Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6kTD4CEELRm5z3PdUlAgO3TC3OE.roa
File:                     6kTD4CEELRm5z3PdUlAgO3TC3OE.roa (raw, json)
Hash identifier:          sRLWd1KX5tR3ZHlrg3qYlRcyhyx3aK5Ie6Z83SOpsKk=
Subject key identifier:   EA:44:C3:E0:21:04:2D:19:B9:CF:73:DD:52:50:20:3B:74:C2:DC:E1
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018CC26D5990723C8A8871BDDE8B334FAE4A
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6kTD4CEELRm5z3PdUlAgO3TC3OE.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        14.102.226.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 23:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:59:90:72:3c:8a:88:71:bd:de:8b:33:4f:ae:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea44c3e021042d19b9cf73dd5250203b74c2dce1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7e:56:fe:0a:c9:c3:1e:57:49:59:4f:07:45:
                    3d:3a:d8:80:36:d2:44:bc:0d:37:aa:8f:c4:69:07:
                    f9:d8:44:2a:03:fa:1e:96:90:26:a1:6a:90:65:be:
                    76:25:1c:0b:e4:a8:f8:64:24:c1:fa:32:ca:0c:27:
                    0a:ff:c9:71:73:3c:fb:ab:e0:bf:87:96:83:19:33:
                    41:fc:cb:26:60:1a:1c:ce:60:43:06:12:b9:5c:4b:
                    49:c3:c9:c0:d8:83:53:b0:ad:c3:e5:73:ba:e8:f6:
                    b4:ba:26:31:a8:eb:4a:2d:85:59:7d:08:45:50:13:
                    55:d1:2e:b8:8f:51:50:fa:7b:55:8a:b1:6a:fb:09:
                    2e:c5:ed:a4:b6:f1:4a:61:3a:e2:94:b3:49:2e:90:
                    b7:96:76:64:00:f1:d8:d0:03:9e:ec:f5:ba:6e:fe:
                    51:54:14:86:1c:2d:29:e4:92:de:13:70:0d:d8:b7:
                    40:aa:73:85:9b:07:e5:64:82:0b:e5:14:34:be:da:
                    59:f2:5a:10:68:00:ab:1a:fd:d0:f1:9e:65:55:88:
                    7f:8c:85:5d:5d:e4:73:c2:e1:a5:65:94:a4:76:9e:
                    6f:8f:a2:56:7a:67:31:84:49:f1:cb:91:30:42:03:
                    82:00:e6:ac:8b:47:b9:c2:fa:27:ab:37:9c:d9:7d:
                    5c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:44:C3:E0:21:04:2D:19:B9:CF:73:DD:52:50:20:3B:74:C2:DC:E1
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6kTD4CEELRm5z3PdUlAgO3TC3OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:5b:ee:5e:f6:26:fc:e2:fa:75:39:9b:f5:23:f6:2e:40:5a:
         47:40:87:30:3c:8a:73:f2:8d:1e:f7:02:43:6d:d9:51:5a:22:
         2e:69:cf:90:69:6a:7e:ed:b2:55:7c:cf:df:d3:f5:9e:8c:50:
         ea:18:7c:fb:bd:58:47:17:91:92:c3:14:1d:c8:80:8d:1f:14:
         f3:3d:dc:fc:74:ed:09:16:28:c7:01:2a:54:33:4e:68:17:fe:
         75:bf:bc:7a:d6:4c:64:a0:14:d1:c4:e8:04:17:fe:ca:56:63:
         6c:3e:df:27:75:0a:e2:39:fc:01:61:4b:b1:37:a6:22:59:f9:
         4c:d6:ec:cf:a1:d6:29:69:9c:e6:73:04:bc:7c:5c:4e:4f:74:
         64:d5:35:9f:aa:03:2e:d1:b1:b9:94:a9:6e:8d:54:1f:0b:4f:
         32:7a:20:c6:b8:46:5a:c8:e7:62:88:25:4d:f5:f7:5f:5a:4d:
         58:05:8d:11:bc:0c:0e:dd:85:e2:99:ad:3c:0c:87:90:e1:b2:
         73:d1:a8:d6:fc:cb:cc:f7:32:b0:a8:da:5e:eb:ce:93:ae:f0:
         66:7b:47:71:3f:43:73:80:83:94:cc:3a:34:0a:49:c8:93:fd:
         16:f1:f6:86:86:88:59:01:a9:ef:e9:15:b4:0d:99:44:62:d7:
         fe:d2:ab:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVmQcjyKiHG93oszT65KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQ0YzNlMDIxMDQyZDE5YjljZjczZGQ1MjUwMjAzYjc0YzJkY2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX5W/grJwx5XSVlPB0U9OtiANtJE
vA03qo/EaQf52EQqA/oelpAmoWqQZb52JRwL5Kj4ZCTB+jLKDCcK/8lxczz7q+C/
h5aDGTNB/MsmYBoczmBDBhK5XEtJw8nA2INTsK3D5XO66Pa0uiYxqOtKLYVZfQhF
UBNV0S64j1FQ+ntVirFq+wkuxe2ktvFKYTrilLNJLpC3lnZkAPHY0AOe7PW6bv5R
VBSGHC0p5JLeE3AN2LdAqnOFmwflZIIL5RQ0vtpZ8loQaACrGv3Q8Z5lVYh/jIVd
XeRzwuGlZZSkdp5vj6JWemcxhEnxy5EwQgOCAOasi0e5wvonqzec2X1cFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpEw+AhBC0Zuc9z3VJQIDt0wtzhMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvNmtURDRDRUVMUm01ejNQZFVsQWdPM1RDM09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBDmbiMA0G
CSqGSIb3DQEBCwUAA4IBAQAlW+5e9ib84vp1OZv1I/YuQFpHQIcwPIpz8o0e9wJD
bdlRWiIuac+QaWp+7bJVfM/f0/WejFDqGHz7vVhHF5GSwxQdyICNHxTzPdz8dO0J
FijHASpUM05oF/51v7x61kxkoBTRxOgEF/7KVmNsPt8ndQriOfwBYUuxN6YiWflM
1uzPodYpaZzmcwS8fFxOT3Rk1TWfqgMu0bG5lKlujVQfC08yeiDGuEZayOdiiCVN
9fdfWk1YBY0RvAwO3YXima08DIeQ4bJz0ajW/MvM9zKwqNpe686TrvBme0dxP0Nz
gIOUzDo0CknIk/0W8faGhohZAanv6RW0DZlEYtf+0qts
-----END CERTIFICATE-----