Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/zwlBhPJlCozuvnVSMsrlbdk4gis.roa
File:                     zwlBhPJlCozuvnVSMsrlbdk4gis.roa (raw, json)
Hash identifier:          U5JIdatheW2C8j/3Yh3Os4x2GZWCurlkP/Q6e48BdAI=
Subject key identifier:   CF:09:41:84:F2:65:0A:8C:EE:BE:75:52:32:CA:E5:6D:D9:38:82:2B
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018CC26D5BC05DC9F55B8AE9BCC56691A330
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/zwlBhPJlCozuvnVSMsrlbdk4gis.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396998
IP address blocks:        14.102.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5b:c0:5d:c9:f5:5b:8a:e9:bc:c5:66:91:a3:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf094184f2650a8ceebe755232cae56dd938822b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:45:21:f3:4c:ba:1f:86:1a:8a:55:00:f1:1c:
                    c9:88:e4:d0:ed:7e:42:82:c6:99:e4:43:89:84:87:
                    e1:51:48:0d:12:25:d3:d5:b7:dc:48:16:cc:50:27:
                    39:30:6c:44:19:eb:14:0a:1b:f2:91:36:85:10:32:
                    af:15:91:e5:a2:8b:fd:6c:ee:32:21:00:7f:c4:c0:
                    5a:fa:4e:fe:26:29:9e:cb:98:86:e9:b6:6f:29:41:
                    2d:89:80:c1:fb:e5:eb:f0:de:7b:bf:83:3d:89:28:
                    11:b7:8f:1a:ae:1a:7a:5a:7a:ea:7f:af:d0:37:13:
                    8e:92:98:d5:a2:ea:41:63:c2:05:fa:ea:72:29:c3:
                    3a:37:15:7e:20:37:94:eb:6c:aa:d3:1d:d5:a5:e6:
                    1b:a9:15:ca:a8:2c:a1:5b:38:96:7e:bd:87:dd:20:
                    a1:e0:a2:49:26:00:27:8e:f2:c0:79:db:53:25:a4:
                    d4:85:72:88:24:7c:4b:ac:cf:a3:8d:b3:45:f0:4a:
                    cf:9d:d9:0f:64:02:57:8a:45:0d:47:f2:f1:12:d7:
                    bb:05:14:9a:fa:30:92:dc:15:f9:40:49:3f:ba:76:
                    ac:42:dc:06:e7:6d:59:79:30:9a:fd:d1:6e:15:a5:
                    e6:26:91:8a:62:4e:a1:56:eb:77:c2:85:b1:0e:2f:
                    5b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:09:41:84:F2:65:0A:8C:EE:BE:75:52:32:CA:E5:6D:D9:38:82:2B
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/zwlBhPJlCozuvnVSMsrlbdk4gis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:55:74:9d:9c:b7:4a:5d:73:69:5e:39:99:23:90:86:55:08:
         0c:6c:03:67:d8:c8:88:79:77:27:11:52:45:8e:98:20:1c:18:
         fd:28:04:29:0f:8b:2b:05:3a:2d:41:a6:ab:1f:35:d5:16:12:
         e2:fa:dc:63:e9:32:62:5a:e5:9c:45:5f:c1:95:43:f9:86:90:
         6a:e3:52:d9:95:dd:1a:70:77:d0:92:d8:08:af:6c:c3:4e:93:
         55:52:a7:52:c5:a5:63:de:9b:ae:85:b3:99:ad:78:55:33:c1:
         f5:34:d3:70:3f:38:bb:c2:9c:18:52:b1:48:58:19:2c:95:76:
         3a:2b:f8:c8:be:8a:8b:68:d2:4f:71:ce:93:2c:8e:f8:01:34:
         5b:a3:12:ff:e5:a3:ea:8b:ce:e0:a3:92:1d:96:b3:aa:2e:7d:
         ea:44:ee:a9:56:b3:d8:cf:5a:e4:fd:c2:35:ae:f4:0b:f4:28:
         bf:90:02:34:bd:6e:50:0a:f4:a1:35:33:a6:ea:ec:22:4b:e7:
         6c:4f:b5:7f:3c:01:b8:ad:37:43:22:17:b9:02:61:38:b2:2d:
         09:9e:70:87:da:77:a7:6e:80:5e:33:9b:95:8a:94:b5:14:b8:
         6f:47:e8:cc:e3:05:8d:a9:35:1c:4b:9c:ea:b3:dc:47:0c:6d:
         75:e3:6d:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVvAXcn1W4rpvMVmkaMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjA5NDE4NGYyNjUwYThjZWViZTc1NTIzMmNhZTU2ZGQ5Mzg4MjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUUh80y6H4YailUA8RzJiOTQ7X5C
gsaZ5EOJhIfhUUgNEiXT1bfcSBbMUCc5MGxEGesUChvykTaFEDKvFZHloov9bO4y
IQB/xMBa+k7+Jimey5iG6bZvKUEtiYDB++Xr8N57v4M9iSgRt48arhp6Wnrqf6/Q
NxOOkpjVoupBY8IF+upyKcM6NxV+IDeU62yq0x3VpeYbqRXKqCyhWziWfr2H3SCh
4KJJJgAnjvLAedtTJaTUhXKIJHxLrM+jjbNF8ErPndkPZAJXikUNR/LxEte7BRSa
+jCS3BX5QEk/unasQtwG521ZeTCa/dFuFaXmJpGKYk6hVut3woWxDi9bZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8JQYTyZQqM7r51UjLK5W3ZOIIrMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvendsQmhQSmxDb3p1dm5WU01zcmxiZGs0Z2lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADmbpMA0G
CSqGSIb3DQEBCwUAA4IBAQCNVXSdnLdKXXNpXjmZI5CGVQgMbANn2MiIeXcnEVJF
jpggHBj9KAQpD4srBTotQaarHzXVFhLi+txj6TJiWuWcRV/BlUP5hpBq41LZld0a
cHfQktgIr2zDTpNVUqdSxaVj3puuhbOZrXhVM8H1NNNwPzi7wpwYUrFIWBkslXY6
K/jIvoqLaNJPcc6TLI74ATRboxL/5aPqi87go5IdlrOqLn3qRO6pVrPYz1rk/cI1
rvQL9Ci/kAI0vW5QCvShNTOm6uwiS+dsT7V/PAG4rTdDIhe5AmE4si0JnnCH2nen
boBeM5uVipS1FLhvR+jM4wWNqTUcS5zqs9xHDG11422g
-----END CERTIFICATE-----