TVOeKqAO0tO5HB59fYojQsjB0nf3f6/w9
BtxlMWXSF/JLv4ptjCe1jjBdnAVkoXfPL+TEe97wGHmedbt3TMdwCPsD6xNhmGUL
qi7EGxlImLu001axUkk6hO750h6E7ttKwXOwimwUyGP1PCdNfZsUDGg3ecCDzsKN
woypXXlZ5Kam+HMCUXi3btHVmZcWFap7dq6d1coIGf4PkuT7YqV7zx5XcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBb1ZgAN9+pad3mnmzw5MUptamW5MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvRnZWbUFBMzM2bHAzZWFlYlBEa3hTbTFxWmJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuXfMA0G
CSqGSIb3DQEBCwUAA4IBAQAzKHDLciGLlrOWuRf/mpga0aVwwUpef5HoA5OgltLD
XWQ6mYa8wmv5YOksCRGePpcwxHwoXqRuuuSueCUyeW8ZxDgwYb47IaCIyJ5/E6zh
WmXHUg4xREEpdUzxwfXtQeJThhUAnVH0tz2YhMx88tLF691+aoWKypLq/Zx35Ax7
Tnv16UZjD3Nmm7xpE9nDQbjPUtuQkpxagnGVsV6QRdYos5QzdwhTYDhaVy+ys5EA
a9ZeFLgWpTUMFLfQHeT8jQCVJJQ1pH1S85wZXoQk71yW14Ai8z91vDp8htfyGoly
OAgiolyYmrpQpS7FcTUHLbPPR8h4iIWneRS4Y5iWBpdF
-----END CERTIFICATE-----