Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/iqEaFVqkupG1QpyDNcs74-KR0zM.roa
File:                     iqEaFVqkupG1QpyDNcs74-KR0zM.roa (raw, json)
Hash identifier:          KQuxhqIsiNBySFJEksmzmJuak+o825TfCzdtr+AGF94=
Subject key identifier:   8A:A1:1A:15:5A:A4:BA:91:B5:42:9C:83:35:CB:3B:E3:E2:91:D3:33
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       018CC8DF75DC6B5D85F22A38E4A384DAC517
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/iqEaFVqkupG1QpyDNcs74-KR0zM.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35916
IP address blocks:        178.236.228.0/24 maxlen: 24
                          178.236.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:75:dc:6b:5d:85:f2:2a:38:e4:a3:84:da:c5:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8aa11a155aa4ba91b5429c8335cb3be3e291d333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d9:57:0c:b6:d0:f8:00:de:5e:2f:f7:c2:90:
                    c3:86:b4:c8:08:cc:a4:e9:a7:97:dd:d5:ed:1d:f3:
                    ad:1c:ce:d9:f1:c6:0e:cb:0d:35:66:13:9c:af:8e:
                    14:be:22:07:59:81:da:79:3e:7b:4d:b8:89:a8:c6:
                    07:06:17:ee:b3:28:fd:b2:40:39:17:b0:64:78:96:
                    cf:a5:e3:8e:2e:53:ee:4e:90:54:1d:43:33:66:a2:
                    fc:4c:42:a9:b2:5d:4c:24:c2:6d:f4:5d:0e:c4:18:
                    70:db:a3:ac:3d:ed:7a:e9:0f:a9:0b:5c:48:93:c6:
                    d5:e6:04:af:0c:75:d4:10:4e:22:75:32:87:a6:12:
                    4e:fd:42:34:d3:49:23:17:74:2d:ac:e4:c4:44:d9:
                    4b:5b:f2:7b:6a:86:46:d8:6e:12:5d:53:cc:0b:45:
                    4b:a1:4a:9f:d3:be:f8:6e:2c:3b:4c:32:7e:27:b3:
                    79:db:11:d7:d0:20:25:c3:0b:83:92:a6:ce:7c:1f:
                    dd:ed:4f:ca:58:77:0a:33:75:e1:7d:1f:98:51:11:
                    7a:70:55:39:ba:bf:bc:79:21:aa:79:54:c1:09:68:
                    d2:d6:4e:30:1f:e1:1e:63:97:45:d2:93:86:8b:e0:
                    28:8e:e5:39:06:ee:c1:cd:9c:f8:37:90:5c:12:ca:
                    5a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:A1:1A:15:5A:A4:BA:91:B5:42:9C:83:35:CB:3B:E3:E2:91:D3:33
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/iqEaFVqkupG1QpyDNcs74-KR0zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:42:9d:b8:a0:74:82:c7:69:6e:f8:83:5e:63:4e:82:0e:9f:
         2b:1c:ab:fc:f3:74:b3:ff:b9:28:44:d7:0f:84:85:76:d4:6a:
         7e:5a:39:7e:e5:b2:f7:03:f5:e3:0a:4b:c4:b7:06:90:ae:bf:
         08:ad:4f:61:12:7e:2a:f3:e2:62:13:56:2a:8c:df:7d:99:e4:
         86:b9:83:8f:0f:01:c1:2f:f8:b3:41:93:64:49:94:cd:7b:a7:
         b2:6f:e6:b7:2a:e3:82:0b:76:cb:81:c6:b8:7f:14:b3:bd:18:
         e9:b8:1e:22:fb:df:65:80:9e:da:70:0e:93:d8:05:30:6b:92:
         ec:3e:86:41:05:e5:50:b6:1f:92:f5:8d:13:0a:21:91:0a:ad:
         67:2f:30:f9:94:ef:02:38:ac:d7:ba:bd:fe:6c:62:6b:61:8c:
         71:27:8e:18:4a:11:e6:14:18:67:df:81:f7:77:81:22:69:96:
         64:01:aa:3c:d9:22:43:c0:ef:52:8a:00:da:4c:dc:71:a6:f2:
         dd:be:a8:a6:84:2f:21:98:a6:01:20:55:80:a1:93:38:a2:5a:
         dc:f3:f1:af:62:a8:e3:83:90:8e:c8:5c:e2:aa:36:7d:12:e6:
         77:d6:58:18:88:26:f5:11:e4:74:04:06:bf:bc:2d:ef:91:a3:
         28:52:e1:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33Xca12F8io45KOE2sUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWExMWExNTVhYTRiYTkxYjU0MjljODMzNWNiM2JlM2UyOTFkMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNlXDLbQ+ADeXi/3wpDDhrTICMyk
6aeX3dXtHfOtHM7Z8cYOyw01ZhOcr44UviIHWYHaeT57TbiJqMYHBhfusyj9skA5
F7BkeJbPpeOOLlPuTpBUHUMzZqL8TEKpsl1MJMJt9F0OxBhw26OsPe166Q+pC1xI
k8bV5gSvDHXUEE4idTKHphJO/UI000kjF3QtrOTERNlLW/J7aoZG2G4SXVPMC0VL
oUqf0774biw7TDJ+J7N52xHX0CAlwwuDkqbOfB/d7U/KWHcKM3XhfR+YURF6cFU5
ur+8eSGqeVTBCWjS1k4wH+EeY5dF0pOGi+AojuU5Bu7BzZz4N5BcEspa2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqhGhVapLqRtUKcgzXLO+PikdMzMB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvaXFFYUZWcWt1cEcxUXB5RE5jczc0LUtSMHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsuzkMA0G
CSqGSIb3DQEBCwUAA4IBAQAeQp24oHSCx2lu+INeY06CDp8rHKv883Sz/7koRNcP
hIV21Gp+Wjl+5bL3A/XjCkvEtwaQrr8IrU9hEn4q8+JiE1YqjN99meSGuYOPDwHB
L/izQZNkSZTNe6eyb+a3KuOCC3bLgca4fxSzvRjpuB4i+99lgJ7acA6T2AUwa5Ls
PoZBBeVQth+S9Y0TCiGRCq1nLzD5lO8COKzXur3+bGJrYYxxJ44YShHmFBhn34H3
d4EiaZZkAao82SJDwO9SigDaTNxxpvLdvqimhC8hmKYBIFWAoZM4olrc8/GvYqjj
g5COyFziqjZ9EuZ31lgYiCb1EeR0BAa/vC3vkaMoUuG4
-----END CERTIFICATE-----