Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Br7v-fHYoH9pMqT4Jk1Xfln0UO0.roa
File:                     Br7v-fHYoH9pMqT4Jk1Xfln0UO0.roa (raw, json)
Hash identifier:          eXUKeOnnIDeAg+p/VnW3HuOg8JTtgSZ2HtSETdIEkDM=
Subject key identifier:   06:BE:EF:F9:F1:D8:A0:7F:69:32:A4:F8:26:4D:57:7E:59:F4:50:ED
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01985ED22D13DC1AB8D4517F781824C4194C
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Br7v-fHYoH9pMqT4Jk1Xfln0UO0.roa
Signing time:             Thu 31 Jul 2025 04:51:29 +0000
ROA not before:           Thu 31 Jul 2025 04:51:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        77.111.96.0/24 maxlen: 24
                          89.106.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5e:d2:2d:13:dc:1a:b8:d4:51:7f:78:18:24:c4:19:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jul 31 04:51:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06beeff9f1d8a07f6932a4f8264d577e59f450ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f8:f4:15:fb:25:7c:1f:df:b3:7c:b5:0a:3c:
                    05:80:97:6b:f5:28:84:0a:d4:90:71:fb:32:e0:8c:
                    35:b1:8d:d1:33:27:0d:b9:49:42:13:56:f5:d1:c6:
                    9e:6a:a7:79:11:98:df:ab:d7:3b:d9:46:5f:2f:da:
                    a1:db:12:ef:d5:9b:b5:97:4a:54:43:82:2e:b6:94:
                    f5:34:82:b8:e3:66:bf:f4:c3:49:05:12:98:92:0c:
                    6e:43:98:30:39:07:ed:6b:92:5e:65:a3:37:cc:2c:
                    ae:ea:2c:20:38:2c:46:e6:f1:2c:62:dd:44:88:2f:
                    f5:d6:65:da:a6:18:a5:3e:87:73:b8:7f:60:36:1e:
                    74:21:a8:9e:70:fd:60:61:54:9c:78:a5:c6:5f:bc:
                    b6:cb:ae:c2:c8:22:a1:9a:f0:ea:8a:7f:66:ab:64:
                    07:30:ef:b0:14:f4:e8:63:c9:0e:95:b0:26:8f:a5:
                    79:a2:e4:cc:6d:65:e1:df:b0:97:2e:9b:a5:c8:0e:
                    c6:32:78:48:3c:5a:60:d3:0c:76:c3:2e:fd:92:09:
                    53:42:34:8e:ae:d0:c8:56:ea:a8:37:95:c5:71:5d:
                    ae:94:01:d6:04:13:d5:fb:84:55:fa:69:bf:ea:d0:
                    3e:98:ad:9d:be:b8:e3:5a:f5:9c:55:a9:dd:f3:0c:
                    03:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:BE:EF:F9:F1:D8:A0:7F:69:32:A4:F8:26:4D:57:7E:59:F4:50:ED
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Br7v-fHYoH9pMqT4Jk1Xfln0UO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.96.0/24
                  89.106.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:2f:17:59:ad:44:35:9e:d1:d0:0b:ba:f7:da:27:1c:a4:17:
         b4:8f:2f:09:7e:60:ac:61:08:a8:bf:16:17:ab:19:68:c2:76:
         ce:c6:00:fd:63:71:9f:2b:b9:1c:8c:a5:e0:bc:69:01:14:b4:
         24:c9:85:69:26:16:08:e2:e2:65:48:d0:e7:86:a4:28:57:e7:
         3a:5d:fb:89:e1:0a:be:69:d4:25:38:7e:67:90:94:03:08:52:
         b3:a5:4d:d8:c2:d7:b4:9d:0d:b6:6e:46:7d:02:92:6f:38:94:
         cb:9c:16:2e:fb:5e:69:9e:41:87:25:d7:60:de:dc:87:c6:39:
         af:ee:05:6a:93:9a:71:53:9f:c4:67:f1:e7:bf:cb:b6:6d:be:
         a5:5f:ac:c9:8f:35:1a:c5:1f:6b:68:72:5f:e9:a8:03:59:06:
         6f:37:32:25:13:b5:34:87:43:77:ba:1f:9c:5e:fa:c6:48:d7:
         46:6a:79:43:57:61:87:13:2c:3b:1f:70:8f:8e:c6:6f:9d:7c:
         14:24:22:36:2b:1d:8e:de:51:a4:b7:ce:a1:20:43:85:4a:16:
         7d:ec:50:be:43:33:32:7f:95:12:02:bd:7a:21:36:96:c0:9f:
         76:36:e0:7a:9b:79:29:2f:d5:00:bf:fc:88:66:fb:4f:da:27:
         b8:26:f7:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhe0i0T3Bq41FF/eBgkxBlMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNzMxMDQ1MTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmJlZWZmOWYxZDhhMDdmNjkzMmE0ZjgyNjRkNTc3ZTU5ZjQ1MGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfj0FfslfB/fs3y1CjwFgJdr9SiE
CtSQcfsy4Iw1sY3RMycNuUlCE1b10caeaqd5EZjfq9c72UZfL9qh2xLv1Zu1l0pU
Q4IutpT1NIK442a/9MNJBRKYkgxuQ5gwOQfta5JeZaM3zCyu6iwgOCxG5vEsYt1E
iC/11mXaphilPodzuH9gNh50IaiecP1gYVSceKXGX7y2y67CyCKhmvDqin9mq2QH
MO+wFPToY8kOlbAmj6V5ouTMbWXh37CXLpulyA7GMnhIPFpg0wx2wy79kglTQjSO
rtDIVuqoN5XFcV2ulAHWBBPV+4RV+mm/6tA+mK2dvrjjWvWcVand8wwDFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAa+7/nx2KB/aTKk+CZNV35Z9FDtMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQnI3di1mSFlvSDlwTXFUNEprMVhmbG4wVU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATW9gAwQA
WWoOMA0GCSqGSIb3DQEBCwUAA4IBAQA7LxdZrUQ1ntHQC7r32iccpBe0jy8JfmCs
YQiovxYXqxlownbOxgD9Y3GfK7kcjKXgvGkBFLQkyYVpJhYI4uJlSNDnhqQoV+c6
XfuJ4Qq+adQlOH5nkJQDCFKzpU3Ywte0nQ22bkZ9ApJvOJTLnBYu+15pnkGHJddg
3tyHxjmv7gVqk5pxU5/EZ/Hnv8u2bb6lX6zJjzUaxR9raHJf6agDWQZvNzIlE7U0
h0N3uh+cXvrGSNdGanlDV2GHEyw7H3CPjsZvnXwUJCI2Kx2O3lGkt86hIEOFShZ9
7FC+QzMyf5USAr16ITaWwJ92NuB6m3kpL9UAv/yIZvtP2ie4Jvcp
-----END CERTIFICATE-----