Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6EHRTpzcxVhUUhm5_wAQIguGYVA.roa
File:                     6EHRTpzcxVhUUhm5_wAQIguGYVA.roa (raw, json)
Hash identifier:          FboHH9qdjNv8tWdzoZETJLkRyc3mSXZgRrpjoLEmbFo=
Subject key identifier:   E8:41:D1:4E:9C:DC:C5:58:54:52:19:B9:FF:00:10:22:0B:86:61:50
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018CC26D581B4E08F567F928EB417EA8F203
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6EHRTpzcxVhUUhm5_wAQIguGYVA.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30644
IP address blocks:        14.102.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:58:1b:4e:08:f5:67:f9:28:eb:41:7e:a8:f2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e841d14e9cdcc558545219b9ff0010220b866150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e6:80:a1:9a:fe:f4:a7:55:8c:2a:89:aa:54:
                    95:6c:4e:37:56:47:7b:59:40:ba:c3:5b:e3:b9:8d:
                    27:cf:b5:db:b6:11:1f:c9:ff:ad:fd:b0:6e:cd:4e:
                    0c:01:7d:ee:9b:51:17:41:66:78:f2:8f:b2:ef:ab:
                    13:8a:35:1a:cd:9c:ae:e5:ee:74:82:c9:00:e7:e7:
                    20:0d:d9:84:08:d0:85:24:67:0b:2b:86:39:1b:a0:
                    79:a3:f0:10:6f:ec:c8:78:8a:6d:f7:13:4d:21:ad:
                    50:44:c7:1c:c9:84:36:2b:c7:f3:f0:50:53:af:86:
                    c4:12:9b:c0:88:6c:5a:a1:2a:3f:53:2f:94:6d:19:
                    50:42:b0:2a:e7:0b:2b:01:38:94:e7:be:bb:2e:65:
                    c8:e0:fb:2e:b6:79:9d:39:79:13:ef:85:39:8b:02:
                    99:e7:51:30:4e:83:4b:09:75:39:cc:ea:bc:2a:e1:
                    f7:c5:2e:5c:c3:ed:79:3f:42:2b:69:6e:d7:0e:ca:
                    8e:d1:12:f6:f4:01:a2:b6:48:7c:fe:1b:63:a5:af:
                    70:13:cb:c7:41:d2:5a:df:d6:bc:ca:d8:a9:b0:77:
                    16:96:b4:24:48:fd:64:bf:44:c7:81:71:c9:5d:8d:
                    c2:9a:9a:2d:b2:98:fd:22:52:6c:2f:b2:34:c1:28:
                    5a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:41:D1:4E:9C:DC:C5:58:54:52:19:B9:FF:00:10:22:0B:86:61:50
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6EHRTpzcxVhUUhm5_wAQIguGYVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:5e:2f:b3:07:92:3f:93:70:d2:e4:31:4d:f2:f7:3f:8b:1f:
         0b:8f:1f:c7:ab:13:09:37:e8:e6:d2:09:32:70:97:32:8c:3c:
         5c:7b:b2:f2:51:77:6e:c0:ee:20:2a:c9:1f:d8:5e:35:df:98:
         5a:12:04:43:60:e0:8c:a1:15:1e:87:05:63:fa:aa:2c:45:b3:
         2a:e2:6a:c4:be:7b:c3:90:fe:92:42:3b:9a:5e:4e:f1:f5:38:
         9e:1c:1c:03:37:4d:3d:3e:09:46:a2:e7:a6:e0:37:b6:1a:a9:
         f1:62:20:c2:ed:d0:57:d7:cd:f0:7f:f5:19:5d:08:21:76:09:
         b6:e1:be:ec:a0:6a:e0:30:13:48:8e:06:6a:2d:25:74:1e:79:
         f3:86:56:a2:f8:d4:93:d0:28:48:25:49:03:ba:07:bd:72:dd:
         b4:15:71:f3:35:bd:07:ab:fb:60:b9:24:e1:dc:11:09:c0:5c:
         25:de:8b:f0:e7:ad:d4:22:a3:98:cb:06:87:3a:95:71:f3:ab:
         86:99:ac:a0:98:29:0c:77:ee:8e:6c:70:59:ba:31:3a:ae:58:
         2e:91:d4:db:88:b6:32:1a:3e:15:54:88:97:5c:c5:e4:82:17:
         a8:c4:b1:3b:e0:cc:c3:28:e9:34:12:ce:80:1d:61:d1:1f:90:
         2f:56:d5:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVgbTgj1Z/ko60F+qPIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQxZDE0ZTljZGNjNTU4NTQ1MjE5YjlmZjAwMTAyMjBiODY2MTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOaAoZr+9KdVjCqJqlSVbE43Vkd7
WUC6w1vjuY0nz7XbthEfyf+t/bBuzU4MAX3um1EXQWZ48o+y76sTijUazZyu5e50
gskA5+cgDdmECNCFJGcLK4Y5G6B5o/AQb+zIeIpt9xNNIa1QRMccyYQ2K8fz8FBT
r4bEEpvAiGxaoSo/Uy+UbRlQQrAq5wsrATiU5767LmXI4PsutnmdOXkT74U5iwKZ
51EwToNLCXU5zOq8KuH3xS5cw+15P0IraW7XDsqO0RL29AGitkh8/htjpa9wE8vH
QdJa39a8ytipsHcWlrQkSP1kv0THgXHJXY3Cmpotspj9IlJsL7I0wShavwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhB0U6c3MVYVFIZuf8AECILhmFQMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvNkVIUlRwemN4VmhVVWhtNV93QVFJZ3VHWVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADmbpMA0G
CSqGSIb3DQEBCwUAA4IBAQAmXi+zB5I/k3DS5DFN8vc/ix8Ljx/HqxMJN+jm0gky
cJcyjDxce7LyUXduwO4gKskf2F4135haEgRDYOCMoRUehwVj+qosRbMq4mrEvnvD
kP6SQjuaXk7x9TieHBwDN009PglGouem4De2GqnxYiDC7dBX183wf/UZXQghdgm2
4b7soGrgMBNIjgZqLSV0Hnnzhlai+NST0ChIJUkDuge9ct20FXHzNb0Hq/tguSTh
3BEJwFwl3ovw563UIqOYywaHOpVx86uGmaygmCkMd+6ObHBZujE6rlgukdTbiLYy
Gj4VVIiXXMXkgheoxLE74MzDKOk0Es6AHWHRH5AvVtWL
-----END CERTIFICATE-----