Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7VBghREE3Ydvfdtq_I1g2mMXr9Q.roa
File:                     7VBghREE3Ydvfdtq_I1g2mMXr9Q.roa (raw, json)
Hash identifier:          hJu8+opN8h9lZDIyjSPIEv4tIFgrbayGvLz2c1XQnok=
Subject key identifier:   ED:50:60:85:11:04:DD:87:6F:7D:DB:6A:FC:8D:60:DA:63:17:AF:D4
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018CC26D5A5165BD36E8F4E0339A20B0E444
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7VBghREE3Ydvfdtq_I1g2mMXr9Q.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        14.102.228.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5a:51:65:bd:36:e8:f4:e0:33:9a:20:b0:e4:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed5060851104dd876f7ddb6afc8d60da6317afd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7e:e4:67:8a:f6:dc:bd:69:f1:5e:b1:b5:75:
                    a0:b4:54:a1:84:a9:f8:a5:28:7a:7c:dc:33:55:01:
                    52:32:10:dd:a0:da:5a:2f:6d:71:e0:fe:b3:68:18:
                    19:4f:a1:b8:ee:88:ee:75:61:a1:8c:13:76:f6:5f:
                    88:f4:79:3e:7d:f0:f1:bb:10:b8:a5:68:57:3a:7f:
                    8f:62:8d:29:aa:02:98:59:75:4c:ef:74:89:e4:7d:
                    23:ab:1f:20:44:04:bb:93:60:51:9e:3c:72:b4:81:
                    8e:c4:7e:c9:d0:05:3c:99:8f:18:47:eb:63:3c:be:
                    51:4c:d9:1b:fe:9c:94:80:17:4b:0c:26:a0:ee:13:
                    8d:2b:1c:fc:c7:46:fa:9c:ec:21:1a:77:ed:e6:38:
                    27:37:8c:4a:a8:c1:f4:c6:39:17:15:d5:37:cf:07:
                    02:e8:c0:aa:d3:be:dd:8e:64:27:f2:20:d0:ea:fa:
                    0c:0f:e8:a0:cc:28:34:18:78:20:d2:2f:e3:a2:25:
                    76:77:01:b4:f3:85:77:05:a0:af:3a:92:d7:c0:88:
                    25:6f:bf:a8:34:ad:e7:4a:52:3a:f5:2d:72:fe:12:
                    e9:fa:f0:51:75:e6:49:08:15:1a:53:e3:ac:19:1b:
                    29:1c:26:90:20:7f:fb:ed:1d:e8:6a:8f:e5:29:10:
                    63:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:50:60:85:11:04:DD:87:6F:7D:DB:6A:FC:8D:60:DA:63:17:AF:D4
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7VBghREE3Ydvfdtq_I1g2mMXr9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:23:05:c9:c2:0f:52:64:a1:8e:76:4b:6b:4f:91:18:9c:61:
         2b:28:40:bc:bf:07:0a:03:be:09:05:ff:2b:a2:e9:69:50:95:
         32:86:dc:00:f1:19:34:26:81:7a:cb:38:ed:ee:7e:d0:a1:bc:
         fc:a1:36:d6:af:be:e3:6a:1f:07:8c:1b:ba:1b:8f:a9:dd:fd:
         72:e1:d0:15:b7:cf:d1:28:d8:8f:53:3c:be:c4:70:d5:87:1f:
         92:3c:f2:9e:a9:c5:c6:bd:04:e5:b1:4e:79:89:1a:ec:d3:5c:
         33:7e:c5:c0:a0:da:d8:14:be:e4:4b:8c:08:d1:91:8f:77:a5:
         6f:f9:5c:59:c2:48:44:46:27:0e:8a:e6:90:69:d2:49:ac:f6:
         a4:9c:01:5c:4f:1e:ef:04:b4:43:45:b9:10:66:e7:d6:16:6e:
         f5:9e:30:80:51:3d:61:9a:4f:9e:4a:d6:07:57:9d:b3:4e:0c:
         f5:e3:55:49:36:d3:a6:27:92:9d:ac:da:43:a4:60:74:a6:bf:
         30:2b:eb:2f:a6:6d:ac:55:3a:60:d8:1d:2f:a5:69:11:8d:4c:
         18:6e:0e:02:5b:bc:38:e0:0f:8e:42:23:19:fe:05:16:d0:11:
         89:3e:33:8f:96:39:7a:cc:fc:a8:fd:dc:ef:c5:89:d0:98:5f:
         f2:3f:dc:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVpRZb026PTgM5ogsOREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDUwNjA4NTExMDRkZDg3NmY3ZGRiNmFmYzhkNjBkYTYzMTdhZmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtX7kZ4r23L1p8V6xtXWgtFShhKn4
pSh6fNwzVQFSMhDdoNpaL21x4P6zaBgZT6G47ojudWGhjBN29l+I9Hk+ffDxuxC4
pWhXOn+PYo0pqgKYWXVM73SJ5H0jqx8gRAS7k2BRnjxytIGOxH7J0AU8mY8YR+tj
PL5RTNkb/pyUgBdLDCag7hONKxz8x0b6nOwhGnft5jgnN4xKqMH0xjkXFdU3zwcC
6MCq077djmQn8iDQ6voMD+igzCg0GHgg0i/joiV2dwG084V3BaCvOpLXwIglb7+o
NK3nSlI69S1y/hLp+vBRdeZJCBUaU+OsGRspHCaQIH/77R3oao/lKRBjTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1QYIURBN2Hb33bavyNYNpjF6/UMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvN1ZCZ2hSRUUzWWR2ZmR0cV9JMWcybU1YcjlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBDmbkMA0G
CSqGSIb3DQEBCwUAA4IBAQAOIwXJwg9SZKGOdktrT5EYnGErKEC8vwcKA74JBf8r
oulpUJUyhtwA8Rk0JoF6yzjt7n7Qobz8oTbWr77jah8HjBu6G4+p3f1y4dAVt8/R
KNiPUzy+xHDVhx+SPPKeqcXGvQTlsU55iRrs01wzfsXAoNrYFL7kS4wI0ZGPd6Vv
+VxZwkhERicOiuaQadJJrPaknAFcTx7vBLRDRbkQZufWFm71njCAUT1hmk+eStYH
V52zTgz141VJNtOmJ5KdrNpDpGB0pr8wK+svpm2sVTpg2B0vpWkRjUwYbg4CW7w4
4A+OQiMZ/gUW0BGJPjOPljl6zPyo/dzvxYnQmF/yP9wM
-----END CERTIFICATE-----