Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/rcJP7teJMgPuwGqvCNVrg4PmtKA.roa
File:                     rcJP7teJMgPuwGqvCNVrg4PmtKA.roa (raw, json)
Hash identifier:          lCx2s6FvHnz24rk2v7T/NWtdaT2rGdyqN0ij/1tXZZA=
Subject key identifier:   AD:C2:4F:EE:D7:89:32:03:EE:C0:6A:AF:08:D5:6B:83:83:E6:B4:A0
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0198538115CCF6E6C6371B04CE325727CB57
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/rcJP7teJMgPuwGqvCNVrg4PmtKA.roa
Signing time:             Tue 29 Jul 2025 00:07:05 +0000
ROA not before:           Tue 29 Jul 2025 00:07:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29798
IP address blocks:        89.106.27.0/24 maxlen: 24
                          103.47.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 18:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:53:81:15:cc:f6:e6:c6:37:1b:04:ce:32:57:27:cb:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jul 29 00:07:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=adc24feed7893203eec06aaf08d56b8383e6b4a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:86:12:d6:81:25:88:20:76:9a:be:1a:3b:6f:
                    5a:13:72:52:77:e9:8b:1d:e0:5d:25:58:fa:aa:8d:
                    b3:d1:cb:4b:ff:e1:a3:f2:85:80:08:53:9d:6e:06:
                    47:04:8b:92:a5:11:b5:f0:6e:25:90:5b:d1:5b:c9:
                    55:31:38:53:e4:33:5f:a0:1e:32:1e:2a:4c:02:d1:
                    81:1d:a2:df:48:2c:da:27:b9:1d:37:d2:5f:d8:bf:
                    17:f2:47:c4:a0:71:79:79:53:61:a6:90:a7:ed:35:
                    59:9f:fd:9a:26:ba:6f:f3:93:8b:22:15:10:c3:fc:
                    a1:ce:1c:b8:6e:24:01:2a:f8:45:58:3a:a8:d1:53:
                    b3:55:67:14:63:c7:60:80:70:04:82:ff:ea:69:72:
                    30:a5:93:9a:2d:17:89:aa:49:21:88:7a:0d:28:48:
                    fe:ce:1b:2e:ee:87:b5:00:bc:92:58:0b:0a:27:88:
                    4e:d4:bc:37:4b:0a:a6:6f:ca:71:f7:9f:16:b2:5d:
                    51:7d:5b:eb:ed:45:15:96:e3:4e:9b:4b:ff:ea:f8:
                    61:ab:ee:e9:b1:f7:bb:67:be:d7:8f:ce:46:82:d5:
                    e4:88:94:d9:03:42:f9:4d:44:76:1b:f1:d0:9e:c9:
                    5a:cf:4f:95:74:42:a8:b3:df:60:57:18:40:ab:68:
                    19:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:C2:4F:EE:D7:89:32:03:EE:C0:6A:AF:08:D5:6B:83:83:E6:B4:A0
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/rcJP7teJMgPuwGqvCNVrg4PmtKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.27.0/24
                  103.47.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:a8:47:ec:56:42:3a:0a:25:f4:a4:e3:82:e2:d0:b3:d8:a8:
         4e:f6:6e:58:57:5a:1d:8e:6a:95:cc:5d:b5:cd:7e:49:d4:84:
         71:f9:06:10:c2:0b:3e:21:1d:f1:a3:c9:d6:eb:21:71:c6:e9:
         30:7d:16:fe:8e:fe:81:20:74:47:e8:65:76:83:1f:81:23:a9:
         a8:cc:04:e3:99:8b:81:81:60:d6:58:26:84:2f:8d:dd:f7:f4:
         45:c0:dc:9b:21:27:1a:44:0c:92:dd:42:cb:9c:70:6f:d8:5f:
         c1:56:5c:07:6c:85:b1:a5:36:27:ea:8d:e5:a3:63:e7:ee:84:
         8c:b9:b1:ab:bc:77:d6:ff:72:f6:eb:88:80:13:00:d3:2e:b9:
         08:dc:28:1b:b0:18:0c:23:a5:fa:95:71:37:a4:89:7e:94:68:
         f8:b7:56:6c:25:3a:f7:c1:0c:72:24:f8:f5:ae:6b:a9:38:06:
         5e:b4:14:0b:01:25:1c:5f:98:bd:6a:08:b5:61:41:eb:a1:f3:
         0a:ab:b8:7d:3d:d8:da:d0:d3:3e:95:ab:8c:2d:9d:36:d6:72:
         ce:60:7f:97:a6:63:15:df:1c:7b:90:17:fe:7f:dc:e0:c6:ea:
         a7:36:2d:39:04:14:26:97:da:37:d9:0c:93:04:66:58:43:af:
         df:83:c3:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhTgRXM9ubGNxsEzjJXJ8tXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNzI5MDAwNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGMyNGZlZWQ3ODkzMjAzZWVjMDZhYWYwOGQ1NmI4MzgzZTZiNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIYS1oEliCB2mr4aO29aE3JSd+mL
HeBdJVj6qo2z0ctL/+Gj8oWACFOdbgZHBIuSpRG18G4lkFvRW8lVMThT5DNfoB4y
HipMAtGBHaLfSCzaJ7kdN9Jf2L8X8kfEoHF5eVNhppCn7TVZn/2aJrpv85OLIhUQ
w/yhzhy4biQBKvhFWDqo0VOzVWcUY8dggHAEgv/qaXIwpZOaLReJqkkhiHoNKEj+
zhsu7oe1ALySWAsKJ4hO1Lw3Swqmb8px958Wsl1RfVvr7UUVluNOm0v/6vhhq+7p
sfe7Z77Xj85GgtXkiJTZA0L5TUR2G/HQnslaz0+VdEKos99gVxhAq2gZMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK3CT+7XiTID7sBqrwjVa4OD5rSgMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvcmNKUDd0ZUpNZ1B1d0dxdkNOVnJnNFBtdEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWobAwQA
Zy84MA0GCSqGSIb3DQEBCwUAA4IBAQC6qEfsVkI6CiX0pOOC4tCz2KhO9m5YV1od
jmqVzF21zX5J1IRx+QYQwgs+IR3xo8nW6yFxxukwfRb+jv6BIHRH6GV2gx+BI6mo
zATjmYuBgWDWWCaEL43d9/RFwNybIScaRAyS3ULLnHBv2F/BVlwHbIWxpTYn6o3l
o2Pn7oSMubGrvHfW/3L264iAEwDTLrkI3CgbsBgMI6X6lXE3pIl+lGj4t1ZsJTr3
wQxyJPj1rmupOAZetBQLASUcX5i9agi1YUHrofMKq7h9Pdja0NM+lauMLZ021nLO
YH+XpmMV3xx7kBf+f9zgxuqnNi05BBQml9o32QyTBGZYQ6/fg8MR
-----END CERTIFICATE-----