Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/own7iqR6wOpMygE3hTy0Ap8-49I.roa
File:                     own7iqR6wOpMygE3hTy0Ap8-49I.roa (raw, json)
Hash identifier:          VwV2fdkeJBZsgrcuQUY2JmZzrS9RV8AhRq/70BD/Ep8=
Subject key identifier:   A3:09:FB:8A:A4:7A:C0:EA:4C:CA:01:37:85:3C:B4:02:9F:3E:E3:D2
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019E2C79BFCE71601ACBADD9C08ED67E24AC
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/own7iqR6wOpMygE3hTy0Ap8-49I.roa
Signing time:             Fri 15 May 2026 16:30:36 +0000
ROA not before:           Fri 15 May 2026 16:30:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54252
IP address blocks:        89.106.26.0/24 maxlen: 24
                          103.102.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 09:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:79:bf:ce:71:60:1a:cb:ad:d9:c0:8e:d6:7e:24:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May 15 16:30:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a309fb8aa47ac0ea4cca0137853cb4029f3ee3d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0a:ad:f7:d4:bf:d9:58:e2:61:c5:af:15:80:
                    41:fd:4f:b2:d7:8f:31:fa:44:07:0f:ca:0b:7b:76:
                    27:48:a2:37:ad:28:a7:60:a4:3c:ec:ad:f5:93:ac:
                    de:5a:aa:62:76:a8:1f:47:60:69:02:03:b0:b5:9a:
                    be:01:23:1d:63:2f:0b:07:40:6d:02:a1:e1:a5:7a:
                    00:ac:9c:ce:97:68:10:32:b4:80:12:cd:7c:eb:09:
                    91:96:31:6d:b1:31:af:a5:e6:c6:43:fc:c1:7e:e4:
                    aa:0d:89:02:7e:aa:93:92:0a:2c:73:93:b8:f5:45:
                    fd:ea:58:44:3a:57:bd:0f:f6:ab:aa:ae:ca:f0:ee:
                    79:6e:8d:55:74:be:51:f6:fb:3f:5d:cb:03:c9:a2:
                    dc:a5:89:f2:3a:bb:3f:80:17:20:a3:5f:f4:0f:cb:
                    02:3d:07:6a:1a:92:55:aa:56:3e:d8:51:c5:01:9f:
                    26:a1:f2:50:20:cd:04:46:a0:12:53:a2:b9:75:30:
                    f0:7b:56:19:b3:62:18:e1:98:f5:1f:17:41:f1:a5:
                    5b:aa:08:42:49:ae:f8:ab:87:c3:bf:c1:5d:8b:ef:
                    0e:34:41:88:0b:47:54:80:87:a3:a9:de:2d:63:33:
                    eb:36:9e:34:85:1e:1e:eb:8d:3f:94:f0:ed:57:e8:
                    3c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:09:FB:8A:A4:7A:C0:EA:4C:CA:01:37:85:3C:B4:02:9F:3E:E3:D2
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/own7iqR6wOpMygE3hTy0Ap8-49I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.26.0/24
                  103.102.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:73:aa:5c:e3:e3:e3:56:b8:d7:78:eb:fa:92:99:35:3e:3f:
         77:9b:dd:f0:4d:70:6c:4c:23:1b:8e:ba:84:ba:e0:1e:4e:31:
         be:16:da:39:49:18:95:1a:2d:9f:9d:86:cd:75:a6:98:3c:16:
         ae:5c:2d:71:98:ef:ee:10:e1:92:5a:33:bc:ce:3d:47:ef:c9:
         fe:28:75:1e:e6:d7:26:d8:c0:2c:0b:76:aa:f8:90:d1:84:06:
         69:cf:d3:0b:e9:b1:a2:79:e2:5a:03:33:0b:ed:88:35:d0:15:
         a8:35:64:5c:e3:b2:75:58:a4:80:b5:68:50:a6:3a:71:f8:32:
         48:92:65:12:b2:4f:83:8f:96:a6:28:11:fd:8f:18:7c:37:13:
         35:88:16:3c:67:2f:89:95:cc:f9:3f:ab:a3:c6:9a:3c:ee:f5:
         b6:ce:9a:12:db:bb:11:43:70:66:ca:10:81:0a:81:a2:01:96:
         e8:91:73:1c:6e:e5:b7:b2:36:7f:2f:fb:d9:e7:e0:f1:af:32:
         3b:64:c7:9b:1b:29:2f:b9:77:97:89:84:98:d5:26:15:72:3e:
         b1:28:05:fb:bb:89:8c:ff:e5:ed:9e:4f:b8:d3:d8:2a:11:ea:
         ae:8d:bb:1c:fb:17:b8:7e:ff:b0:db:a7:26:b8:ab:e3:29:8b:
         50:e2:80:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4seb/OcWAay63ZwI7WfiSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNTE1MTYzMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzA5ZmI4YWE0N2FjMGVhNGNjYTAxMzc4NTNjYjQwMjlmM2VlM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygqt99S/2VjiYcWvFYBB/U+y148x
+kQHD8oLe3YnSKI3rSinYKQ87K31k6zeWqpidqgfR2BpAgOwtZq+ASMdYy8LB0Bt
AqHhpXoArJzOl2gQMrSAEs186wmRljFtsTGvpebGQ/zBfuSqDYkCfqqTkgosc5O4
9UX96lhEOle9D/arqq7K8O55bo1VdL5R9vs/XcsDyaLcpYnyOrs/gBcgo1/0D8sC
PQdqGpJVqlY+2FHFAZ8mofJQIM0ERqASU6K5dTDwe1YZs2IY4Zj1HxdB8aVbqghC
Sa74q4fDv8Fdi+8ONEGIC0dUgIejqd4tYzPrNp40hR4e640/lPDtV+g84QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKMJ+4qkesDqTMoBN4U8tAKfPuPSMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvb3duN2lxUjZ3T3BNeWdFM2hUeTBBcDgtNDlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWoaAwQA
Z2aEMA0GCSqGSIb3DQEBCwUAA4IBAQClc6pc4+PjVrjXeOv6kpk1Pj93m93wTXBs
TCMbjrqEuuAeTjG+Fto5SRiVGi2fnYbNdaaYPBauXC1xmO/uEOGSWjO8zj1H78n+
KHUe5tcm2MAsC3aq+JDRhAZpz9ML6bGieeJaAzML7Yg10BWoNWRc47J1WKSAtWhQ
pjpx+DJIkmUSsk+Dj5amKBH9jxh8NxM1iBY8Zy+Jlcz5P6ujxpo87vW2zpoS27sR
Q3BmyhCBCoGiAZbokXMcbuW3sjZ/L/vZ5+DxrzI7ZMebGykvuXeXiYSY1SYVcj6x
KAX7u4mM/+Xtnk+409gqEequjbsc+xe4fv+w26cmuKvjKYtQ4oCe
-----END CERTIFICATE-----