Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/2AYdNpLAgiEtxreHX2CP8G8oaHc.roa
File:                     2AYdNpLAgiEtxreHX2CP8G8oaHc.roa (raw, json)
Hash identifier:          Uh5iqHZFdOs3+eMdhqTQc3dJuL4yMbXkes8N3Efvvx4=
Subject key identifier:   D8:06:1D:36:92:C0:82:21:2D:C6:B7:87:5F:60:8F:F0:6F:28:68:77
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       018CC8DF772982AFADFD593C565E302A4FCC
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/2AYdNpLAgiEtxreHX2CP8G8oaHc.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212042
IP address blocks:        178.236.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:77:29:82:af:ad:fd:59:3c:56:5e:30:2a:4f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8061d3692c082212dc6b7875f608ff06f286877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:01:1c:7e:03:0a:21:5e:fa:93:7e:88:4b:01:
                    44:58:a5:92:5f:c8:54:95:26:d5:93:a1:39:1c:1b:
                    d9:c3:02:5e:af:b6:1b:07:2e:c0:1c:4d:6e:c8:32:
                    f3:54:93:54:93:cb:f7:50:63:91:6e:65:66:1b:cb:
                    de:d9:ea:71:65:65:ad:b1:a6:33:59:52:f0:43:46:
                    8d:1a:e0:11:7d:b5:21:b8:e7:57:c4:ae:3c:eb:23:
                    c2:ac:da:51:92:0d:e9:26:87:1a:fc:3e:5f:3a:3d:
                    4a:db:d0:a4:9d:78:62:f8:81:1f:65:4d:25:47:3f:
                    27:da:63:6f:0b:62:0b:b0:ee:dc:7f:cd:a3:cf:3f:
                    a4:26:4b:36:f6:03:86:28:2e:01:f1:67:d2:62:8e:
                    17:4b:44:45:51:a8:44:ca:94:58:93:82:5a:0a:ad:
                    6d:2c:e2:5a:d6:b4:95:93:af:91:d9:72:b4:62:b4:
                    5b:5f:32:ae:5e:b4:06:36:18:9e:ee:79:e7:23:ac:
                    23:f5:ad:30:55:a6:cf:82:55:cb:3d:41:68:f0:bf:
                    42:32:ba:ed:65:b6:5c:31:b0:8b:66:34:f9:79:8c:
                    fb:92:d9:41:fc:e5:51:e7:1c:12:c0:5e:30:ea:04:
                    3e:71:a9:11:ad:8e:bb:0b:b1:1d:21:fd:e3:62:22:
                    ce:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:06:1D:36:92:C0:82:21:2D:C6:B7:87:5F:60:8F:F0:6F:28:68:77
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/2AYdNpLAgiEtxreHX2CP8G8oaHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:9b:5b:b6:c8:50:d3:52:a6:c1:f4:0e:a6:b2:97:30:e6:df:
         1f:a0:91:5a:8e:e0:76:91:c1:5f:55:43:5a:b6:d1:ad:44:9c:
         a0:3d:71:61:a5:95:1f:17:1e:75:17:c9:e3:d9:7c:23:d1:67:
         d8:a5:7e:de:ad:70:32:3f:85:04:55:45:01:dd:d9:75:29:db:
         ce:94:24:21:52:b9:14:92:75:f3:34:d0:08:f0:0c:56:8e:1e:
         b2:1d:22:ec:6a:1e:0f:c4:64:ef:8a:7d:e8:3b:21:02:29:be:
         52:cf:61:98:dd:41:14:bb:9c:6c:ea:64:9d:8c:91:e3:4d:95:
         db:f3:aa:cd:94:e7:c4:d5:9b:4e:ad:ba:ce:42:fb:1d:b8:91:
         dc:b8:17:6a:fa:5e:1a:b5:2b:bb:8c:90:98:12:5c:2b:6a:8f:
         ee:b1:ba:82:58:14:3d:0a:bd:7d:20:ef:88:57:dd:55:ac:4a:
         ae:1b:b9:56:29:61:f1:2f:79:41:66:fd:da:21:86:d5:2e:94:
         cd:54:f3:0a:1f:fa:86:81:1e:41:34:1b:04:0e:c3:21:91:88:
         da:df:1e:e1:b9:02:dd:99:cd:88:a2:0b:57:6d:3c:c7:48:3b:
         3f:38:6a:a6:d2:52:e0:d3:1c:85:05:e0:9e:c1:03:da:65:1f:
         6d:da:44:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33cpgq+t/Vk8Vl4wKk/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODA2MWQzNjkyYzA4MjIxMmRjNmI3ODc1ZjYwOGZmMDZmMjg2ODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAEcfgMKIV76k36ISwFEWKWSX8hU
lSbVk6E5HBvZwwJer7YbBy7AHE1uyDLzVJNUk8v3UGORbmVmG8ve2epxZWWtsaYz
WVLwQ0aNGuARfbUhuOdXxK486yPCrNpRkg3pJoca/D5fOj1K29CknXhi+IEfZU0l
Rz8n2mNvC2ILsO7cf82jzz+kJks29gOGKC4B8WfSYo4XS0RFUahEypRYk4JaCq1t
LOJa1rSVk6+R2XK0YrRbXzKuXrQGNhie7nnnI6wj9a0wVabPglXLPUFo8L9CMrrt
ZbZcMbCLZjT5eYz7ktlB/OVR5xwSwF4w6gQ+cakRrY67C7EdIf3jYiLO1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgGHTaSwIIhLca3h19gj/BvKGh3MB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvMkFZZE5wTEFnaUV0eHJlSFgyQ1A4RzhvYUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuzsMA0G
CSqGSIb3DQEBCwUAA4IBAQCDm1u2yFDTUqbB9A6mspcw5t8foJFajuB2kcFfVUNa
ttGtRJygPXFhpZUfFx51F8nj2Xwj0WfYpX7erXAyP4UEVUUB3dl1KdvOlCQhUrkU
knXzNNAI8AxWjh6yHSLsah4PxGTvin3oOyECKb5Sz2GY3UEUu5xs6mSdjJHjTZXb
86rNlOfE1ZtOrbrOQvsduJHcuBdq+l4atSu7jJCYElwrao/usbqCWBQ9Cr19IO+I
V91VrEquG7lWKWHxL3lBZv3aIYbVLpTNVPMKH/qGgR5BNBsEDsMhkYja3x7huQLd
mc2IogtXbTzHSDs/OGqm0lLg0xyFBeCewQPaZR9t2kTU
-----END CERTIFICATE-----