Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/1-YYD-NJ9SGy6yqJpzlJGmI6fxBo.roa
File:                     1-YYD-NJ9SGy6yqJpzlJGmI6fxBo.roa (raw, json)
Hash identifier:          tpvkRrY2igFwrMFiEz5wvubF8faMN4ZDSJowRK7YbXY=
Subject key identifier:   F9:86:03:F8:D2:7D:48:6C:BA:CA:A2:69:CE:52:46:98:8E:9F:C4:1A
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0190C5FE959FEF7648903B6315DDF6FE5545
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/1-YYD-NJ9SGy6yqJpzlJGmI6fxBo.roa
Signing time:             Thu 18 Jul 2024 13:18:34 +0000
ROA not before:           Thu 18 Jul 2024 13:18:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        14.102.226.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:fe:95:9f:ef:76:48:90:3b:63:15:dd:f6:fe:55:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jul 18 13:18:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f98603f8d27d486cbacaa269ce5246988e9fc41a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e7:83:cc:29:21:32:5a:50:42:78:a6:b4:3d:
                    f1:d7:0d:ca:a8:ff:f7:99:e6:1c:83:e4:48:61:dd:
                    97:33:a5:1a:01:88:11:ca:68:0d:a3:3b:f9:13:cf:
                    16:bd:3f:4d:81:28:3b:f7:d3:1a:a8:44:89:bb:f9:
                    9e:dc:9c:47:8d:8b:22:4f:04:51:09:0a:7b:17:80:
                    b4:0f:0c:c8:5a:3e:3b:8a:0e:89:94:f3:c0:a1:b0:
                    84:d9:99:71:a8:30:cd:3b:c5:7b:60:03:b2:4c:4d:
                    ae:b3:30:21:2c:2b:5d:ab:03:dc:48:46:f3:fa:9f:
                    58:54:7f:53:15:28:5b:c3:7e:ee:9d:b2:44:dd:51:
                    9d:ce:c1:81:01:20:c6:b1:e5:11:2d:02:d5:b5:6b:
                    02:00:5d:e7:ab:46:a7:2b:06:dc:0b:30:f5:e3:7c:
                    1e:47:5e:fa:3d:da:33:f8:2a:5a:1b:34:70:78:5e:
                    b5:14:22:70:de:e0:e2:b7:ec:94:20:97:a9:f3:1a:
                    90:53:be:58:e3:8b:27:a1:0c:d0:46:10:31:a0:22:
                    b1:d1:45:dc:f8:b9:00:07:8a:37:2d:e1:d2:91:d4:
                    27:d9:56:c5:e7:cd:92:af:64:6b:52:86:cf:06:1d:
                    26:18:3f:14:19:fb:9a:a6:be:1d:b4:d4:15:e9:78:
                    ba:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:86:03:F8:D2:7D:48:6C:BA:CA:A2:69:CE:52:46:98:8E:9F:C4:1A
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/1-YYD-NJ9SGy6yqJpzlJGmI6fxBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         dc:0d:79:74:03:b3:13:6e:ad:da:1f:b7:81:a0:ea:59:b3:f7:
         d8:c6:8a:9a:23:5a:ed:1d:54:71:27:3a:5d:22:ee:af:86:81:
         fe:3f:6a:fa:2f:9a:d5:36:29:da:53:b9:6d:9e:8f:14:35:04:
         de:bc:79:c0:45:cf:bc:62:85:d8:0b:5d:1f:1e:2c:1b:25:e2:
         ce:62:ba:cd:b3:91:94:bf:13:93:34:8d:cd:f4:20:3b:3d:4a:
         4b:bf:db:78:47:6f:e4:5b:c7:36:3f:aa:03:28:bd:aa:be:79:
         b3:5f:2c:3e:57:98:54:9e:8d:8c:2c:99:ad:a6:87:cb:ce:9c:
         d1:49:2a:06:f0:10:b3:98:49:58:2a:59:2a:fe:68:4c:46:9b:
         92:41:96:0d:e2:82:1f:79:bd:27:19:aa:a0:f8:98:ab:32:1b:
         3c:80:99:90:7a:91:87:45:4f:dd:a7:f5:83:eb:ce:e3:53:4c:
         5e:4e:c9:8f:06:b7:c9:c8:0d:0c:75:c3:61:c2:cc:35:96:b8:
         6b:72:60:73:38:a1:23:53:b6:f2:3a:f7:4b:d6:8a:30:5b:c8:
         e3:89:1c:1c:96:dd:dc:b8:da:2e:a5:4e:c2:0c:96:db:dc:0e:
         cb:f7:f2:53:f6:dc:68:61:87:9d:dd:38:18:76:2f:eb:c8:3a:
         4b:b3:f0:7b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDF/pWf73ZIkDtjFd32/lVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwNzE4MTMxODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTg2MDNmOGQyN2Q0ODZjYmFjYWEyNjljZTUyNDY5ODhlOWZjNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6eeDzCkhMlpQQnimtD3x1w3KqP/3
meYcg+RIYd2XM6UaAYgRymgNozv5E88WvT9NgSg799MaqESJu/me3JxHjYsiTwRR
CQp7F4C0DwzIWj47ig6JlPPAobCE2ZlxqDDNO8V7YAOyTE2uszAhLCtdqwPcSEbz
+p9YVH9TFShbw37unbJE3VGdzsGBASDGseURLQLVtWsCAF3nq0anKwbcCzD143we
R176Pdoz+CpaGzRweF61FCJw3uDit+yUIJep8xqQU75Y44snoQzQRhAxoCKx0UXc
+LkAB4o3LeHSkdQn2VbF582Sr2RrUobPBh0mGD8UGfuapr4dtNQV6Xi6rQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmGA/jSfUhsusqiac5SRpiOn8QaMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvMS1ZWUQtTko5U0d5NnlxSnB6bEpHbUk2ZnhCby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWIvMWZmNDRmLTUxZDYtNDU0NS1hZDM2LWI0YjhkYjIwYjFm
Yi8xLzdodzBjc0phelRSelpMZldNU1lZcWpVd3kyTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQ5m4jAN
BgkqhkiG9w0BAQsFAAOCAQEA3A15dAOzE26t2h+3gaDqWbP32MaKmiNa7R1UcSc6
XSLur4aB/j9q+i+a1TYp2lO5bZ6PFDUE3rx5wEXPvGKF2AtdHx4sGyXizmK6zbOR
lL8TkzSNzfQgOz1KS7/beEdv5FvHNj+qAyi9qr55s18sPleYVJ6NjCyZraaHy86c
0UkqBvAQs5hJWCpZKv5oTEabkkGWDeKCH3m9JxmqoPiYqzIbPICZkHqRh0VP3af1
g+vO41NMXk7Jjwa3ycgNDHXDYcLMNZa4a3JgczihI1O28jr3S9aKMFvI44kcHJbd
3LjaLqVOwgyW29wOy/fyU/bcaGGHnd04GHYv68g6S7Pwew==
-----END CERTIFICATE-----