Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/xc_hmkBFCHH7FINHHHuSPIXikd8.roa
File:                     xc_hmkBFCHH7FINHHHuSPIXikd8.roa (raw, json)
Hash identifier:          gREOPrQG79BkZFEMckKpzZzO1JTBCiK+Ne5MOMBkmrs=
Subject key identifier:   C5:CF:E1:9A:40:45:08:71:FB:14:83:47:1C:7B:92:3C:85:E2:91:DF
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       018CC8DF77AD23B0BE342D5EC86F1A2FB035
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/xc_hmkBFCHH7FINHHHuSPIXikd8.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     328608
IP address blocks:        178.236.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:77:ad:23:b0:be:34:2d:5e:c8:6f:1a:2f:b0:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5cfe19a40450871fb1483471c7b923c85e291df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4b:98:7f:6e:41:ac:f7:f4:26:c5:a2:03:79:
                    f7:20:45:f0:7b:24:12:07:f3:fa:a1:6b:04:5e:7a:
                    49:39:71:d7:cd:bd:aa:45:25:72:31:19:7c:ee:ec:
                    51:fc:18:e1:da:b6:70:96:30:31:81:87:2d:00:3f:
                    d7:42:b8:89:49:45:00:43:06:34:d0:24:cb:64:ae:
                    2b:60:90:49:1b:9e:f4:4c:96:42:67:19:b7:d4:b0:
                    1f:75:6d:cc:f3:28:b3:2d:84:2d:cc:3a:1d:28:22:
                    f3:03:74:9c:92:38:5a:84:d8:99:7f:ba:44:2c:6f:
                    60:c2:72:9c:c4:1f:27:1f:54:29:b9:10:47:4d:a2:
                    1c:c6:94:8e:db:83:36:d2:5d:2a:4a:ce:fd:be:e7:
                    37:ed:4b:92:ff:c6:5b:6d:68:92:9c:b2:12:66:1e:
                    ad:15:fb:ec:c4:0b:20:35:cd:ff:09:81:46:e1:ea:
                    c5:0a:1f:47:fe:d4:77:70:cf:64:e3:ca:21:e2:ed:
                    b4:72:bb:c6:38:2e:df:cb:03:00:6a:d7:90:37:45:
                    fb:13:b4:72:07:ee:e7:57:a7:6c:9f:9b:26:c4:9b:
                    24:30:9a:80:ad:c3:00:41:17:7f:68:dc:ad:9c:98:
                    ee:47:fb:b4:36:30:7d:e9:70:3d:c6:74:51:c7:20:
                    7a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:CF:E1:9A:40:45:08:71:FB:14:83:47:1C:7B:92:3C:85:E2:91:DF
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/xc_hmkBFCHH7FINHHHuSPIXikd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:00:21:89:0a:5e:fe:07:fb:17:6a:ec:bc:e2:e8:f7:eb:d3:
         98:35:09:c9:32:b4:b4:a7:7a:2f:57:3d:01:0b:06:dd:41:7c:
         b0:aa:29:01:11:59:69:45:ee:78:e8:09:1a:af:ea:bd:65:16:
         d5:7d:39:9f:3e:c1:5c:43:43:a2:1b:19:be:fe:bf:4d:00:16:
         78:de:a2:d7:a9:c8:ff:72:7a:99:09:70:4a:1f:ba:c2:17:2c:
         01:02:92:05:09:8e:19:2e:56:38:b3:87:9c:5b:ee:be:28:81:
         52:2c:68:b2:e8:02:4e:27:68:69:a8:74:7f:e6:bf:61:ec:a2:
         b1:be:89:bd:3b:b1:31:fa:06:60:cf:f7:ae:c3:86:58:ef:64:
         7a:9d:8b:9d:6f:4b:14:ff:b4:b4:67:c5:61:57:28:bd:c7:88:
         94:6d:b5:79:e4:0c:ef:ab:57:95:0c:7c:e4:da:b6:76:bd:53:
         02:e4:0a:1b:4e:46:e8:43:b5:e1:5f:b4:06:ba:28:7f:ac:95:
         73:73:bb:25:d8:29:c4:00:bb:81:d5:f6:3f:f8:6c:6e:73:8c:
         2d:36:d1:4f:35:cd:ec:7f:3a:85:52:ae:3b:f5:a6:dd:89:c1:
         bc:6d:32:e1:22:e0:17:1b:e7:ed:00:b2:ce:ff:50:67:ea:d1:
         56:a6:f5:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33etI7C+NC1eyG8aL7A1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWNmZTE5YTQwNDUwODcxZmIxNDgzNDcxYzdiOTIzYzg1ZTI5MWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUuYf25BrPf0JsWiA3n3IEXweyQS
B/P6oWsEXnpJOXHXzb2qRSVyMRl87uxR/Bjh2rZwljAxgYctAD/XQriJSUUAQwY0
0CTLZK4rYJBJG570TJZCZxm31LAfdW3M8yizLYQtzDodKCLzA3SckjhahNiZf7pE
LG9gwnKcxB8nH1QpuRBHTaIcxpSO24M20l0qSs79vuc37UuS/8ZbbWiSnLISZh6t
FfvsxAsgNc3/CYFG4erFCh9H/tR3cM9k48oh4u20crvGOC7fywMAateQN0X7E7Ry
B+7nV6dsn5smxJskMJqArcMAQRd/aNytnJjuR/u0NjB96XA9xnRRxyB6nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXP4ZpARQhx+xSDRxx7kjyF4pHfMB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEveGNfaG1rQkZDSEg3RklOSEhIdVNQSVhpa2Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuzgMA0G
CSqGSIb3DQEBCwUAA4IBAQArACGJCl7+B/sXauy84uj369OYNQnJMrS0p3ovVz0B
CwbdQXywqikBEVlpRe546Akar+q9ZRbVfTmfPsFcQ0OiGxm+/r9NABZ43qLXqcj/
cnqZCXBKH7rCFywBApIFCY4ZLlY4s4ecW+6+KIFSLGiy6AJOJ2hpqHR/5r9h7KKx
vom9O7Ex+gZgz/euw4ZY72R6nYudb0sU/7S0Z8VhVyi9x4iUbbV55Azvq1eVDHzk
2rZ2vVMC5AobTkboQ7XhX7QGuih/rJVzc7sl2CnEALuB1fY/+Gxuc4wtNtFPNc3s
fzqFUq479abdicG8bTLhIuAXG+ftALLO/1Bn6tFWpvW8
-----END CERTIFICATE-----