Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CALEuCfTLwII9aSjyJKuX7Gh7GQ.roa
File:                     CALEuCfTLwII9aSjyJKuX7Gh7GQ.roa (raw, json)
Hash identifier:          wd2Fj4WRLcC4CG3quExpbrFJXrCrd/6BztpQ6LBugxs=
Subject key identifier:   08:02:C4:B8:27:D3:2F:02:08:F5:A4:A3:C8:92:AE:5F:B1:A1:EC:64
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019E2C7AAB476E0E188A5689B1B93A039596
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CALEuCfTLwII9aSjyJKuX7Gh7GQ.roa
Signing time:             Fri 15 May 2026 16:31:36 +0000
ROA not before:           Fri 15 May 2026 16:31:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397630
IP address blocks:        89.106.26.0/24 maxlen: 24
                          103.102.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:7a:ab:47:6e:0e:18:8a:56:89:b1:b9:3a:03:95:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May 15 16:31:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0802c4b827d32f0208f5a4a3c892ae5fb1a1ec64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:82:29:d2:de:62:fa:0d:37:6b:12:f7:fd:5f:
                    d2:f7:8d:f8:25:90:37:0c:44:28:cd:0b:b4:eb:61:
                    4c:03:7b:36:c3:a0:4e:50:6a:82:3c:99:6d:3e:3c:
                    35:f3:9d:19:f7:f4:d0:0d:e9:ef:6d:ef:b7:1a:c7:
                    7a:2d:25:c7:72:fb:73:bf:31:a1:91:85:d3:10:53:
                    75:8f:9c:cb:5d:40:ea:c8:98:e7:13:d5:84:d2:9b:
                    21:fa:c8:42:4e:b1:ab:8e:48:df:33:22:4f:4a:40:
                    be:31:e1:8a:1a:3b:b0:90:23:15:a6:b9:ad:05:d1:
                    a4:9b:96:b4:0f:c9:b9:6c:93:32:61:87:31:15:7d:
                    3d:30:f8:bd:1d:68:66:94:87:8c:d8:fe:6f:d7:c5:
                    9e:bb:bb:4b:c3:33:a3:d5:f9:5d:d8:d4:56:45:55:
                    6a:57:95:ed:a5:03:8a:e5:91:6a:a3:41:72:75:00:
                    d3:04:93:df:f4:9c:8a:b7:a1:6e:fc:76:32:8e:e1:
                    eb:42:0e:57:24:d5:ab:52:ab:be:09:71:96:c4:11:
                    e9:20:c4:5d:ba:1b:5c:92:80:02:ba:d4:13:f5:dd:
                    c1:56:f7:57:c6:b8:ce:c1:42:73:83:0b:e9:03:3b:
                    6c:4f:54:4c:08:d5:6d:e0:d7:30:3e:04:a5:d7:79:
                    b4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:02:C4:B8:27:D3:2F:02:08:F5:A4:A3:C8:92:AE:5F:B1:A1:EC:64
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CALEuCfTLwII9aSjyJKuX7Gh7GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.26.0/24
                  103.102.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:eb:88:26:cf:b3:bb:e8:d0:be:6a:85:90:eb:2d:91:55:e6:
         30:a4:90:71:23:65:82:89:e6:73:64:d2:79:7d:2d:94:b0:f9:
         06:b5:2e:3c:ca:02:ff:1a:0b:8d:3d:20:23:0e:3e:5e:8e:48:
         24:87:50:51:49:43:44:58:66:92:d5:4a:5d:80:70:bf:d1:99:
         e3:e2:5a:b5:6b:c1:cd:19:3b:f2:1c:5c:97:50:f3:77:7e:ab:
         f9:62:0f:48:81:8a:fd:77:23:30:8e:9b:ed:8e:72:c8:05:9b:
         b0:3a:de:2e:3d:3e:6d:c8:d4:be:d5:06:b9:84:45:91:92:37:
         1c:3a:77:2d:e1:d8:17:f0:56:a5:ba:3e:08:d7:e0:49:1f:42:
         fc:75:76:07:fa:fd:bf:2d:46:2d:b6:05:3c:1c:27:b3:b6:dd:
         8d:59:08:3f:05:a0:85:0c:1e:d8:0d:9e:04:99:00:a1:80:4c:
         54:71:ca:68:1d:88:c5:46:83:ff:ce:4d:03:cc:11:34:c8:85:
         90:2b:27:e4:cf:b2:39:ef:f0:eb:34:ab:01:96:e1:19:a3:82:
         50:d4:de:80:7d:76:06:b2:f2:08:a7:10:1b:16:4e:79:50:da:
         c5:20:b0:d4:83:0d:56:17:ad:7e:a1:12:7d:8a:88:df:10:f6:
         a7:46:91:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4seqtHbg4YilaJsbk6A5WWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNTE1MTYzMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODAyYzRiODI3ZDMyZjAyMDhmNWE0YTNjODkyYWU1ZmIxYTFlYzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIIp0t5i+g03axL3/V/S9434JZA3
DEQozQu062FMA3s2w6BOUGqCPJltPjw1850Z9/TQDenvbe+3Gsd6LSXHcvtzvzGh
kYXTEFN1j5zLXUDqyJjnE9WE0psh+shCTrGrjkjfMyJPSkC+MeGKGjuwkCMVprmt
BdGkm5a0D8m5bJMyYYcxFX09MPi9HWhmlIeM2P5v18Weu7tLwzOj1fld2NRWRVVq
V5XtpQOK5ZFqo0FydQDTBJPf9JyKt6Fu/HYyjuHrQg5XJNWrUqu+CXGWxBHpIMRd
uhtckoACutQT9d3BVvdXxrjOwUJzgwvpAztsT1RMCNVt4NcwPgSl13m0gwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAgCxLgn0y8CCPWko8iSrl+xoexkMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQ0FMRXVDZlRMd0lJOWFTanlKS3VYN0doN0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWoaAwQA
Z2aEMA0GCSqGSIb3DQEBCwUAA4IBAQBd64gmz7O76NC+aoWQ6y2RVeYwpJBxI2WC
ieZzZNJ5fS2UsPkGtS48ygL/GguNPSAjDj5ejkgkh1BRSUNEWGaS1UpdgHC/0Znj
4lq1a8HNGTvyHFyXUPN3fqv5Yg9IgYr9dyMwjpvtjnLIBZuwOt4uPT5tyNS+1Qa5
hEWRkjccOnct4dgX8Faluj4I1+BJH0L8dXYH+v2/LUYttgU8HCeztt2NWQg/BaCF
DB7YDZ4EmQChgExUccpoHYjFRoP/zk0DzBE0yIWQKyfkz7I57/DrNKsBluEZo4JQ
1N6AfXYGsvIIpxAbFk55UNrFILDUgw1WF61+oRJ9iojfEPanRpEk
-----END CERTIFICATE-----