Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/OYWwQOAa9gWCt9hOdWNPXw0Ytcg.roa
File:                     OYWwQOAa9gWCt9hOdWNPXw0Ytcg.roa (raw, json)
Hash identifier:          NUC9EunKbKBkMUpfgEc/MUFlDwJp4chcsjEABuYMf1c=
Subject key identifier:   39:85:B0:40:E0:1A:F6:05:82:B7:D8:4E:75:63:4F:5F:0D:18:B5:C8
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019A02D23AD5192B495A63E6BEEE44F1F523
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/OYWwQOAa9gWCt9hOdWNPXw0Ytcg.roa
Signing time:             Mon 20 Oct 2025 18:12:03 +0000
ROA not before:           Mon 20 Oct 2025 18:12:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        94.229.212.0/24 maxlen: 24
                          103.41.46.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:02:d2:3a:d5:19:2b:49:5a:63:e6:be:ee:44:f1:f5:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 20 18:12:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3985b040e01af60582b7d84e75634f5f0d18b5c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ea:14:11:97:4a:5a:12:3e:d4:59:fb:1e:a9:
                    ac:3d:7d:51:f8:7f:45:fd:fb:a4:ec:39:b8:38:e1:
                    60:cf:2b:9c:ea:ae:ff:d0:17:d9:02:cc:97:63:ed:
                    73:e1:ea:20:24:52:c2:dd:33:40:e4:80:d4:2b:78:
                    69:f3:b1:82:ef:9b:8e:c8:b2:f8:2b:e0:11:5f:61:
                    6e:4b:c6:d2:97:70:9d:cc:22:8d:fa:5e:ed:fd:ac:
                    22:dd:8e:a5:eb:f9:ed:95:ea:b5:57:4e:3b:c2:e8:
                    b1:53:2f:99:c6:9b:1c:d7:52:7c:3c:e6:68:43:5e:
                    63:33:df:52:4b:4f:f1:77:bc:52:95:ef:37:2b:a9:
                    97:eb:d6:3e:63:bc:08:0b:78:69:7f:6a:a9:9a:80:
                    d0:1d:46:b1:ee:fc:38:44:95:3a:97:ad:81:bb:7a:
                    b5:e9:d6:0c:92:9a:78:42:d4:d8:32:bf:2b:ae:7a:
                    11:fb:39:ab:96:f5:68:91:ef:87:87:fe:6e:23:aa:
                    6a:ae:fc:68:68:30:28:34:c5:f4:64:3b:49:55:2b:
                    80:36:09:ba:62:42:8d:6e:d2:31:5a:eb:86:d2:c4:
                    72:55:c9:d5:fe:41:d1:b4:c8:1d:96:62:7c:49:45:
                    50:2a:ae:d9:dd:c4:ad:ac:c6:e8:14:01:bf:01:96:
                    cc:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:85:B0:40:E0:1A:F6:05:82:B7:D8:4E:75:63:4F:5F:0D:18:B5:C8
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/OYWwQOAa9gWCt9hOdWNPXw0Ytcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.212.0/24
                  103.41.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         de:99:b7:fd:08:65:c7:97:47:6b:fb:2b:ef:ba:e6:e1:8f:d1:
         a9:66:d7:a8:f8:e8:e7:2e:b4:53:01:77:86:21:7e:c6:e6:d0:
         30:d0:9d:74:4d:7a:6f:61:36:98:81:e7:17:2d:5a:22:28:65:
         69:a7:af:49:f8:12:5b:37:15:73:62:04:e1:45:aa:7a:d2:59:
         be:ac:6d:0e:ff:c0:a7:12:cc:05:cb:8b:29:32:54:b1:85:27:
         8a:cd:2e:3c:40:72:9e:ea:17:0c:cc:2d:55:8f:01:5f:6b:da:
         b1:f3:a0:e7:e9:5e:13:80:13:a4:2d:ee:96:72:71:73:8c:19:
         bc:d2:75:07:28:a2:2c:72:00:13:db:92:ed:1d:16:4c:ef:32:
         96:18:ba:81:35:04:4f:f3:f6:ea:9d:5e:29:88:4c:97:7c:72:
         58:57:1d:41:cd:b0:bb:d5:7c:0e:10:36:da:da:39:5b:37:2e:
         a2:d8:ac:e4:e6:b7:9a:93:6b:cc:0a:5f:7c:13:27:a4:b0:42:
         c7:0c:1a:74:f6:88:df:38:ee:43:3b:0d:9d:24:fd:26:2d:48:
         c7:de:7d:a3:61:68:bc:0a:75:95:51:b9:e0:5f:eb:6a:c0:19:
         b9:ac:05:50:a4:56:8d:6f:22:66:36:83:41:c1:4e:0d:54:98:
         64:13:20:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoC0jrVGStJWmPmvu5E8fUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUxMDIwMTgxMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTg1YjA0MGUwMWFmNjA1ODJiN2Q4NGU3NTYzNGY1ZjBkMThiNWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruoUEZdKWhI+1Fn7HqmsPX1R+H9F
/fuk7Dm4OOFgzyuc6q7/0BfZAsyXY+1z4eogJFLC3TNA5IDUK3hp87GC75uOyLL4
K+ARX2FuS8bSl3CdzCKN+l7t/awi3Y6l6/ntleq1V047wuixUy+Zxpsc11J8POZo
Q15jM99SS0/xd7xSle83K6mX69Y+Y7wIC3hpf2qpmoDQHUax7vw4RJU6l62Bu3q1
6dYMkpp4QtTYMr8rrnoR+zmrlvVoke+Hh/5uI6pqrvxoaDAoNMX0ZDtJVSuANgm6
YkKNbtIxWuuG0sRyVcnV/kHRtMgdlmJ8SUVQKq7Z3cStrMboFAG/AZbMkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDmFsEDgGvYFgrfYTnVjT18NGLXIMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvT1lXd1FPQWE5Z1dDdDloT2RXTlBYdzBZdGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXuXUAwQB
ZykuMA0GCSqGSIb3DQEBCwUAA4IBAQDembf9CGXHl0dr+yvvuubhj9GpZteo+Ojn
LrRTAXeGIX7G5tAw0J10TXpvYTaYgecXLVoiKGVpp69J+BJbNxVzYgThRap60lm+
rG0O/8CnEswFy4spMlSxhSeKzS48QHKe6hcMzC1VjwFfa9qx86Dn6V4TgBOkLe6W
cnFzjBm80nUHKKIscgAT25LtHRZM7zKWGLqBNQRP8/bqnV4piEyXfHJYVx1BzbC7
1XwOEDba2jlbNy6i2Kzk5reak2vMCl98EyeksELHDBp09ojfOO5DOw2dJP0mLUjH
3n2jYWi8CnWVUbngX+tqwBm5rAVQpFaNbyJmNoNBwU4NVJhkEyAZ
-----END CERTIFICATE-----