Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/TzNWY2Vmp3q7TaP29_wrIJBrhNs.roa
File:                     TzNWY2Vmp3q7TaP29_wrIJBrhNs.roa (raw, json)
Hash identifier:          2SZSvvZRbdESrbhgfG68LLxh/hE1rfG67HxAHqnP5To=
Subject key identifier:   4F:33:56:63:65:66:A7:7A:BB:4D:A3:F6:F7:FC:2B:20:90:6B:84:DB
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0196205791FA3963AC101DA47EBEB0C02F1D
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/TzNWY2Vmp3q7TaP29_wrIJBrhNs.roa
Signing time:             Thu 10 Apr 2025 15:35:32 +0000
ROA not before:           Thu 10 Apr 2025 15:35:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        14.102.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:20:57:91:fa:39:63:ac:10:1d:a4:7e:be:b0:c0:2f:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Apr 10 15:35:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f3356636566a77abb4da3f6f7fc2b20906b84db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:33:d4:58:be:92:01:0d:b8:2b:99:07:29:39:
                    34:d1:b1:40:e5:6b:b9:04:3e:6d:26:28:c0:0d:13:
                    49:8b:cc:57:a2:f2:31:b5:d9:75:56:d3:3c:60:c8:
                    b6:d3:2f:fa:7a:20:69:02:74:97:1e:36:e6:60:76:
                    1c:a1:e8:88:7c:2f:e6:da:3f:94:dc:6f:a4:16:a7:
                    f3:e0:38:ac:a8:f7:16:71:3c:28:4a:fd:8e:d6:85:
                    52:fe:b8:18:b9:81:0d:f6:f4:90:d7:a4:f4:dc:08:
                    a1:f4:a4:c1:67:d7:e3:6d:e1:57:6f:af:c6:31:b4:
                    1b:8f:d1:48:21:69:c8:17:26:df:91:ad:2b:d0:05:
                    21:ed:d3:86:46:99:10:6d:6a:a1:89:84:61:3d:87:
                    37:45:f3:83:ca:7a:c2:c7:c4:8e:5e:59:dc:a1:3a:
                    85:f9:77:8b:e5:72:e4:3c:5c:69:a3:3d:d5:b3:a7:
                    b1:60:db:73:d5:e8:25:bf:34:25:8c:b8:75:98:06:
                    ef:b2:60:a3:76:bf:c3:21:13:89:ad:da:7a:25:92:
                    be:ee:92:d1:1a:e2:a7:97:26:63:a1:14:61:e0:01:
                    dd:5f:70:e7:07:37:9d:05:80:30:95:26:15:8b:4d:
                    52:2f:69:29:db:cd:4d:07:28:63:da:8a:e6:fe:5b:
                    1c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:33:56:63:65:66:A7:7A:BB:4D:A3:F6:F7:FC:2B:20:90:6B:84:DB
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/TzNWY2Vmp3q7TaP29_wrIJBrhNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:67:9c:5f:53:94:13:51:f0:77:09:b9:95:b9:1e:46:e9:d5:
         f7:f9:3a:88:52:7f:96:e0:0a:2f:13:95:f6:d8:b7:d1:5a:e2:
         37:71:a9:50:45:e7:ab:ff:44:18:0a:18:79:c2:19:a0:82:02:
         6b:6e:da:66:df:e9:ae:2f:b7:df:eb:3f:27:7a:1e:d6:b0:60:
         50:67:ab:42:3b:e0:5c:ab:35:da:26:18:37:08:e9:a9:3b:ce:
         dc:a9:b2:8d:19:45:f7:9a:6d:0d:25:26:97:27:55:1e:7c:4c:
         e8:00:81:02:a9:c5:e9:05:3f:83:57:03:71:c1:c6:77:a2:10:
         73:79:75:e2:a3:32:82:3d:c9:f6:b9:6b:fa:ac:4c:4f:ba:98:
         9f:ad:c6:25:00:3f:15:49:1a:f5:2e:15:63:30:ca:60:dd:b9:
         32:e8:32:37:a0:64:df:01:ca:29:82:25:35:ee:45:7e:42:8e:
         e1:00:f8:71:ee:9b:c6:93:05:a7:6b:ca:f0:61:74:8e:d8:e8:
         4c:99:9b:07:78:13:29:d7:7e:cd:eb:83:32:4e:24:f9:a1:34:
         66:05:c1:27:b6:2e:00:ca:02:b1:30:77:3d:6e:f5:f6:dc:3d:
         63:3b:85:64:09:88:d3:65:78:08:cf:07:c0:fa:a2:45:43:c3:
         04:ec:a4:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYgV5H6OWOsEB2kfr6wwC8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNDEwMTUzNTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjMzNTY2MzY1NjZhNzdhYmI0ZGEzZjZmN2ZjMmIyMDkwNmI4NGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjPUWL6SAQ24K5kHKTk00bFA5Wu5
BD5tJijADRNJi8xXovIxtdl1VtM8YMi20y/6eiBpAnSXHjbmYHYcoeiIfC/m2j+U
3G+kFqfz4DisqPcWcTwoSv2O1oVS/rgYuYEN9vSQ16T03Aih9KTBZ9fjbeFXb6/G
MbQbj9FIIWnIFybfka0r0AUh7dOGRpkQbWqhiYRhPYc3RfODynrCx8SOXlncoTqF
+XeL5XLkPFxpoz3Vs6exYNtz1eglvzQljLh1mAbvsmCjdr/DIROJrdp6JZK+7pLR
GuKnlyZjoRRh4AHdX3DnBzedBYAwlSYVi01SL2kp281NByhj2orm/lscLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8zVmNlZqd6u02j9vf8KyCQa4TbMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvVHpOV1kyVm1wM3E3VGFQMjlfd3JJSkJyaE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADmbqMA0G
CSqGSIb3DQEBCwUAA4IBAQA8Z5xfU5QTUfB3CbmVuR5G6dX3+TqIUn+W4AovE5X2
2LfRWuI3calQReer/0QYChh5whmgggJrbtpm3+muL7ff6z8neh7WsGBQZ6tCO+Bc
qzXaJhg3COmpO87cqbKNGUX3mm0NJSaXJ1UefEzoAIECqcXpBT+DVwNxwcZ3ohBz
eXXiozKCPcn2uWv6rExPupifrcYlAD8VSRr1LhVjMMpg3bky6DI3oGTfAcopgiU1
7kV+Qo7hAPhx7pvGkwWna8rwYXSO2OhMmZsHeBMp137N64MyTiT5oTRmBcEnti4A
ygKxMHc9bvX23D1jO4VkCYjTZXgIzwfA+qJFQ8ME7KTX
-----END CERTIFICATE-----