Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/M-XXH_HSD3Ien_KXAm5TQEsk64U.roa
File:                     M-XXH_HSD3Ien_KXAm5TQEsk64U.roa (raw, json)
Hash identifier:          Hk76IxseeqotXRWvbHSkcouM/chHbQ+JUKXecFntFU0=
Subject key identifier:   33:E5:D7:1F:F1:D2:0F:72:1E:9F:F2:97:02:6E:53:40:4B:24:EB:85
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       018CC8DF780CC8E947548D1D5DD4F5C9BAEF
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/M-XXH_HSD3Ien_KXAm5TQEsk64U.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397071
IP address blocks:        178.236.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:78:0c:c8:e9:47:54:8d:1d:5d:d4:f5:c9:ba:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33e5d71ff1d20f721e9ff297026e53404b24eb85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:81:29:44:ff:2a:b9:0b:bc:3b:53:f1:b1:b7:
                    f6:64:f7:13:eb:ea:9d:15:87:41:92:f6:47:8c:8b:
                    cb:ea:1a:8d:43:04:d2:8a:ee:3d:05:72:90:90:3b:
                    6a:aa:5e:55:c7:87:52:c8:7d:bb:bc:cf:b1:cd:bd:
                    31:fa:b1:6d:bd:4c:78:9f:2a:65:6d:29:c4:cf:21:
                    78:27:7f:eb:22:71:b9:37:cf:bb:73:3f:1d:4f:83:
                    43:b6:7f:7d:2d:b2:44:d5:78:47:94:1d:be:72:63:
                    b6:65:bd:77:e3:37:a5:58:ae:1d:bc:55:03:12:f4:
                    22:43:03:0b:7c:f6:33:07:87:97:b5:4b:dd:09:a3:
                    80:9f:e6:e8:28:75:be:31:83:06:03:94:e3:96:a5:
                    43:b9:7b:82:6f:6b:00:d1:f7:70:53:61:b8:03:9f:
                    d0:42:ed:9d:66:c4:67:dd:94:9f:52:3d:a1:f0:06:
                    d2:fb:86:a3:3f:55:44:f2:d4:89:7d:17:be:13:e2:
                    6e:f8:48:7f:13:d8:e2:bf:17:ae:44:80:e4:c1:f8:
                    03:03:a7:70:bd:38:eb:aa:2f:96:45:6a:50:95:b5:
                    2f:6e:49:fe:7c:7a:c9:10:47:e1:4d:d5:9c:79:c9:
                    3c:85:ac:b9:6d:87:08:3c:85:94:38:fb:ce:1f:51:
                    f8:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E5:D7:1F:F1:D2:0F:72:1E:9F:F2:97:02:6E:53:40:4B:24:EB:85
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/M-XXH_HSD3Ien_KXAm5TQEsk64U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:31:89:d1:18:14:93:52:d8:87:da:f0:8c:76:56:c2:91:c3:
         08:16:35:dd:aa:b1:23:e3:eb:7f:d6:83:92:92:d3:0d:86:4e:
         f9:e6:e6:73:e6:28:f4:64:99:00:dd:b1:46:15:5a:14:89:18:
         08:c5:ec:81:ab:f7:c6:97:c4:d2:a7:6e:e3:a1:34:ff:3e:e5:
         6c:d5:90:d1:8b:a6:50:e2:80:24:3f:d5:f1:1b:98:9a:64:e8:
         ac:e4:a6:73:ca:9a:72:18:be:0c:d4:d4:cb:d2:37:f3:b8:fa:
         a4:43:1c:29:74:77:a5:a1:f1:98:0a:09:b1:68:89:47:10:53:
         b1:c3:0f:40:61:46:02:82:69:32:e5:62:57:e4:28:ad:a6:b8:
         4f:ae:ae:0e:af:9a:7c:27:d9:39:d8:ef:4d:e2:b3:ee:25:03:
         09:68:47:dd:12:58:7b:c6:83:86:50:8a:b1:ff:65:aa:ce:99:
         58:07:11:46:29:9a:33:a4:04:67:d5:0b:11:43:66:af:82:69:
         d5:ba:d1:e7:43:54:f3:cc:65:80:1d:74:a7:9c:9b:77:b9:14:
         54:0c:4d:d3:33:4e:1d:d3:c5:96:59:88:72:71:15:a7:15:f7:
         93:68:4d:f1:d0:e7:a0:b1:a3:34:aa:c6:3b:61:5d:b3:d3:6e:
         c4:6f:2b:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33gMyOlHVI0dXdT1ybrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2U1ZDcxZmYxZDIwZjcyMWU5ZmYyOTcwMjZlNTM0MDRiMjRlYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4EpRP8quQu8O1Pxsbf2ZPcT6+qd
FYdBkvZHjIvL6hqNQwTSiu49BXKQkDtqql5Vx4dSyH27vM+xzb0x+rFtvUx4nypl
bSnEzyF4J3/rInG5N8+7cz8dT4NDtn99LbJE1XhHlB2+cmO2Zb134zelWK4dvFUD
EvQiQwMLfPYzB4eXtUvdCaOAn+boKHW+MYMGA5TjlqVDuXuCb2sA0fdwU2G4A5/Q
Qu2dZsRn3ZSfUj2h8AbS+4ajP1VE8tSJfRe+E+Ju+Eh/E9jivxeuRIDkwfgDA6dw
vTjrqi+WRWpQlbUvbkn+fHrJEEfhTdWceck8hay5bYcIPIWUOPvOH1H4ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPl1x/x0g9yHp/ylwJuU0BLJOuFMB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvTS1YWEhfSFNEM0llbl9LWEFtNVRRRXNrNjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuzqMA0G
CSqGSIb3DQEBCwUAA4IBAQBTMYnRGBSTUtiH2vCMdlbCkcMIFjXdqrEj4+t/1oOS
ktMNhk755uZz5ij0ZJkA3bFGFVoUiRgIxeyBq/fGl8TSp27joTT/PuVs1ZDRi6ZQ
4oAkP9XxG5iaZOis5KZzyppyGL4M1NTL0jfzuPqkQxwpdHelofGYCgmxaIlHEFOx
ww9AYUYCgmky5WJX5CitprhPrq4Or5p8J9k52O9N4rPuJQMJaEfdElh7xoOGUIqx
/2WqzplYBxFGKZozpARn1QsRQ2avgmnVutHnQ1TzzGWAHXSnnJt3uRRUDE3TM04d
08WWWYhycRWnFfeTaE3x0OegsaM0qsY7YV2z027EbysQ
-----END CERTIFICATE-----