Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/IkyIc00ideiKHT-ubqkTc8gYlcM.roa
File:                     IkyIc00ideiKHT-ubqkTc8gYlcM.roa (raw, json)
Hash identifier:          WI6BmsEy1KsNleGjRXEc3NZfrN7rokWhozP9XXMbHe4=
Subject key identifier:   22:4C:88:73:4D:22:75:E8:8A:1D:3F:AE:6E:A9:13:73:C8:18:95:C3
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018DA8B0E54151E0020D4D384BE5398AC7A8
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/IkyIc00ideiKHT-ubqkTc8gYlcM.roa
Signing time:             Wed 14 Feb 2024 17:36:21 +0000
ROA not before:           Wed 14 Feb 2024 17:36:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        14.102.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:b0:e5:41:51:e0:02:0d:4d:38:4b:e5:39:8a:c7:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Feb 14 17:36:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=224c88734d2275e88a1d3fae6ea91373c81895c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:eb:a0:ff:d9:6a:9f:a2:92:e8:51:c5:6a:cb:
                    35:29:91:8e:47:c3:09:46:57:c1:ed:7d:42:4d:30:
                    e4:70:ef:7f:1a:6d:b2:e8:e6:4e:c6:4f:ec:5b:b4:
                    22:c3:07:7d:44:a4:00:04:1c:a0:f1:39:d1:79:8a:
                    a8:75:a6:61:d2:89:65:f9:04:ab:65:6c:99:ea:e4:
                    19:84:96:fa:4b:60:a9:48:64:10:8c:0d:98:24:be:
                    78:56:13:26:19:77:10:f9:7e:d6:d3:b5:41:cd:66:
                    7a:33:7f:8e:49:b2:e5:e9:ed:5e:4b:90:05:fb:62:
                    94:8c:a0:32:a2:c2:80:3e:94:f6:3d:d3:99:40:da:
                    f1:52:ec:7d:e7:02:e0:c9:c9:e6:34:a5:0b:1e:11:
                    ec:42:9a:6d:c7:dc:b7:b0:90:0b:b5:98:d4:3d:d2:
                    f5:5a:fc:a4:30:7f:50:32:9d:f4:a9:b8:55:4e:61:
                    42:bf:d2:e8:eb:3c:44:8b:e3:7a:63:d5:a0:28:a1:
                    23:69:5b:cb:80:3c:da:cd:58:d6:59:37:b3:f9:74:
                    e3:6e:7b:97:0a:c8:6b:d4:f9:8c:4a:3c:e9:43:70:
                    ad:4d:2b:02:4a:8f:63:7e:ed:4a:4e:a8:a5:ea:77:
                    b0:10:76:41:7b:dd:96:d1:25:c5:49:a1:4b:f8:85:
                    e1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4C:88:73:4D:22:75:E8:8A:1D:3F:AE:6E:A9:13:73:C8:18:95:C3
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/IkyIc00ideiKHT-ubqkTc8gYlcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:a6:85:80:2b:84:1f:d5:a1:3a:77:95:62:d1:89:52:51:a8:
         50:bb:94:d0:fe:fb:1b:69:92:28:9c:a1:b0:33:eb:e5:0c:be:
         2b:00:ba:6a:6a:1f:9f:69:98:a1:1c:52:5e:03:cb:cb:72:ed:
         a7:cd:d8:e4:4c:d4:09:25:db:f6:9a:22:64:06:15:7b:c5:ee:
         32:07:e0:f7:f2:7c:43:5e:b1:77:73:93:14:a4:81:52:2a:65:
         1f:e1:24:e6:71:c7:56:ef:97:1e:09:32:73:85:00:8a:22:8e:
         a4:ab:e3:77:2e:b2:3a:a3:bd:dd:cd:b9:0c:be:21:62:bb:a0:
         5e:21:a1:d0:3c:77:1f:d1:d4:ac:29:c7:23:dc:af:96:c3:ca:
         5c:22:ef:3c:47:22:69:cb:de:88:83:41:63:4c:f0:1f:a4:51:
         26:41:97:00:0b:8c:a6:99:ef:4f:0d:10:dc:63:fb:a1:46:e4:
         38:2e:93:71:b0:21:01:69:14:07:a4:ab:d3:aa:d2:09:18:db:
         3b:1d:1f:b3:08:22:41:79:d5:ef:d7:c8:d7:88:d2:02:0a:65:
         76:15:27:6c:0e:a1:b6:6e:cf:5e:db:80:87:82:c8:7c:6e:6d:
         f9:82:cd:f3:c6:51:65:22:3f:91:7a:99:98:a4:9f:ca:d6:43:
         97:32:e5:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2osOVBUeACDU04S+U5iseoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMjE0MTczNjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRjODg3MzRkMjI3NWU4OGExZDNmYWU2ZWE5MTM3M2M4MTg5NWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uug/9lqn6KS6FHFass1KZGOR8MJ
RlfB7X1CTTDkcO9/Gm2y6OZOxk/sW7Qiwwd9RKQABByg8TnReYqodaZh0oll+QSr
ZWyZ6uQZhJb6S2CpSGQQjA2YJL54VhMmGXcQ+X7W07VBzWZ6M3+OSbLl6e1eS5AF
+2KUjKAyosKAPpT2PdOZQNrxUux95wLgycnmNKULHhHsQpptx9y3sJALtZjUPdL1
WvykMH9QMp30qbhVTmFCv9Lo6zxEi+N6Y9WgKKEjaVvLgDzazVjWWTez+XTjbnuX
Cshr1PmMSjzpQ3CtTSsCSo9jfu1KTqil6newEHZBe92W0SXFSaFL+IXhrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJMiHNNInXoih0/rm6pE3PIGJXDMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvSWt5SWMwMGlkZWlLSFQtdWJxa1RjOGdZbGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADmboMA0G
CSqGSIb3DQEBCwUAA4IBAQDXpoWAK4Qf1aE6d5Vi0YlSUahQu5TQ/vsbaZIonKGw
M+vlDL4rALpqah+faZihHFJeA8vLcu2nzdjkTNQJJdv2miJkBhV7xe4yB+D38nxD
XrF3c5MUpIFSKmUf4STmccdW75ceCTJzhQCKIo6kq+N3LrI6o73dzbkMviFiu6Be
IaHQPHcf0dSsKccj3K+Ww8pcIu88RyJpy96Ig0FjTPAfpFEmQZcAC4ymme9PDRDc
Y/uhRuQ4LpNxsCEBaRQHpKvTqtIJGNs7HR+zCCJBedXv18jXiNICCmV2FSdsDqG2
bs9e24CHgsh8bm35gs3zxlFlIj+RepmYpJ/K1kOXMuWH
-----END CERTIFICATE-----