Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Hr_pZ6Hyf7qoH1Ts4LNa6sirZIY.roa
File:                     Hr_pZ6Hyf7qoH1Ts4LNa6sirZIY.roa (raw, json)
Hash identifier:          fFzVn9ETTydem4OjclsDQMIuZkHnrdvIM1YsoI2NJp0=
Subject key identifier:   1E:BF:E9:67:A1:F2:7F:BA:A8:1F:54:EC:E0:B3:5A:EA:C8:AB:64:86
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0195C8E33FCA332A1342BDAA19215BC3C46A
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Hr_pZ6Hyf7qoH1Ts4LNa6sirZIY.roa
Signing time:             Mon 24 Mar 2025 16:01:30 +0000
ROA not before:           Mon 24 Mar 2025 16:01:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        14.102.226.0/24 maxlen: 24
                          14.102.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c8:e3:3f:ca:33:2a:13:42:bd:aa:19:21:5b:c3:c4:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Mar 24 16:01:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ebfe967a1f27fbaa81f54ece0b35aeac8ab6486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:04:00:32:81:f7:f4:14:bf:d3:a6:d5:5a:d4:
                    70:05:dd:72:07:30:15:60:c8:f9:fe:9b:69:83:9a:
                    20:82:89:96:b7:82:54:9f:89:53:db:4a:65:e9:81:
                    fe:01:30:de:4f:4d:9a:19:67:63:6a:f7:0f:45:e5:
                    30:b1:13:12:1c:7a:02:42:f4:33:b8:c1:bc:96:fb:
                    2b:03:f8:63:c0:ab:76:bf:bf:93:55:83:50:78:19:
                    73:16:c7:85:7e:2a:7f:1c:fb:d0:42:f7:d4:d8:d9:
                    eb:40:d2:a9:b4:0a:4c:e7:8c:42:37:6d:95:0a:fe:
                    1e:87:78:50:ac:29:22:95:e7:14:a5:4b:b4:ff:7b:
                    ab:86:e2:70:16:e8:e9:96:f3:e4:4f:18:f8:db:05:
                    d9:17:3a:ca:35:9c:53:3c:67:4e:4b:c3:30:4f:b9:
                    2a:d9:3a:16:fd:e4:03:82:76:fa:c0:5c:11:91:3e:
                    88:5e:92:2f:ad:8d:1e:80:f7:16:59:06:71:cb:7c:
                    79:e8:12:d7:4d:54:b9:04:27:96:3b:42:da:8e:cf:
                    e6:58:af:69:a9:11:16:1e:65:29:66:38:2e:27:3b:
                    35:c4:76:f3:46:24:4f:2a:25:d8:ba:43:fa:92:84:
                    b9:c6:e9:ee:eb:d8:b5:8b:4a:23:a8:29:f5:b9:82:
                    9b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:BF:E9:67:A1:F2:7F:BA:A8:1F:54:EC:E0:B3:5A:EA:C8:AB:64:86
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Hr_pZ6Hyf7qoH1Ts4LNa6sirZIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.226.0/24
                  14.102.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:da:4a:00:85:e5:54:21:b6:19:47:74:62:c7:ee:7b:53:1c:
         bd:8b:e3:da:27:21:95:9f:f0:98:df:c0:0d:4c:32:29:76:e9:
         34:a5:1b:53:e1:77:96:7f:dc:99:8d:89:53:5f:6b:07:1b:35:
         5d:57:44:77:be:b5:9c:dc:58:ab:89:49:b8:f8:10:48:8f:72:
         3b:73:c4:be:c5:db:4a:09:5b:8a:f0:bc:37:1a:91:a6:3a:12:
         e8:b4:c3:3f:99:d9:8a:d7:5b:f9:36:c1:7f:19:49:3f:cb:06:
         80:35:21:64:65:71:12:05:c3:07:a4:e5:36:a0:22:73:65:1f:
         37:94:04:72:db:54:0b:09:17:dd:da:57:9b:4d:a3:b0:5d:64:
         13:1c:9a:b1:f9:cc:9f:23:dc:6a:bb:b9:ee:da:6b:36:27:4f:
         a3:27:4f:1a:5c:a3:f0:8b:05:b9:cf:64:5b:14:68:de:df:7a:
         e9:f6:50:01:fb:15:0e:21:54:46:a0:f7:4d:bc:75:e8:fb:01:
         94:08:4e:a4:9e:7a:7e:fc:87:d6:4e:e4:2e:7b:96:63:73:1c:
         bd:46:f9:99:6f:7b:22:1e:36:94:e7:09:85:48:3c:2a:c6:92:
         22:6e:c3:0c:31:ff:f6:7d:2d:ef:dc:a3:48:12:cf:ac:14:9a:
         4c:42:9f:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXI4z/KMyoTQr2qGSFbw8RqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMzI0MTYwMTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWJmZTk2N2ExZjI3ZmJhYTgxZjU0ZWNlMGIzNWFlYWM4YWI2NDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQQAMoH39BS/06bVWtRwBd1yBzAV
YMj5/ptpg5oggomWt4JUn4lT20pl6YH+ATDeT02aGWdjavcPReUwsRMSHHoCQvQz
uMG8lvsrA/hjwKt2v7+TVYNQeBlzFseFfip/HPvQQvfU2NnrQNKptApM54xCN22V
Cv4eh3hQrCkilecUpUu0/3urhuJwFujplvPkTxj42wXZFzrKNZxTPGdOS8MwT7kq
2ToW/eQDgnb6wFwRkT6IXpIvrY0egPcWWQZxy3x56BLXTVS5BCeWO0Lajs/mWK9p
qREWHmUpZjguJzs1xHbzRiRPKiXYukP6koS5xunu69i1i0ojqCn1uYKbpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB6/6Weh8n+6qB9U7OCzWurIq2SGMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvSHJfcFo2SHlmN3FvSDFUczRMTmE2c2lyWklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQADmbiAwQA
DmboMA0GCSqGSIb3DQEBCwUAA4IBAQBw2koAheVUIbYZR3Rix+57Uxy9i+PaJyGV
n/CY38ANTDIpduk0pRtT4XeWf9yZjYlTX2sHGzVdV0R3vrWc3FiriUm4+BBIj3I7
c8S+xdtKCVuK8Lw3GpGmOhLotMM/mdmK11v5NsF/GUk/ywaANSFkZXESBcMHpOU2
oCJzZR83lARy21QLCRfd2lebTaOwXWQTHJqx+cyfI9xqu7nu2ms2J0+jJ08aXKPw
iwW5z2RbFGje33rp9lAB+xUOIVRGoPdNvHXo+wGUCE6knnp+/IfWTuQue5Zjcxy9
RvmZb3siHjaU5wmFSDwqxpIibsMMMf/2fS3v3KNIEs+sFJpMQp/r
-----END CERTIFICATE-----