Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/bP-Ozzal9UPSCDxIm_U9UFjBP1Q.roa
File:                     bP-Ozzal9UPSCDxIm_U9UFjBP1Q.roa (raw, json)
Hash identifier:          pdWL3uccXs2+bi5xECxPlt2Z9wXcQQLBT0FnGDxHKzs=
Subject key identifier:   6C:FF:8E:CF:36:A5:F5:43:D2:08:3C:48:9B:F5:3D:50:58:C1:3F:54
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018CC26D5AADB3447C22DE1089118663F955
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/bP-Ozzal9UPSCDxIm_U9UFjBP1Q.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        14.102.224.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5a:ad:b3:44:7c:22:de:10:89:11:86:63:f9:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cff8ecf36a5f543d2083c489bf53d5058c13f54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0e:ab:ad:58:94:9a:84:f0:37:00:0b:d9:c9:
                    3c:7b:f6:89:be:f6:ef:b0:31:47:9a:2b:c8:91:64:
                    54:50:82:3e:1d:21:db:40:74:27:f2:96:28:02:21:
                    06:0c:68:54:db:fa:c3:2e:15:f5:16:8b:bb:dc:cd:
                    23:c2:62:a8:14:a0:1f:af:bf:14:f3:72:a9:fc:6a:
                    c4:8f:15:7c:8a:24:45:af:0f:9f:50:33:b9:f5:c0:
                    e8:f5:14:e6:3c:26:20:5c:bf:d5:0b:c1:dc:af:c9:
                    f2:d1:f9:9e:99:79:a0:8d:1a:3f:f0:fe:70:ca:39:
                    ff:ad:83:c2:88:c9:59:19:a9:f7:56:65:cf:f8:e4:
                    5a:b4:f3:66:ac:62:ec:83:c6:c3:45:64:2c:6e:c6:
                    d8:ac:7b:85:58:1a:6b:01:bc:1c:44:ba:e7:28:35:
                    e4:00:45:e3:31:7a:ae:2d:54:64:d2:01:f4:a5:ff:
                    cf:f2:01:3d:ae:b4:6a:5e:b8:50:1a:53:10:b4:77:
                    65:23:b1:13:91:36:19:a7:5b:33:fa:a2:27:64:52:
                    39:88:cc:90:a7:e2:3b:02:40:30:32:cb:35:8f:41:
                    dc:11:2b:88:d0:fb:a5:20:73:4f:99:2d:45:65:0c:
                    51:73:9b:ee:a2:2a:02:b3:28:5b:15:3b:92:10:b2:
                    34:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:FF:8E:CF:36:A5:F5:43:D2:08:3C:48:9B:F5:3D:50:58:C1:3F:54
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/bP-Ozzal9UPSCDxIm_U9UFjBP1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:78:b5:dd:ae:1f:d3:bd:5f:02:30:94:42:f1:f5:bf:a6:1f:
         e8:80:6c:9b:60:bf:b1:37:db:f5:8c:d0:93:e2:84:d3:c7:5d:
         48:e8:50:64:07:28:cd:cd:62:47:a6:72:97:78:6c:1b:97:4e:
         81:71:70:9e:3a:2b:f3:39:1d:fb:70:3c:52:8b:02:ee:e1:21:
         91:5f:de:6b:37:67:00:ac:8a:9f:1a:35:dd:36:64:e9:02:30:
         00:0c:09:82:05:b8:10:02:0c:92:3c:34:0f:62:52:4a:09:7f:
         d6:b4:e8:70:fc:a7:32:20:4d:38:b8:e9:3e:05:57:a5:19:cc:
         b3:89:a7:ea:b2:31:d1:23:07:bd:21:bd:0f:92:c3:64:0f:1f:
         9c:c2:a5:20:d5:a9:0f:3b:f6:51:ac:bb:cc:ad:2c:1b:75:3e:
         70:60:8a:fe:1f:38:18:87:f4:57:0f:b7:42:0b:20:96:44:37:
         95:8a:9b:7a:7e:2f:0f:81:41:57:39:e7:6d:26:fe:0c:87:4d:
         43:e4:0a:ec:93:52:01:1b:1f:02:a8:ff:0b:36:b0:6e:e4:a2:
         11:71:5c:d1:83:c6:4a:4e:9d:35:8f:7a:c0:df:06:44:85:47:
         8e:38:50:4f:18:96:2b:0b:d8:0d:4e:59:9e:ea:3a:a2:7a:40:
         06:c3:14:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVqts0R8It4QiRGGY/lVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ZmOGVjZjM2YTVmNTQzZDIwODNjNDg5YmY1M2Q1MDU4YzEzZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQ6rrViUmoTwNwAL2ck8e/aJvvbv
sDFHmivIkWRUUII+HSHbQHQn8pYoAiEGDGhU2/rDLhX1Fou73M0jwmKoFKAfr78U
83Kp/GrEjxV8iiRFrw+fUDO59cDo9RTmPCYgXL/VC8Hcr8ny0fmemXmgjRo/8P5w
yjn/rYPCiMlZGan3VmXP+ORatPNmrGLsg8bDRWQsbsbYrHuFWBprAbwcRLrnKDXk
AEXjMXquLVRk0gH0pf/P8gE9rrRqXrhQGlMQtHdlI7ETkTYZp1sz+qInZFI5iMyQ
p+I7AkAwMss1j0HcESuI0PulIHNPmS1FZQxRc5vuoioCsyhbFTuSELI0xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGz/js82pfVD0gg8SJv1PVBYwT9UMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvYlAtT3p6YWw5VVBTQ0R4SW1fVTlVRmpCUDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBDmbgMA0G
CSqGSIb3DQEBCwUAA4IBAQBoeLXdrh/TvV8CMJRC8fW/ph/ogGybYL+xN9v1jNCT
4oTTx11I6FBkByjNzWJHpnKXeGwbl06BcXCeOivzOR37cDxSiwLu4SGRX95rN2cA
rIqfGjXdNmTpAjAADAmCBbgQAgySPDQPYlJKCX/WtOhw/KcyIE04uOk+BVelGcyz
iafqsjHRIwe9Ib0PksNkDx+cwqUg1akPO/ZRrLvMrSwbdT5wYIr+HzgYh/RXD7dC
CyCWRDeVipt6fi8PgUFXOedtJv4Mh01D5Arsk1IBGx8CqP8LNrBu5KIRcVzRg8ZK
Tp01j3rA3wZEhUeOOFBPGJYrC9gNTlme6jqiekAGwxRH
-----END CERTIFICATE-----