Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/JugdBvWlwlpMoHy48FtACqXMujA.roa
File:                     JugdBvWlwlpMoHy48FtACqXMujA.roa (raw, json)
Hash identifier:          FwamwtXsb9HiyIrNOcUv3Pg20cFL28IiGybY6G3bUBs=
Subject key identifier:   26:E8:1D:06:F5:A5:C2:5A:4C:A0:7C:B8:F0:5B:40:0A:A5:CC:BA:30
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       018EE5CE940E44374427A67285E868E2305D
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/JugdBvWlwlpMoHy48FtACqXMujA.roa
Signing time:             Tue 16 Apr 2024 07:28:24 +0000
ROA not before:           Tue 16 Apr 2024 07:28:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        178.236.226.0/24 maxlen: 24
                          178.236.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e5:ce:94:0e:44:37:44:27:a6:72:85:e8:68:e2:30:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Apr 16 07:28:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26e81d06f5a5c25a4ca07cb8f05b400aa5ccba30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d3:bb:23:f3:70:69:22:88:85:e4:e2:46:8a:
                    27:8b:c1:72:15:45:6e:57:27:5f:86:cf:13:dd:05:
                    b6:2f:e4:06:4f:ab:12:b0:0c:1d:b8:02:8c:17:0e:
                    ec:c9:d1:aa:a9:63:86:78:ed:4e:0b:bd:88:5d:d1:
                    87:9b:e9:9f:00:20:ea:27:9a:a5:82:2d:25:cf:65:
                    c6:71:86:e6:ca:b8:40:a2:ed:1a:5b:c9:47:95:2e:
                    a2:36:a4:f5:29:bb:74:fa:d3:c9:88:5f:f4:f7:30:
                    f1:2c:98:af:1c:4d:74:b2:5b:07:de:07:d1:c9:8f:
                    cc:57:d9:a2:b7:53:79:b7:29:a9:20:0d:16:b1:64:
                    00:4b:c3:c4:f0:00:c0:21:6a:40:64:41:70:d9:63:
                    1e:a9:92:b2:e2:9e:77:f7:db:bb:92:eb:50:65:34:
                    8b:0d:22:51:64:94:b7:d0:68:6e:7a:2f:44:77:b6:
                    da:1c:ed:05:b3:26:28:bc:4d:c1:01:50:24:c4:70:
                    b1:2b:c2:19:93:c9:90:1e:48:05:81:79:98:04:4a:
                    d9:a6:89:23:1f:b8:38:9b:ff:3b:95:8b:a8:70:a1:
                    3c:d8:d2:ca:55:2d:f5:77:16:4b:2e:17:81:c7:20:
                    43:aa:59:59:73:1e:ad:50:8e:ff:02:b5:22:40:14:
                    ca:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E8:1D:06:F5:A5:C2:5A:4C:A0:7C:B8:F0:5B:40:0A:A5:CC:BA:30
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/JugdBvWlwlpMoHy48FtACqXMujA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.226.0/24
                  178.236.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:7d:e5:3a:70:40:d8:3c:21:c6:7c:80:4c:75:c3:42:9c:b1:
         9a:ed:02:b3:2f:b5:bf:1d:df:f6:9f:24:1b:f1:33:79:ac:a5:
         9a:5c:f0:22:af:83:47:ab:1b:eb:51:1d:2a:7f:98:50:5a:57:
         03:22:22:bb:73:1d:af:70:de:e4:14:25:a0:d1:a9:b5:83:d5:
         fc:a9:07:67:9c:e0:e7:a8:0d:48:60:bd:b4:92:07:21:7b:03:
         6d:a8:4a:26:2e:09:1e:fd:0b:1f:a1:cf:b3:4b:18:aa:14:8a:
         f9:fb:25:8d:ab:0c:44:17:1a:ff:af:ec:ca:fd:fa:d1:72:b4:
         84:f7:06:54:11:7d:af:87:7f:ff:67:66:36:03:4e:3e:53:89:
         c6:14:ed:14:86:71:15:5c:ac:46:d2:a4:71:ea:b2:aa:d4:97:
         ad:bf:e8:c5:5d:a4:67:31:fe:d2:4d:3b:a9:b8:62:7c:8e:1f:
         e6:7d:48:18:8c:8a:58:cc:b3:85:16:d8:1f:d9:9d:fa:15:23:
         e7:94:7e:8d:39:43:cd:b1:0e:96:b5:d7:af:fa:54:69:38:dc:
         74:40:41:b1:20:dd:18:08:9f:d6:35:d8:04:7d:00:87:c2:0e:
         78:8e:68:1a:f8:54:a8:0f:0f:92:5b:42:f6:16:49:c9:6d:e7:
         37:9b:92:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7lzpQORDdEJ6Zyheho4jBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjQwNDE2MDcyODI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmU4MWQwNmY1YTVjMjVhNGNhMDdjYjhmMDViNDAwYWE1Y2NiYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidO7I/NwaSKIheTiRooni8FyFUVu
Vydfhs8T3QW2L+QGT6sSsAwduAKMFw7sydGqqWOGeO1OC72IXdGHm+mfACDqJ5ql
gi0lz2XGcYbmyrhAou0aW8lHlS6iNqT1Kbt0+tPJiF/09zDxLJivHE10slsH3gfR
yY/MV9mit1N5tympIA0WsWQAS8PE8ADAIWpAZEFw2WMeqZKy4p5399u7kutQZTSL
DSJRZJS30Ghuei9Ed7baHO0FsyYovE3BAVAkxHCxK8IZk8mQHkgFgXmYBErZpokj
H7g4m/87lYuocKE82NLKVS31dxZLLheBxyBDqllZcx6tUI7/ArUiQBTKMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCboHQb1pcJaTKB8uPBbQAqlzLowMB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvSnVnZEJ2V2x3bHBNb0h5NDhGdEFDcVhNdWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsuziAwQA
suzpMA0GCSqGSIb3DQEBCwUAA4IBAQBVfeU6cEDYPCHGfIBMdcNCnLGa7QKzL7W/
Hd/2nyQb8TN5rKWaXPAir4NHqxvrUR0qf5hQWlcDIiK7cx2vcN7kFCWg0am1g9X8
qQdnnODnqA1IYL20kgchewNtqEomLgke/Qsfoc+zSxiqFIr5+yWNqwxEFxr/r+zK
/frRcrSE9wZUEX2vh3//Z2Y2A04+U4nGFO0UhnEVXKxG0qRx6rKq1Jetv+jFXaRn
Mf7STTupuGJ8jh/mfUgYjIpYzLOFFtgf2Z36FSPnlH6NOUPNsQ6Wtdev+lRpONx0
QEGxIN0YCJ/WNdgEfQCHwg54jmga+FSoDw+SW0L2FknJbec3m5Kz
-----END CERTIFICATE-----