Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/5Z2IK8N4wn4Bvk3wRmJrwjywZl4.roa
File:                     5Z2IK8N4wn4Bvk3wRmJrwjywZl4.roa (raw, json)
Hash identifier:          lfJRJmGAy9vzErGTOq6UyqQCY8qB3ETj5n3ulE1MSPc=
Subject key identifier:   E5:9D:88:2B:C3:78:C2:7E:01:BE:4D:F0:46:62:6B:C2:3C:B0:66:5E
Certificate issuer:       /CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
Certificate serial:       018CC56DE10E8EA39ED2D7691FF3A20EA850
Authority key identifier: 9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/5Z2IK8N4wn4Bvk3wRmJrwjywZl4.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        178.236.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e1:0e:8e:a3:9e:d2:d7:69:1f:f3:a2:0e:a8:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e59d882bc378c27e01be4df046626bc23cb0665e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5e:64:98:97:5c:5f:bd:55:d1:66:c5:15:f0:
                    aa:26:35:6c:cb:0e:17:5c:31:3b:da:07:c5:8b:e4:
                    e7:88:cd:ae:2d:1b:b5:30:74:d7:91:27:fa:ba:f1:
                    b8:f4:95:ba:38:6d:46:a6:c0:ba:8a:47:91:80:48:
                    75:93:df:d3:26:52:8a:8a:24:b1:95:8b:69:51:d4:
                    e3:07:fa:ea:a7:06:95:e2:46:45:04:52:f6:dd:02:
                    e2:34:b2:2c:28:7a:13:b6:f6:e6:f3:15:03:d3:1e:
                    a0:f3:94:66:1b:8f:23:4d:92:fa:c4:d9:b2:8b:44:
                    cb:94:f3:2f:fe:2b:70:81:df:18:84:a8:6e:22:ac:
                    e1:59:49:a1:4a:0e:59:27:52:d0:4f:d5:5c:8f:ef:
                    ee:e7:3b:a5:4a:45:31:d3:7f:96:ee:35:bf:2b:01:
                    e1:87:8d:0c:cb:3f:92:87:db:03:f8:7c:19:da:b2:
                    f1:f5:e2:61:06:57:15:67:f8:8d:4e:b5:ce:55:80:
                    41:90:3e:03:be:0b:f7:8d:3e:53:b1:fb:1e:27:55:
                    8a:8f:3d:7d:5c:58:7e:e8:fa:d6:ee:d9:d9:66:61:
                    cb:fd:ba:39:0f:d3:21:78:5d:54:6a:81:ed:ec:fa:
                    65:4f:fa:ef:fb:d1:1e:ea:b8:1f:8f:42:0a:e7:0b:
                    42:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:9D:88:2B:C3:78:C2:7E:01:BE:4D:F0:46:62:6B:C2:3C:B0:66:5E
            X509v3 Authority Key Identifier:
                keyid:9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/5Z2IK8N4wn4Bvk3wRmJrwjywZl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:85:7a:3b:de:df:3a:8f:48:e8:da:dd:4c:22:19:4e:07:52:
         19:f8:6e:4b:33:a5:9e:16:f3:e9:57:d7:31:7b:8f:14:1b:98:
         ba:4a:5e:12:39:ec:aa:9c:5b:35:8f:e4:53:9d:d8:57:d5:b1:
         1a:0f:8f:7c:62:7b:f8:db:41:78:33:03:1a:eb:e3:c0:64:4b:
         88:8a:b5:14:ac:9b:b4:6c:e9:7f:bf:1c:c4:0e:04:45:ce:bf:
         cd:df:bd:d8:2f:6f:9a:86:57:45:88:2f:07:26:25:d7:7a:84:
         0b:4a:67:73:19:f8:cb:18:70:c7:3f:75:cd:93:d2:cf:c3:a1:
         bd:91:a6:f3:33:ad:c4:c7:53:54:4d:02:4b:cb:47:9b:df:7c:
         64:ab:13:8e:a3:21:66:c9:d9:29:d3:76:ac:27:26:49:40:d9:
         8c:f4:fb:c3:20:4f:26:3e:4f:4c:19:dd:6a:1c:dd:c6:4c:ed:
         90:43:0f:d5:52:a0:a4:16:20:66:ed:48:89:5c:64:6b:1d:ab:
         40:5d:d6:c6:2b:55:92:f5:10:6d:22:ff:10:93:15:49:81:39:
         4d:2f:1f:bf:31:32:a4:8d:09:5b:51:0b:b0:89:55:74:48:e7:
         a2:8f:5d:8f:45:63:20:bb:44:3b:ca:3f:dc:56:cc:c2:0d:c3:
         73:92:9d:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeEOjqOe0tdpH/OiDqhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjNmNGNiNGJhYjVjMTA4MDFhNzcwNjU4ZGY4OTFjZmI4
YzY4YzYwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTlkODgyYmMzNzhjMjdlMDFiZTRkZjA0NjYyNmJjMjNjYjA2NjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr15kmJdcX71V0WbFFfCqJjVsyw4X
XDE72gfFi+TniM2uLRu1MHTXkSf6uvG49JW6OG1GpsC6ikeRgEh1k9/TJlKKiiSx
lYtpUdTjB/rqpwaV4kZFBFL23QLiNLIsKHoTtvbm8xUD0x6g85RmG48jTZL6xNmy
i0TLlPMv/itwgd8YhKhuIqzhWUmhSg5ZJ1LQT9Vcj+/u5zulSkUx03+W7jW/KwHh
h40Myz+Sh9sD+HwZ2rLx9eJhBlcVZ/iNTrXOVYBBkD4Dvgv3jT5TsfseJ1WKjz19
XFh+6PrW7tnZZmHL/bo5D9MheF1UaoHt7PplT/rv+9Ee6rgfj0IK5wtCGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWdiCvDeMJ+Ab5N8EZia8I8sGZeMB8GA1UdIwQY
MBaAFJ0j9MtLq1wQgBp3BljfiRz7jGjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODkt
MDE1NzdhOTI3ZmE5LzEvNVoySUs4TjR3bjRCdmszd1JtSnJ3anl3Wmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODktMDE1NzdhOTI3ZmE5
LzEvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuy4MA0G
CSqGSIb3DQEBCwUAA4IBAQBuhXo73t86j0jo2t1MIhlOB1IZ+G5LM6WeFvPpV9cx
e48UG5i6Sl4SOeyqnFs1j+RTndhX1bEaD498Ynv420F4MwMa6+PAZEuIirUUrJu0
bOl/vxzEDgRFzr/N373YL2+ahldFiC8HJiXXeoQLSmdzGfjLGHDHP3XNk9LPw6G9
kabzM63Ex1NUTQJLy0eb33xkqxOOoyFmydkp03asJyZJQNmM9PvDIE8mPk9MGd1q
HN3GTO2QQw/VUqCkFiBm7UiJXGRrHatAXdbGK1WS9RBtIv8QkxVJgTlNLx+/MTKk
jQlbUQuwiVV0SOeij12PRWMgu0Q7yj/cVszCDcNzkp0y
-----END CERTIFICATE-----