Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/amWp91mjERR-06YfLLrK3Ifs9vg.roa
File:                     amWp91mjERR-06YfLLrK3Ifs9vg.roa (raw, json)
Hash identifier:          b7ofVauUg52HF8+caFKcoONl2wHqjLUTAhUUBUA7bb8=
Subject key identifier:   6A:65:A9:F7:59:A3:11:14:7E:D3:A6:1F:2C:BA:CA:DC:87:EC:F6:F8
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01993EF2FD21A9AA9315BDEDD0BF36638349
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/amWp91mjERR-06YfLLrK3Ifs9vg.roa
Signing time:             Fri 12 Sep 2025 17:22:15 +0000
ROA not before:           Fri 12 Sep 2025 17:22:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        89.106.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3e:f2:fd:21:a9:aa:93:15:bd:ed:d0:bf:36:63:83:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Sep 12 17:22:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a65a9f759a311147ed3a61f2cbacadc87ecf6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bb:64:21:07:b5:98:62:0e:02:6a:ce:a7:6c:
                    ec:de:0c:1e:48:96:e2:88:78:74:45:25:ff:49:3c:
                    99:1a:9a:77:c0:4d:de:a0:b0:ae:6d:ff:4f:4b:b4:
                    5b:41:9a:24:ca:82:3f:5c:d0:dd:05:d9:1e:3c:6e:
                    d5:98:22:e6:ab:f2:4c:a7:38:fb:7d:d8:99:aa:f6:
                    80:a6:dc:7d:aa:26:14:cd:c6:13:dd:f6:a2:d5:43:
                    09:d5:82:11:44:ba:48:28:15:86:d4:60:40:1b:df:
                    e5:21:55:d0:b3:3e:51:8f:23:fa:67:8b:1e:1f:72:
                    32:7e:43:34:a8:69:14:e6:25:0d:2e:ba:7e:92:71:
                    7c:a6:ee:b9:ce:7c:f8:1b:69:e8:b2:17:b6:d7:83:
                    b8:fa:76:4a:c1:1f:8d:cc:51:04:08:c4:3d:aa:74:
                    0a:10:33:16:e4:47:26:71:8f:4e:da:84:16:59:99:
                    4c:14:62:78:9b:2a:70:0f:1d:68:ff:72:0c:b2:da:
                    99:78:7e:5c:47:44:8c:06:f6:a8:bb:4a:73:24:b8:
                    47:dd:5f:3b:60:8b:f5:b4:ea:6f:c7:ac:27:76:ae:
                    14:62:86:b7:f1:cc:df:7e:03:0c:06:e3:c2:83:ca:
                    49:33:c4:c6:87:3f:e5:b6:a0:dc:ac:e7:49:69:57:
                    aa:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:65:A9:F7:59:A3:11:14:7E:D3:A6:1F:2C:BA:CA:DC:87:EC:F6:F8
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/amWp91mjERR-06YfLLrK3Ifs9vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:97:8a:3e:13:9c:de:eb:d6:a6:aa:be:ea:66:fd:e0:75:17:
         49:7c:47:73:11:2d:84:24:10:47:af:d7:00:7a:3c:44:d9:9e:
         76:d9:97:56:14:ad:df:13:e6:b0:b6:d7:ed:39:68:ff:cf:cf:
         7e:f8:0a:7e:81:45:bb:52:c0:cd:e5:3f:f8:e8:5f:8c:4c:cb:
         ee:2f:92:80:90:a8:5a:a9:12:9b:4a:21:68:33:a1:06:54:a1:
         cc:a3:55:67:52:d2:80:c5:47:2b:0d:12:98:ab:fd:c6:9f:97:
         05:93:82:d7:74:40:fc:99:54:ca:80:49:0a:ae:f6:9d:56:7e:
         6f:bf:c7:ae:be:e8:81:07:54:45:3c:8e:2a:04:20:b7:5a:7f:
         01:e0:a3:20:19:2e:29:9d:7b:d5:62:c5:65:c6:c6:ef:a8:4f:
         e3:a3:cf:28:92:3f:99:5c:d0:94:3d:41:a6:36:2c:f2:0d:c0:
         9f:13:b8:c5:9d:44:2a:25:ce:3f:c0:e5:f9:48:d4:27:77:fd:
         59:40:b7:65:3e:63:56:14:c9:6c:0c:26:0d:92:55:d6:1a:de:
         92:79:e6:96:94:0f:32:5e:8a:d3:10:0c:bb:ac:45:6a:c1:d7:
         61:1d:02:01:f2:49:b7:92:be:79:df:42:7d:63:3e:ac:1e:49:
         f4:68:c3:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk+8v0hqaqTFb3t0L82Y4NJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwOTEyMTcyMjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTY1YTlmNzU5YTMxMTE0N2VkM2E2MWYyY2JhY2FkYzg3ZWNmNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLtkIQe1mGIOAmrOp2zs3gweSJbi
iHh0RSX/STyZGpp3wE3eoLCubf9PS7RbQZokyoI/XNDdBdkePG7VmCLmq/JMpzj7
fdiZqvaAptx9qiYUzcYT3fai1UMJ1YIRRLpIKBWG1GBAG9/lIVXQsz5RjyP6Z4se
H3IyfkM0qGkU5iUNLrp+knF8pu65znz4G2noshe214O4+nZKwR+NzFEECMQ9qnQK
EDMW5EcmcY9O2oQWWZlMFGJ4mypwDx1o/3IMstqZeH5cR0SMBvaou0pzJLhH3V87
YIv1tOpvx6wndq4UYoa38czffgMMBuPCg8pJM8TGhz/ltqDcrOdJaVeqJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGplqfdZoxEUftOmHyy6ytyH7Pb4MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvYW1XcDkxbWpFUlItMDZZZkxMckszSWZzOXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoOMA0G
CSqGSIb3DQEBCwUAA4IBAQBCl4o+E5ze69amqr7qZv3gdRdJfEdzES2EJBBHr9cA
ejxE2Z522ZdWFK3fE+awttftOWj/z89++Ap+gUW7UsDN5T/46F+MTMvuL5KAkKha
qRKbSiFoM6EGVKHMo1VnUtKAxUcrDRKYq/3Gn5cFk4LXdED8mVTKgEkKrvadVn5v
v8euvuiBB1RFPI4qBCC3Wn8B4KMgGS4pnXvVYsVlxsbvqE/jo88okj+ZXNCUPUGm
NizyDcCfE7jFnUQqJc4/wOX5SNQnd/1ZQLdlPmNWFMlsDCYNklXWGt6SeeaWlA8y
XorTEAy7rEVqwddhHQIB8km3kr5530J9Yz6sHkn0aMP/
-----END CERTIFICATE-----