Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/m89sQIyqStfFcC5-52Tb5AFWQ_A.roa
File:                     m89sQIyqStfFcC5-52Tb5AFWQ_A.roa (raw, json)
Hash identifier:          9ogMCnu2VDS4T107BtETAV+rX5cV5iJuPHQp23u17cc=
Subject key identifier:   9B:CF:6C:40:8C:AA:4A:D7:C5:70:2E:7E:E7:64:DB:E4:01:56:43:F0
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019422201DD410E150A3B41131C2301E82C2
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/m89sQIyqStfFcC5-52Tb5AFWQ_A.roa
Signing time:             Wed 01 Jan 2025 13:48:37 +0000
ROA not before:           Wed 01 Jan 2025 13:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        14.102.224.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1d:d4:10:e1:50:a3:b4:11:31:c2:30:1e:82:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 13:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bcf6c408caa4ad7c5702e7ee764dbe4015643f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:24:e6:cf:d3:2e:4d:bd:1d:1c:af:38:af:c5:
                    8c:ae:ab:2b:5e:15:46:56:9d:14:89:e3:70:68:ce:
                    d6:61:5d:a7:ba:34:72:31:13:77:f5:7c:a5:cc:69:
                    e6:a4:7f:03:c3:21:45:d5:a5:fc:7a:e8:80:d4:7f:
                    bc:d0:b6:f8:2b:bf:b5:7c:3a:2d:e5:f3:cb:d1:e3:
                    3f:6c:22:a2:49:64:c9:10:d4:7a:42:c3:20:0a:a4:
                    04:57:3e:a2:3a:d3:78:b6:05:ef:ec:94:85:98:67:
                    5c:7c:d4:fe:b1:10:b1:26:90:81:e2:ea:38:3d:c4:
                    70:7e:ed:7e:d5:20:cb:e9:cd:9f:d8:fc:96:94:60:
                    f9:d9:70:2b:37:1b:04:7b:85:a3:e6:19:d8:98:7c:
                    aa:14:5d:11:f3:ed:da:62:c3:52:fd:28:9e:21:ba:
                    36:ab:8e:62:4d:1b:40:d7:40:83:24:99:31:7e:8e:
                    fb:37:04:d6:f5:cd:a4:c2:12:05:de:9e:79:d1:e6:
                    13:ab:ed:ae:20:2f:49:5c:67:bf:05:84:f9:f7:af:
                    d7:5e:74:20:73:43:38:70:75:90:8b:96:0f:82:ed:
                    f7:9e:38:38:88:c5:cb:8d:7e:2d:e5:6a:c3:d5:45:
                    b1:b9:4f:6f:2f:65:a7:5a:aa:5d:58:3e:6c:e0:54:
                    7b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:CF:6C:40:8C:AA:4A:D7:C5:70:2E:7E:E7:64:DB:E4:01:56:43:F0
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/m89sQIyqStfFcC5-52Tb5AFWQ_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:dc:aa:61:16:9b:6a:36:6f:8f:16:43:3c:13:a7:c5:0d:ac:
         99:d0:ea:bc:6c:2f:c6:c4:d1:dd:82:46:47:94:1f:a6:bf:3d:
         34:cc:1b:80:4f:53:8c:f9:a3:34:a1:e9:1d:4a:00:08:51:fc:
         6b:b0:9c:5b:6c:e6:3f:b9:8f:4c:72:d4:ec:d5:a2:e1:44:89:
         51:85:9d:28:da:93:83:85:80:fe:68:da:cc:9c:40:e6:56:f2:
         3f:1a:cb:29:76:e4:10:35:87:fe:e1:e4:c1:66:b0:2b:a1:5d:
         9b:d8:0a:cb:d0:14:6c:55:8e:cd:5c:ca:d6:ef:16:01:4f:99:
         83:25:10:77:89:21:c0:9c:23:2d:7c:a4:f9:b3:30:95:35:da:
         76:b4:ad:78:ea:26:a1:4e:b0:81:06:f0:de:80:00:50:d3:7e:
         61:ad:a5:a8:8c:0d:1a:dd:c4:cb:22:2c:5c:68:c4:03:4f:ed:
         95:ea:e5:3c:30:ee:e7:fc:8a:26:04:9b:d1:7b:91:ad:fe:db:
         df:6c:65:23:b2:43:60:9c:7e:a8:17:1d:8d:32:18:84:f2:b8:
         71:53:71:a6:a0:86:d8:c4:97:4d:77:a5:09:fd:e3:05:ab:2d:
         f2:c4:7d:91:45:8a:ee:fa:15:4c:be:0c:33:d1:72:75:f5:44:
         9e:f6:8b:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIB3UEOFQo7QRMcIwHoLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmNmNmM0MDhjYWE0YWQ3YzU3MDJlN2VlNzY0ZGJlNDAxNTY0M2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCTmz9MuTb0dHK84r8WMrqsrXhVG
Vp0UieNwaM7WYV2nujRyMRN39XylzGnmpH8DwyFF1aX8euiA1H+80Lb4K7+1fDot
5fPL0eM/bCKiSWTJENR6QsMgCqQEVz6iOtN4tgXv7JSFmGdcfNT+sRCxJpCB4uo4
PcRwfu1+1SDL6c2f2PyWlGD52XArNxsEe4Wj5hnYmHyqFF0R8+3aYsNS/SieIbo2
q45iTRtA10CDJJkxfo77NwTW9c2kwhIF3p550eYTq+2uIC9JXGe/BYT596/XXnQg
c0M4cHWQi5YPgu33njg4iMXLjX4t5WrD1UWxuU9vL2WnWqpdWD5s4FR7jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvPbECMqkrXxXAufudk2+QBVkPwMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvbTg5c1FJeXFTdGZGY0M1LTUyVGI1QUZXUV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBDmbgMA0G
CSqGSIb3DQEBCwUAA4IBAQBj3KphFptqNm+PFkM8E6fFDayZ0Oq8bC/GxNHdgkZH
lB+mvz00zBuAT1OM+aM0oekdSgAIUfxrsJxbbOY/uY9MctTs1aLhRIlRhZ0o2pOD
hYD+aNrMnEDmVvI/GsspduQQNYf+4eTBZrAroV2b2ArL0BRsVY7NXMrW7xYBT5mD
JRB3iSHAnCMtfKT5szCVNdp2tK146iahTrCBBvDegABQ035hraWojA0a3cTLIixc
aMQDT+2V6uU8MO7n/IomBJvRe5Gt/tvfbGUjskNgnH6oFx2NMhiE8rhxU3GmoIbY
xJdNd6UJ/eMFqy3yxH2RRYru+hVMvgwz0XJ19USe9ov0
-----END CERTIFICATE-----