Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/DHjfwuWAYJJh7p_MCkbsmnyD1j0.roa
File:                     DHjfwuWAYJJh7p_MCkbsmnyD1j0.roa (raw, json)
Hash identifier:          LUkdazz94OiT/KAXqeQfCgc3awAt3nr20omKP9jyUv4=
Subject key identifier:   0C:78:DF:C2:E5:80:60:92:61:EE:9F:CC:0A:46:EC:9A:7C:83:D6:3D
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       019424B3BC2B6BC61E87EEC8025E3B055E59
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/DHjfwuWAYJJh7p_MCkbsmnyD1j0.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35916
IP address blocks:        178.236.228.0/22 maxlen: 22
                          178.236.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bc:2b:6b:c6:1e:87:ee:c8:02:5e:3b:05:5e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c78dfc2e580609261ee9fcc0a46ec9a7c83d63d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:47:67:fd:66:d0:90:dd:0d:50:e1:99:c3:6f:
                    d4:67:6d:6d:a9:73:96:a0:a1:58:cd:de:40:24:19:
                    9c:8c:a4:c7:70:13:e6:5e:18:90:f5:03:ab:2b:b6:
                    c6:d2:4a:81:b1:39:9c:fb:d0:fd:5e:ff:86:d3:26:
                    9a:d5:57:57:aa:07:89:68:d4:70:50:8a:87:fc:4b:
                    2b:ff:a0:80:d5:1a:fa:d1:2a:31:e4:b1:4e:8d:69:
                    b9:a1:95:ad:f3:76:71:26:b9:d7:27:75:94:45:47:
                    3c:d1:f7:50:e8:e6:90:95:62:e6:c2:ca:13:a1:6f:
                    84:f5:ac:fc:1a:31:46:e6:b8:c8:a7:08:c7:91:b5:
                    bd:2d:ba:b7:f8:88:6c:43:a7:e1:a3:c2:cb:bc:de:
                    1e:71:ce:fd:69:31:48:97:6d:45:3c:77:04:80:07:
                    ee:1f:42:e9:84:55:d7:7d:23:81:e5:13:5a:92:d6:
                    23:f2:c4:d5:1d:b2:c1:c0:3b:9b:0f:f8:b8:47:c8:
                    e4:4c:3e:d8:6e:3f:c3:ac:95:de:d1:11:af:44:51:
                    9f:15:7c:13:61:34:27:e8:15:df:c7:cf:16:4e:ff:
                    b1:a1:7c:06:36:47:7b:f8:9a:b7:a5:57:31:0f:40:
                    b1:48:0a:69:41:14:6b:af:15:cc:e9:fd:a7:bd:34:
                    a2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:78:DF:C2:E5:80:60:92:61:EE:9F:CC:0A:46:EC:9A:7C:83:D6:3D
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/DHjfwuWAYJJh7p_MCkbsmnyD1j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:86:82:6b:42:38:fe:7b:dd:1d:f2:54:98:45:b6:fc:72:39:
         9d:52:8b:8b:25:df:a0:79:91:17:b0:4b:2c:56:a2:20:8f:3c:
         90:33:7b:13:61:63:77:7e:72:77:06:da:84:78:95:60:f0:c9:
         c2:3a:de:be:99:1b:4b:76:b4:0c:11:61:e9:7e:4c:25:5a:8c:
         0e:d3:c8:e9:fd:0d:21:35:5f:a6:c2:e8:43:37:d3:12:73:d9:
         76:24:a5:e6:49:75:ee:91:77:71:55:b5:ef:37:5e:7a:ee:0d:
         44:d7:f1:a7:67:cb:a5:36:71:40:ea:2d:cf:6d:85:2c:12:1b:
         b1:40:56:e1:a7:66:82:14:ec:ae:6c:9f:b5:2b:29:b8:06:1b:
         c3:ac:ae:0c:ac:8c:37:bb:f5:4b:84:6a:f6:0b:91:bf:83:26:
         67:d8:ff:77:ce:7c:99:a9:f6:2a:14:f0:d0:a2:b1:05:ea:19:
         59:77:24:79:0d:3c:55:cc:e8:66:c5:1c:34:45:93:92:03:0a:
         e1:1b:85:bb:1c:0b:8d:2b:80:45:9a:8b:ff:77:d9:3e:28:91:
         52:f2:bd:20:cd:d7:f8:ed:cf:57:86:34:81:be:16:7a:fa:dd:
         8f:d7:a0:6b:e4:1b:f3:fc:9a:ce:e3:2b:c7:c6:eb:aa:ad:60:
         11:0d:20:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7wra8Yeh+7IAl47BV5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzc4ZGZjMmU1ODA2MDkyNjFlZTlmY2MwYTQ2ZWM5YTdjODNkNjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Udn/WbQkN0NUOGZw2/UZ21tqXOW
oKFYzd5AJBmcjKTHcBPmXhiQ9QOrK7bG0kqBsTmc+9D9Xv+G0yaa1VdXqgeJaNRw
UIqH/Esr/6CA1Rr60Sox5LFOjWm5oZWt83ZxJrnXJ3WURUc80fdQ6OaQlWLmwsoT
oW+E9az8GjFG5rjIpwjHkbW9Lbq3+IhsQ6fho8LLvN4ecc79aTFIl21FPHcEgAfu
H0LphFXXfSOB5RNaktYj8sTVHbLBwDubD/i4R8jkTD7Ybj/DrJXe0RGvRFGfFXwT
YTQn6BXfx88WTv+xoXwGNkd7+Jq3pVcxD0CxSAppQRRrrxXM6f2nvTSiewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAx438LlgGCSYe6fzApG7Jp8g9Y9MB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvREhqZnd1V0FZSkpoN3BfTUNrYnNtbnlEMWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsuzkMA0G
CSqGSIb3DQEBCwUAA4IBAQBThoJrQjj+e90d8lSYRbb8cjmdUouLJd+geZEXsEss
VqIgjzyQM3sTYWN3fnJ3BtqEeJVg8MnCOt6+mRtLdrQMEWHpfkwlWowO08jp/Q0h
NV+mwuhDN9MSc9l2JKXmSXXukXdxVbXvN1567g1E1/GnZ8ulNnFA6i3PbYUsEhux
QFbhp2aCFOyubJ+1Kym4BhvDrK4MrIw3u/VLhGr2C5G/gyZn2P93znyZqfYqFPDQ
orEF6hlZdyR5DTxVzOhmxRw0RZOSAwrhG4W7HAuNK4BFmov/d9k+KJFS8r0gzdf4
7c9XhjSBvhZ6+t2P16Br5Bvz/JrO4yvHxuuqrWARDSDT
-----END CERTIFICATE-----