Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_43u-4Z11xfr3QGlOdcf9WX1Pu0.roa
File:                     _43u-4Z11xfr3QGlOdcf9WX1Pu0.roa (raw, json)
Hash identifier:          /aJIXExmJglUHBxG7eYVZLBZNIrcnGb/ah1siAO7Y6Y=
Subject key identifier:   FF:8D:EE:FB:86:75:D7:17:EB:DD:01:A5:39:D7:1F:F5:65:F5:3E:ED
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018FA72D6C369DE11A8FB57667C88BD915CB
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_43u-4Z11xfr3QGlOdcf9WX1Pu0.roa
Signing time:             Thu 23 May 2024 20:38:42 +0000
ROA not before:           Thu 23 May 2024 20:38:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211091
IP address blocks:        14.102.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a7:2d:6c:36:9d:e1:1a:8f:b5:76:67:c8:8b:d9:15:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May 23 20:38:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff8deefb8675d717ebdd01a539d71ff565f53eed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:24:72:aa:b2:4a:ad:3c:87:33:4b:c1:4c:8a:
                    64:87:b4:69:13:6b:ce:a8:af:2f:9c:d1:57:2a:e5:
                    a3:29:94:e9:d7:dc:a5:d2:80:a8:23:da:a0:2a:5f:
                    7c:d0:a0:7d:56:e9:8c:80:56:20:a5:1f:4c:c7:d3:
                    2e:34:83:51:73:57:7b:70:c7:0e:b8:f2:b2:9d:d1:
                    fd:2d:7c:51:00:e8:10:8f:6f:e5:67:58:ad:f5:c1:
                    95:e3:b4:03:39:f8:d0:c1:3f:b8:dc:f5:ed:5c:c2:
                    a3:f6:15:f9:b1:c3:78:8f:6d:33:2d:2d:75:9e:04:
                    58:ad:ee:57:fd:00:9c:9a:0f:fb:fb:72:19:b5:cb:
                    8c:80:75:a0:dc:6a:b0:d5:5a:88:b6:a3:5f:bc:74:
                    89:05:ca:61:81:85:e3:c1:8a:c0:e8:51:a2:e1:50:
                    39:ca:62:14:13:a3:84:47:17:a3:d3:2f:0f:15:96:
                    20:3e:81:86:90:b1:ee:2a:0a:3e:1b:dc:bf:40:99:
                    70:12:f3:9c:97:d4:1f:d8:dc:d1:a4:46:ed:01:15:
                    07:bc:51:e3:b8:9f:cd:4f:14:27:89:2e:54:7b:b3:
                    3c:b0:ad:f0:13:35:1b:78:20:05:bb:0c:73:a9:98:
                    43:38:a7:bb:00:f7:88:b4:4e:03:ad:44:ff:13:d5:
                    d6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:8D:EE:FB:86:75:D7:17:EB:DD:01:A5:39:D7:1F:F5:65:F5:3E:ED
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_43u-4Z11xfr3QGlOdcf9WX1Pu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:7c:a2:80:bb:f2:30:5e:49:89:d2:be:80:50:91:ca:26:cc:
         79:96:4f:31:74:c7:6d:87:62:e3:90:e9:81:36:18:f8:93:2e:
         69:45:61:e1:b2:40:d3:0f:f9:d0:13:a2:df:74:fa:05:fa:37:
         62:a3:a8:db:2a:67:8c:20:0f:29:c4:f1:b9:3e:56:5d:80:b6:
         24:70:fe:2d:27:9c:c8:00:2d:b6:43:a8:82:32:22:56:dd:d9:
         5e:f1:21:9c:c7:ca:da:ef:3a:5d:40:44:22:2a:40:02:3c:dd:
         95:dd:05:57:d7:9f:39:6b:8e:2a:da:6d:a5:ba:e3:a6:51:e3:
         a3:2f:5c:a2:6a:cf:d6:4d:02:f5:a5:45:77:ed:94:26:7e:3c:
         b8:74:43:50:aa:44:7f:2f:25:80:a7:a2:12:58:78:3f:98:d0:
         ae:7e:43:ab:f4:18:2b:45:a0:7d:9e:9a:10:83:a4:ea:d6:00:
         cd:7b:c2:ac:9d:2c:3f:e8:bc:e4:fb:c1:2f:6a:7b:3c:fc:95:
         43:08:54:7d:a2:d9:b8:3d:48:69:1b:b6:02:44:a7:8b:5e:46:
         e5:f6:b9:f4:12:8a:3f:8a:ae:61:35:4f:8f:57:56:ba:e7:3c:
         91:5b:4a:e0:ef:dd:b7:d3:54:12:a0:20:38:29:2a:a1:47:13:
         06:7c:a5:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+nLWw2neEaj7V2Z8iL2RXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwNTIzMjAzODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjhkZWVmYjg2NzVkNzE3ZWJkZDAxYTUzOWQ3MWZmNTY1ZjUzZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRyqrJKrTyHM0vBTIpkh7RpE2vO
qK8vnNFXKuWjKZTp19yl0oCoI9qgKl980KB9VumMgFYgpR9Mx9MuNINRc1d7cMcO
uPKyndH9LXxRAOgQj2/lZ1it9cGV47QDOfjQwT+43PXtXMKj9hX5scN4j20zLS11
ngRYre5X/QCcmg/7+3IZtcuMgHWg3Gqw1VqItqNfvHSJBcphgYXjwYrA6FGi4VA5
ymIUE6OERxej0y8PFZYgPoGGkLHuKgo+G9y/QJlwEvOcl9Qf2NzRpEbtARUHvFHj
uJ/NTxQniS5Ue7M8sK3wEzUbeCAFuwxzqZhDOKe7APeItE4DrUT/E9XWBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+N7vuGddcX690BpTnXH/Vl9T7tMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvXzQzdS00WjExeGZyM1FHbE9kY2Y5V1gxUHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADmbsMA0G
CSqGSIb3DQEBCwUAA4IBAQB+fKKAu/IwXkmJ0r6AUJHKJsx5lk8xdMdth2LjkOmB
Nhj4ky5pRWHhskDTD/nQE6LfdPoF+jdio6jbKmeMIA8pxPG5PlZdgLYkcP4tJ5zI
AC22Q6iCMiJW3dle8SGcx8ra7zpdQEQiKkACPN2V3QVX1585a44q2m2luuOmUeOj
L1yias/WTQL1pUV37ZQmfjy4dENQqkR/LyWAp6ISWHg/mNCufkOr9BgrRaB9npoQ
g6Tq1gDNe8KsnSw/6Lzk+8Evans8/JVDCFR9otm4PUhpG7YCRKeLXkbl9rn0Eoo/
iq5hNU+PV1a65zyRW0rg792301QSoCA4KSqhRxMGfKVE
-----END CERTIFICATE-----