Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/bb_RYi7c3jwdG2_wfW1_ZXobYpo.roa
File:                     bb_RYi7c3jwdG2_wfW1_ZXobYpo.roa (raw, json)
Hash identifier:          ko7H69i9Z63hSsh+VXVAIKasBuFofFPzvpyRwz8wEUA=
Subject key identifier:   6D:BF:D1:62:2E:DC:DE:3C:1D:1B:6F:F0:7D:6D:7F:65:7A:1B:62:9A
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       019424B3BA4AA3D7B9E85FE9B079C92E0B40
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/bb_RYi7c3jwdG2_wfW1_ZXobYpo.roa
Signing time:             Thu 02 Jan 2025 01:49:05 +0000
ROA not before:           Thu 02 Jan 2025 01:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        178.236.226.0/24 maxlen: 24
                          178.236.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ba:4a:a3:d7:b9:e8:5f:e9:b0:79:c9:2e:0b:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Jan  2 01:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dbfd1622edcde3c1d1b6ff07d6d7f657a1b629a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:db:b7:93:59:4a:90:33:84:bf:f4:fc:24:f4:
                    32:4a:4a:40:0c:af:86:09:e2:2b:7c:e0:53:e1:65:
                    2d:cb:00:0b:e9:5d:cc:5e:7d:90:be:3f:d2:51:6c:
                    2a:8d:d2:76:44:32:d3:b0:7c:93:38:2d:15:25:f7:
                    de:e9:57:a5:b1:7f:8e:24:b1:b8:09:58:55:7c:1d:
                    7a:76:b1:bb:52:b9:42:f4:ea:5d:6c:7b:ac:58:d5:
                    ca:76:d3:60:ad:4c:9e:c3:06:12:a2:ba:8d:be:2c:
                    5d:0c:c5:03:42:f3:8e:0b:9c:7d:6b:3e:28:57:0f:
                    af:59:b2:bd:98:a0:ea:b8:c8:06:ed:89:f7:4b:ba:
                    88:89:5b:55:20:ea:86:30:a7:c9:d2:5f:ae:f0:7d:
                    70:46:1c:02:67:f5:62:9d:f9:9e:7c:64:29:51:fe:
                    24:ed:44:a5:2d:07:a0:53:ab:08:d6:78:dc:bb:f2:
                    86:ce:d5:3b:bd:83:06:ef:ee:2a:88:d8:58:71:2b:
                    61:8f:14:f7:13:8a:71:ad:96:ed:33:57:39:9b:1b:
                    89:ba:e4:e3:f6:04:8f:ed:f1:9e:f3:f2:54:86:37:
                    43:5e:a9:8c:55:d7:87:00:7a:9a:94:82:a6:4a:e9:
                    89:64:f1:d7:9a:6d:34:3d:b3:68:32:f2:a5:62:88:
                    4a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:BF:D1:62:2E:DC:DE:3C:1D:1B:6F:F0:7D:6D:7F:65:7A:1B:62:9A
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/bb_RYi7c3jwdG2_wfW1_ZXobYpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.226.0/24
                  178.236.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:87:e5:f5:57:c9:f5:39:de:0a:da:25:bf:e3:a1:8c:ad:0a:
         6f:c2:31:57:60:85:d4:44:36:aa:cb:e9:69:a1:26:34:f3:73:
         78:d7:e6:cb:3a:8f:f5:94:de:17:47:5c:9e:f8:44:72:9c:fd:
         36:61:af:a7:04:11:b4:e2:4b:bd:32:91:1b:92:23:9a:e6:d2:
         d1:cf:7b:04:60:c9:a9:04:46:41:9c:2f:19:fd:d7:5e:0d:39:
         b9:f0:6b:bd:2b:ae:02:6f:a1:e3:8c:46:7c:bd:a0:a9:6f:c9:
         c0:71:4e:f0:a1:42:2c:b9:62:18:e6:77:9f:ca:62:6b:91:c3:
         82:09:9b:7e:7c:6e:ad:db:15:0e:bc:bd:96:f9:db:5c:da:64:
         68:ff:0e:34:9d:2f:7b:c7:bd:c3:6d:c1:b7:48:95:c7:ca:95:
         48:4d:37:d5:88:e1:c2:df:9b:72:5c:88:25:49:dd:8b:75:ae:
         77:3c:db:03:3e:71:43:42:62:fa:e2:b4:53:74:60:c4:b1:26:
         80:a1:d3:8b:d5:2e:6e:09:b1:eb:e4:e1:99:b6:19:7a:12:26:
         65:66:4a:cd:2c:68:93:2a:07:f0:e8:d0:78:cd:3b:e8:f5:3e:
         d6:8f:90:97:c2:c3:12:db:23:89:6a:45:3b:42:4a:d1:f0:b3:
         73:ce:d3:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks7pKo9e56F/psHnJLgtAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjUwMTAyMDE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGJmZDE2MjJlZGNkZTNjMWQxYjZmZjA3ZDZkN2Y2NTdhMWI2MjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttu3k1lKkDOEv/T8JPQySkpADK+G
CeIrfOBT4WUtywAL6V3MXn2Qvj/SUWwqjdJ2RDLTsHyTOC0VJffe6VelsX+OJLG4
CVhVfB16drG7UrlC9OpdbHusWNXKdtNgrUyewwYSorqNvixdDMUDQvOOC5x9az4o
Vw+vWbK9mKDquMgG7Yn3S7qIiVtVIOqGMKfJ0l+u8H1wRhwCZ/VinfmefGQpUf4k
7USlLQegU6sI1njcu/KGztU7vYMG7+4qiNhYcSthjxT3E4pxrZbtM1c5mxuJuuTj
9gSP7fGe8/JUhjdDXqmMVdeHAHqalIKmSumJZPHXmm00PbNoMvKlYohKVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG2/0WIu3N48HRtv8H1tf2V6G2KaMB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvYmJfUllpN2MzandkRzJfd2ZXMV9aWG9iWXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsuziAwQA
suzpMA0GCSqGSIb3DQEBCwUAA4IBAQAMh+X1V8n1Od4K2iW/46GMrQpvwjFXYIXU
RDaqy+lpoSY083N41+bLOo/1lN4XR1ye+ERynP02Ya+nBBG04ku9MpEbkiOa5tLR
z3sEYMmpBEZBnC8Z/ddeDTm58Gu9K64Cb6HjjEZ8vaCpb8nAcU7woUIsuWIY5nef
ymJrkcOCCZt+fG6t2xUOvL2W+dtc2mRo/w40nS97x73DbcG3SJXHypVITTfViOHC
35tyXIglSd2Lda53PNsDPnFDQmL64rRTdGDEsSaAodOL1S5uCbHr5OGZthl6EiZl
ZkrNLGiTKgfw6NB4zTvo9T7Wj5CXwsMS2yOJakU7QkrR8LNzztOa
-----END CERTIFICATE-----