Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/MaJtt4zp0g7SK-eiOrIEiMFzf7w.roa
File:                     MaJtt4zp0g7SK-eiOrIEiMFzf7w.roa (raw, json)
Hash identifier:          oa0dtjZCdw39b0UttiRsEcKVteHGt7jbNpjWFcyhc9I=
Subject key identifier:   31:A2:6D:B7:8C:E9:D2:0E:D2:2B:E7:A2:3A:B2:04:88:C1:73:7F:BC
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       018F19ECF95EADE8EF4D936F79C883D6D15A
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/MaJtt4zp0g7SK-eiOrIEiMFzf7w.roa
Signing time:             Fri 26 Apr 2024 10:21:51 +0000
ROA not before:           Fri 26 Apr 2024 10:21:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        5.180.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:ec:f9:5e:ad:e8:ef:4d:93:6f:79:c8:83:d6:d1:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Apr 26 10:21:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31a26db78ce9d20ed22be7a23ab20488c1737fbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:18:a5:10:a8:b0:d8:bc:26:86:bb:7c:41:0b:
                    fa:ff:2c:d4:ee:b1:9b:88:9f:ef:b5:7e:c4:46:ef:
                    3c:99:84:d8:0d:20:38:1b:4c:37:c7:20:ff:42:d1:
                    63:f3:4e:d8:2d:54:1a:f2:ce:4a:50:1e:d4:7f:64:
                    7e:3f:b7:54:98:77:5b:89:19:08:59:3b:1e:30:e0:
                    69:98:be:92:41:8b:58:4d:21:a3:b9:17:c8:c5:56:
                    fe:bd:1c:0a:23:23:cb:68:6f:56:d4:ff:96:de:08:
                    c8:aa:c0:9b:82:3c:b8:bc:7c:f1:7c:e9:fc:c2:4c:
                    9b:1b:29:ea:67:43:7e:5b:02:a1:27:ce:84:f0:ab:
                    c4:5e:90:53:cd:c8:7f:4a:5d:e1:51:dd:c7:b7:3f:
                    e4:e2:7a:68:92:f5:dc:00:39:fc:ee:94:09:50:e5:
                    f0:b0:79:2c:e6:2b:cd:7f:0c:39:19:ea:1c:d3:5d:
                    f1:5f:ff:3d:d7:c1:60:fb:1a:95:80:fa:9f:c9:17:
                    cf:21:2f:4b:60:b2:a9:9e:5c:0a:db:1a:1d:00:8a:
                    9e:72:6e:5c:50:8b:ee:ed:7c:42:82:7d:f2:0a:7f:
                    ee:47:d4:5c:6d:75:11:4c:d4:3c:31:70:7d:f5:d8:
                    79:00:09:f4:cd:75:9c:11:9c:07:2c:af:3c:60:78:
                    e6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A2:6D:B7:8C:E9:D2:0E:D2:2B:E7:A2:3A:B2:04:88:C1:73:7F:BC
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/MaJtt4zp0g7SK-eiOrIEiMFzf7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:06:aa:7a:3a:9f:24:83:4b:1a:8d:fb:96:1e:15:9b:93:fb:
         9c:cc:3b:aa:fa:11:0b:6a:42:97:4a:79:11:d4:c2:1e:f8:e5:
         d2:dd:26:7a:26:1f:a6:fa:f9:66:25:0b:0b:7f:23:3b:ca:1e:
         8d:70:5d:02:71:cd:61:66:c3:d6:f8:fd:a1:e6:5c:61:22:ac:
         a0:36:3e:3d:d1:ea:99:3b:19:09:85:6b:d8:79:fa:20:a0:b2:
         da:ea:68:82:2b:c6:27:61:11:fd:e8:7a:2f:7e:87:0d:dc:1d:
         a5:3d:43:a5:8c:24:8c:26:5f:19:f4:cb:31:6f:a2:67:80:27:
         6a:67:c7:58:8c:2f:43:a0:08:4e:10:07:02:6d:68:70:15:d2:
         d1:89:e1:55:54:4a:27:8c:66:f9:6e:68:7d:b3:68:e4:08:36:
         07:30:76:3c:20:83:8f:5b:a9:e1:f7:ef:9a:10:a9:04:18:8b:
         13:7f:9d:ea:27:39:d0:d0:a4:43:f8:2e:91:1d:ba:d5:1d:46:
         8e:f7:00:fd:b3:96:8c:b8:af:c9:85:1e:4b:47:49:25:ac:38:
         45:c2:fb:c8:09:8a:4f:de:d5:55:44:24:f1:74:21:b3:8e:c8:
         c9:e8:47:fb:b0:38:b2:39:56:6a:21:83:7f:21:e4:df:d5:fa:
         5a:9f:19:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Z7PlerejvTZNveciD1tFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjQwNDI2MTAyMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWEyNmRiNzhjZTlkMjBlZDIyYmU3YTIzYWIyMDQ4OGMxNzM3ZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RilEKiw2Lwmhrt8QQv6/yzU7rGb
iJ/vtX7ERu88mYTYDSA4G0w3xyD/QtFj807YLVQa8s5KUB7Uf2R+P7dUmHdbiRkI
WTseMOBpmL6SQYtYTSGjuRfIxVb+vRwKIyPLaG9W1P+W3gjIqsCbgjy4vHzxfOn8
wkybGynqZ0N+WwKhJ86E8KvEXpBTzch/Sl3hUd3Htz/k4npokvXcADn87pQJUOXw
sHks5ivNfww5Geoc013xX/8918Fg+xqVgPqfyRfPIS9LYLKpnlwK2xodAIqecm5c
UIvu7XxCgn3yCn/uR9RcbXURTNQ8MXB99dh5AAn0zXWcEZwHLK88YHjmBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGibbeM6dIO0ivnojqyBIjBc3+8MB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvTWFKdHQ0enAwZzdTSy1laU9ySUVpTUZ6Zjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbSZMA0G
CSqGSIb3DQEBCwUAA4IBAQBbBqp6Op8kg0sajfuWHhWbk/uczDuq+hELakKXSnkR
1MIe+OXS3SZ6Jh+m+vlmJQsLfyM7yh6NcF0Ccc1hZsPW+P2h5lxhIqygNj490eqZ
OxkJhWvYefogoLLa6miCK8YnYRH96HovfocN3B2lPUOljCSMJl8Z9Msxb6JngCdq
Z8dYjC9DoAhOEAcCbWhwFdLRieFVVEonjGb5bmh9s2jkCDYHMHY8IIOPW6nh9++a
EKkEGIsTf53qJznQ0KRD+C6RHbrVHUaO9wD9s5aMuK/JhR5LR0klrDhFwvvICYpP
3tVVRCTxdCGzjsjJ6Ef7sDiyOVZqIYN/IeTf1fpanxkz
-----END CERTIFICATE-----