Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/uAM4WpW0Sk1wUAV5w6VXPbJv9MY.roa
File:                     uAM4WpW0Sk1wUAV5w6VXPbJv9MY.roa (raw, json)
Hash identifier:          GZ+0j2rVpXrpodZjQH1uYXWWYgFVWGNe8kdd6v4smBQ=
Subject key identifier:   B8:03:38:5A:95:B4:4A:4D:70:50:05:79:C3:A5:57:3D:B2:6F:F4:C6
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       019424B3BD55CF34DBC5DC555D7B63662B3F
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/uAM4WpW0Sk1wUAV5w6VXPbJv9MY.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     328608
IP address blocks:        178.236.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bd:55:cf:34:db:c5:dc:55:5d:7b:63:66:2b:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b803385a95b44a4d70500579c3a5573db26ff4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4f:a8:ad:34:40:56:68:f0:dc:6a:92:0b:20:
                    cb:e0:01:d2:80:35:81:51:99:21:f4:10:fb:cb:81:
                    f8:42:ee:fd:fc:34:57:0e:89:39:a7:04:79:2e:5d:
                    4b:39:d4:7b:2b:11:73:0c:c0:b6:73:4c:d4:8b:87:
                    af:13:7c:7f:54:11:a2:1e:c3:0f:20:03:98:e1:5f:
                    03:6a:2e:3a:8b:1e:b1:c5:d5:bf:43:f8:60:a3:07:
                    ac:fe:f5:73:c4:a3:be:13:2a:5a:ea:a6:04:aa:f5:
                    61:7b:9c:28:f7:cf:b1:b7:65:f8:b4:c4:32:20:31:
                    42:91:86:f0:3a:00:c3:32:ab:c7:87:32:34:c6:0f:
                    da:65:89:a5:84:8d:44:86:37:9e:5f:67:d7:92:ef:
                    16:cb:bc:90:58:03:54:89:88:53:c5:d0:0e:49:16:
                    74:f8:db:9d:65:71:e7:fe:99:ce:61:a9:47:57:3b:
                    a9:71:e6:bb:56:c9:00:2a:1b:cd:d6:41:2b:d7:53:
                    7c:82:a9:a6:2a:61:ef:83:c1:bc:fd:28:91:40:dd:
                    6d:88:68:fa:b4:23:cb:c0:a6:6b:a7:7c:fb:99:3e:
                    ef:06:da:3c:d8:d5:60:2d:6e:7e:0f:c9:8e:50:b9:
                    48:36:2e:60:1f:f0:1e:35:f8:6f:db:c3:4a:9b:52:
                    56:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:03:38:5A:95:B4:4A:4D:70:50:05:79:C3:A5:57:3D:B2:6F:F4:C6
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/uAM4WpW0Sk1wUAV5w6VXPbJv9MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:6e:d3:d4:18:25:c9:77:b3:b4:ea:a3:81:6e:01:63:3b:27:
         62:27:ce:15:66:ec:ca:50:43:12:14:40:ba:e4:2a:09:7c:a3:
         a4:2b:ba:93:b5:d5:a5:3a:b5:45:db:8c:14:49:42:1c:42:cd:
         de:28:26:ad:f7:31:2f:bc:b4:7e:9d:5d:5d:a1:e1:d8:50:49:
         bb:f6:c1:e3:b3:fa:3c:1d:aa:53:32:d9:fc:f4:86:2f:05:49:
         87:6d:36:bb:91:f3:37:b0:d1:b3:51:4c:54:85:f7:7a:5e:e1:
         a3:0a:68:c5:f1:f6:64:87:b8:be:5d:c2:bd:70:f3:c7:6b:1e:
         f5:ef:23:3e:b9:d2:3c:02:6b:d2:c3:b0:39:d3:6c:03:38:bf:
         db:2f:cb:ed:40:8f:2f:99:7f:94:69:2c:62:17:28:7d:7f:7b:
         33:d5:aa:2f:a2:a6:0f:14:25:c4:04:db:a2:e9:de:da:8c:74:
         96:8f:7c:05:74:66:57:9b:54:ed:8e:40:66:31:38:aa:e4:51:
         02:c5:0a:7a:56:b3:c3:af:45:22:a7:12:ce:bf:11:1a:83:cd:
         aa:8d:5c:7a:d2:41:c9:c4:93:f5:cd:73:2d:ec:34:01:8a:8b:
         1f:5c:a9:34:7e:9f:d1:9c:0d:33:97:60:f6:7c:ef:01:3f:1b:
         25:05:27:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks71VzzTbxdxVXXtjZis/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODAzMzg1YTk1YjQ0YTRkNzA1MDA1NzljM2E1NTczZGIyNmZmNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0+orTRAVmjw3GqSCyDL4AHSgDWB
UZkh9BD7y4H4Qu79/DRXDok5pwR5Ll1LOdR7KxFzDMC2c0zUi4evE3x/VBGiHsMP
IAOY4V8Dai46ix6xxdW/Q/hgowes/vVzxKO+Eypa6qYEqvVhe5wo98+xt2X4tMQy
IDFCkYbwOgDDMqvHhzI0xg/aZYmlhI1EhjeeX2fXku8Wy7yQWANUiYhTxdAOSRZ0
+NudZXHn/pnOYalHVzupcea7VskAKhvN1kEr11N8gqmmKmHvg8G8/SiRQN1tiGj6
tCPLwKZrp3z7mT7vBto82NVgLW5+D8mOULlINi5gH/AeNfhv28NKm1JWkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgDOFqVtEpNcFAFecOlVz2yb/TGMB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvdUFNNFdwVzBTazF3VUFWNXc2VlhQYkp2OU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuzgMA0G
CSqGSIb3DQEBCwUAA4IBAQBIbtPUGCXJd7O06qOBbgFjOydiJ84VZuzKUEMSFEC6
5CoJfKOkK7qTtdWlOrVF24wUSUIcQs3eKCat9zEvvLR+nV1doeHYUEm79sHjs/o8
HapTMtn89IYvBUmHbTa7kfM3sNGzUUxUhfd6XuGjCmjF8fZkh7i+XcK9cPPHax71
7yM+udI8AmvSw7A502wDOL/bL8vtQI8vmX+UaSxiFyh9f3sz1aovoqYPFCXEBNui
6d7ajHSWj3wFdGZXm1TtjkBmMTiq5FECxQp6VrPDr0UipxLOvxEag82qjVx60kHJ
xJP1zXMt7DQBiosfXKk0fp/RnA0zl2D2fO8BPxslBScY
-----END CERTIFICATE-----