Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Y-g3M7H9TSec7MfHDCAfvUy3d80.roa
File:                     Y-g3M7H9TSec7MfHDCAfvUy3d80.roa (raw, json)
Hash identifier:          H4rb0ebmtZzBVLYOXNFBydE8PdsTyIIbUfr55sgFxeY=
Subject key identifier:   63:E8:37:33:B1:FD:4D:27:9C:EC:C7:C7:0C:20:1F:BD:4C:B7:77:CD
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018CC26D58DB5601EA6DA60CFF96B66B0D49
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Y-g3M7H9TSec7MfHDCAfvUy3d80.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48925
IP address blocks:        14.102.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:58:db:56:01:ea:6d:a6:0c:ff:96:b6:6b:0d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63e83733b1fd4d279cecc7c70c201fbd4cb777cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:86:75:a3:11:9c:ca:33:1d:52:1e:5a:09:6a:
                    27:75:35:02:04:d7:f3:36:b6:b6:b7:bc:38:bc:1f:
                    e4:c3:6f:84:b0:dd:0f:29:81:b4:4a:9f:91:58:23:
                    a3:0c:7b:7e:63:3d:b7:2e:34:2b:88:da:60:f9:a4:
                    8a:18:21:fb:79:41:79:17:8c:3b:ab:1b:1a:93:82:
                    16:fb:e2:9b:b9:17:86:18:61:8e:e4:6b:df:88:3a:
                    f1:cd:43:ca:1a:0e:26:72:f9:40:f7:1c:05:fa:4c:
                    49:75:a6:40:c5:71:c1:91:e7:69:4f:ff:30:a7:8b:
                    18:fb:9f:02:7b:fd:22:27:eb:91:e6:2e:77:ca:60:
                    18:00:d6:d3:3a:c6:b5:33:21:78:94:4f:fd:fe:c6:
                    cb:6d:10:9d:f8:67:40:f8:ba:ff:f7:30:8c:15:b9:
                    7d:0f:dd:4d:60:34:b2:5e:e3:ce:e7:fc:e6:45:68:
                    0b:7e:bd:e8:fd:46:fb:e9:db:28:b9:9a:cf:50:d4:
                    d4:33:ee:69:3a:38:c5:52:f0:8a:02:be:7e:a2:3c:
                    42:77:75:d2:d7:7d:73:50:37:2c:43:28:d8:c4:8e:
                    80:e6:38:09:7c:ec:dd:43:a8:f2:6d:19:55:4f:eb:
                    52:9e:54:62:e0:74:c6:c9:5f:58:39:96:9c:a8:34:
                    71:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E8:37:33:B1:FD:4D:27:9C:EC:C7:C7:0C:20:1F:BD:4C:B7:77:CD
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Y-g3M7H9TSec7MfHDCAfvUy3d80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:09:2e:a3:2a:3c:52:1a:aa:21:91:78:d0:8c:21:05:11:4b:
         d9:d5:f0:33:9c:0b:f3:96:ff:ef:c2:bb:8c:42:16:e9:d8:e6:
         a2:3e:3d:e6:2b:fa:2d:70:b6:1c:d3:9d:4a:55:1b:d6:b1:b5:
         ad:2e:8b:bb:ec:38:f0:a4:14:a2:55:0c:d4:4c:40:a3:83:c9:
         19:c2:e3:94:cc:f5:bb:2f:31:b0:78:a6:1e:ba:37:81:6a:b7:
         1a:02:d6:60:f1:9a:ca:e4:72:44:b7:bc:bc:cd:f9:9c:07:52:
         6a:65:58:7a:c7:dc:a2:52:53:64:e3:05:7a:22:76:fe:d6:d7:
         ed:92:e8:55:33:2c:f6:9b:f8:1a:b9:4c:15:5e:af:68:37:8e:
         af:d3:2e:89:1f:87:dc:67:2f:26:aa:48:ab:31:a2:32:52:4c:
         4e:95:fe:b2:f6:f0:a5:e3:ba:79:c0:2d:99:65:38:5d:c1:b2:
         7d:52:99:66:a7:cf:f5:42:12:dc:d6:23:8a:50:8d:cb:7b:9b:
         9c:12:dd:31:89:87:be:36:72:78:13:17:63:af:a4:26:18:0a:
         3b:f1:91:89:6b:fc:a1:cb:ff:dc:56:0d:cf:ce:2f:e4:df:79:
         ee:63:9f:0f:ef:2a:d0:f2:15:8b:e7:7c:e0:a0:6b:19:88:87:
         fd:91:0e:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVjbVgHqbaYM/5a2aw1JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2U4MzczM2IxZmQ0ZDI3OWNlY2M3YzcwYzIwMWZiZDRjYjc3N2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYZ1oxGcyjMdUh5aCWondTUCBNfz
Nra2t7w4vB/kw2+EsN0PKYG0Sp+RWCOjDHt+Yz23LjQriNpg+aSKGCH7eUF5F4w7
qxsak4IW++KbuReGGGGO5GvfiDrxzUPKGg4mcvlA9xwF+kxJdaZAxXHBkedpT/8w
p4sY+58Ce/0iJ+uR5i53ymAYANbTOsa1MyF4lE/9/sbLbRCd+GdA+Lr/9zCMFbl9
D91NYDSyXuPO5/zmRWgLfr3o/Ub76dsouZrPUNTUM+5pOjjFUvCKAr5+ojxCd3XS
131zUDcsQyjYxI6A5jgJfOzdQ6jybRlVT+tSnlRi4HTGyV9YOZacqDRxpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPoNzOx/U0nnOzHxwwgH71Mt3fNMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvWS1nM003SDlUU2VjN01mSERDQWZ2VXkzZDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADmbpMA0G
CSqGSIb3DQEBCwUAA4IBAQAiCS6jKjxSGqohkXjQjCEFEUvZ1fAznAvzlv/vwruM
Qhbp2OaiPj3mK/otcLYc051KVRvWsbWtLou77DjwpBSiVQzUTECjg8kZwuOUzPW7
LzGweKYeujeBarcaAtZg8ZrK5HJEt7y8zfmcB1JqZVh6x9yiUlNk4wV6Inb+1tft
kuhVMyz2m/gauUwVXq9oN46v0y6JH4fcZy8mqkirMaIyUkxOlf6y9vCl47p5wC2Z
ZThdwbJ9Uplmp8/1QhLc1iOKUI3Le5ucEt0xiYe+NnJ4Exdjr6QmGAo78ZGJa/yh
y//cVg3Pzi/k33nuY58P7yrQ8hWL53zgoGsZiIf9kQ4X
-----END CERTIFICATE-----