Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/0OfDNyG4AqSUDS4YvsYkXSB_VHI.roa
File:                     0OfDNyG4AqSUDS4YvsYkXSB_VHI.roa (raw, json)
Hash identifier:          KMtjSlpnR6ZsIKKmx46RDc1UIUMAK6FkE7Fi5G9LkCE=
Subject key identifier:   D0:E7:C3:37:21:B8:02:A4:94:0D:2E:18:BE:C6:24:5D:20:7F:54:72
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018CE5569EBA4038312F37BB90249D141A8F
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/0OfDNyG4AqSUDS4YvsYkXSB_VHI.roa
Signing time:             Sun 07 Jan 2024 19:11:48 +0000
ROA not before:           Sun 07 Jan 2024 19:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        14.102.226.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e5:56:9e:ba:40:38:31:2f:37:bb:90:24:9d:14:1a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  7 19:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0e7c33721b802a4940d2e18bec6245d207f5472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2a:12:7a:bd:ef:e5:02:cb:ef:8c:20:f8:85:
                    62:76:9b:84:18:4d:20:cc:70:10:b9:d4:b2:9a:3e:
                    ee:af:f9:2d:4a:fa:03:4c:5c:71:21:43:76:5b:fc:
                    65:4f:b7:e9:c2:64:93:98:5b:71:8d:79:f4:2f:87:
                    2b:04:6b:e4:2f:f0:23:f7:75:ea:97:04:f7:09:35:
                    4a:8c:83:51:3a:1c:75:ed:46:55:7a:bc:f5:2f:43:
                    1c:33:ec:8b:57:a3:8e:5f:4d:f5:19:9e:2d:80:4d:
                    77:e2:47:23:54:57:de:4b:21:05:67:91:2e:ab:e6:
                    bd:3e:c7:59:fa:6c:50:a0:54:8a:03:ed:e0:e6:d3:
                    38:79:7f:07:9a:81:12:31:c6:b5:cd:b6:10:10:aa:
                    0e:ac:07:82:a9:1b:a9:8f:5c:f9:a7:c6:9d:5f:e8:
                    c2:b7:d1:f9:42:ca:0e:1e:7c:5c:de:53:21:e2:a2:
                    32:e7:7f:ac:e4:12:a3:97:24:1f:44:0b:0b:c9:4f:
                    da:e7:cd:26:b0:03:d7:2c:6d:ec:59:f3:ad:e5:92:
                    ae:2c:46:83:3f:0e:7b:27:46:15:03:72:53:c2:af:
                    82:81:a5:96:c7:d1:76:7c:25:8a:c7:32:7d:d0:b5:
                    c2:b6:99:f5:87:f1:66:ec:47:b5:33:61:69:43:23:
                    2d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E7:C3:37:21:B8:02:A4:94:0D:2E:18:BE:C6:24:5D:20:7F:54:72
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/0OfDNyG4AqSUDS4YvsYkXSB_VHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:2c:93:70:1c:f4:0e:82:e1:f3:23:5d:ee:93:32:48:6b:e5:
         f1:ac:f9:84:11:c4:db:46:08:d2:2b:8c:80:d0:f4:96:e6:b0:
         16:56:0f:bd:0e:41:4f:3a:e3:eb:a5:9d:85:fd:ea:4d:cb:e4:
         7d:e6:02:0e:cc:7f:be:9e:5d:46:f1:7a:0d:96:74:dc:61:6c:
         16:b0:02:69:44:56:be:24:a9:c6:8a:4a:87:17:ee:1b:7b:ce:
         36:ed:7f:4d:83:29:91:d1:c0:60:dd:22:0d:11:06:52:2c:79:
         fe:4c:60:1c:66:bd:d5:4d:1a:44:22:2e:e3:21:81:a2:5f:69:
         35:08:5d:ae:66:ac:56:3c:fa:2f:bf:a3:88:64:fe:19:ee:fd:
         59:91:41:9d:25:60:c9:f9:e1:70:5a:67:bc:7d:48:95:72:f3:
         79:23:ce:2a:ee:4a:db:de:43:e0:97:26:c1:53:66:13:0f:f6:
         76:2b:ff:32:d6:77:4a:7f:76:74:a1:f6:e6:57:23:0d:24:99:
         de:ab:95:7c:80:b5:8e:dd:2f:15:f2:9a:e8:4b:6b:ee:13:89:
         d1:a1:29:b0:bd:ee:4b:a0:48:84:8f:92:1d:ab:e1:b3:10:f2:
         e7:5c:72:de:07:68:9f:08:07:34:fa:b5:3c:8a:04:e0:b3:78:
         06:8b:f0:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzlVp66QDgxLze7kCSdFBqPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMTA3MTkxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGU3YzMzNzIxYjgwMmE0OTQwZDJlMThiZWM2MjQ1ZDIwN2Y1NDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyoSer3v5QLL74wg+IVidpuEGE0g
zHAQudSymj7ur/ktSvoDTFxxIUN2W/xlT7fpwmSTmFtxjXn0L4crBGvkL/Aj93Xq
lwT3CTVKjINROhx17UZVerz1L0McM+yLV6OOX031GZ4tgE134kcjVFfeSyEFZ5Eu
q+a9PsdZ+mxQoFSKA+3g5tM4eX8HmoESMca1zbYQEKoOrAeCqRupj1z5p8adX+jC
t9H5QsoOHnxc3lMh4qIy53+s5BKjlyQfRAsLyU/a580msAPXLG3sWfOt5ZKuLEaD
Pw57J0YVA3JTwq+CgaWWx9F2fCWKxzJ90LXCtpn1h/Fm7Ee1M2FpQyMtjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDnwzchuAKklA0uGL7GJF0gf1RyMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvME9mRE55RzRBcVNVRFM0WXZzWWtYU0JfVkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBDmbiMA0G
CSqGSIb3DQEBCwUAA4IBAQDDLJNwHPQOguHzI13ukzJIa+XxrPmEEcTbRgjSK4yA
0PSW5rAWVg+9DkFPOuPrpZ2F/epNy+R95gIOzH++nl1G8XoNlnTcYWwWsAJpRFa+
JKnGikqHF+4be8427X9NgymR0cBg3SINEQZSLHn+TGAcZr3VTRpEIi7jIYGiX2k1
CF2uZqxWPPovv6OIZP4Z7v1ZkUGdJWDJ+eFwWme8fUiVcvN5I84q7krb3kPglybB
U2YTD/Z2K/8y1ndKf3Z0ofbmVyMNJJneq5V8gLWO3S8V8proS2vuE4nRoSmwve5L
oEiEj5Idq+GzEPLnXHLeB2ifCAc0+rU8igTgs3gGi/CI
-----END CERTIFICATE-----