Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/PxPok5RIeXe569pcvDf_YY7X0pA.roa
File:                     PxPok5RIeXe569pcvDf_YY7X0pA.roa (raw, json)
Hash identifier:          XPqpKX9kzYIM7mzfH/pAu1xjHCRpLGUW1EI49F/mlYc=
Subject key identifier:   3F:13:E8:93:94:48:79:77:B9:EB:DA:5C:BC:37:FF:61:8E:D7:D2:90
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       018EE6A0E1EFD0BD5E294F595C776E56CF87
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/PxPok5RIeXe569pcvDf_YY7X0pA.roa
Signing time:             Tue 16 Apr 2024 11:18:07 +0000
ROA not before:           Tue 16 Apr 2024 11:18:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        5.180.153.0/24 maxlen: 24
                          2a10:4bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:a0:e1:ef:d0:bd:5e:29:4f:59:5c:77:6e:56:cf:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Apr 16 11:18:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f13e89394487977b9ebda5cbc37ff618ed7d290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:9e:8f:dd:9c:7f:ce:c2:6c:49:73:2b:d8:72:
                    ea:6a:14:a5:ac:cd:d4:39:d7:7e:24:9d:7e:f0:da:
                    c7:30:5e:c5:36:2b:47:b5:6e:4c:fb:37:11:b8:c5:
                    48:9b:02:9f:3c:c3:93:ce:9d:73:4c:21:01:43:dc:
                    fb:2b:8d:43:69:58:cc:f4:5b:2d:b6:68:0d:65:92:
                    c1:1a:2b:45:43:fd:80:f4:09:a5:65:81:91:e0:f9:
                    82:69:18:2d:72:75:9e:fa:ea:f2:28:f2:a7:82:ec:
                    ea:23:7f:9a:f7:5f:80:4d:21:2a:b3:dc:64:92:fa:
                    9e:29:90:e1:a5:b5:73:c2:78:9a:c3:7a:10:2d:11:
                    a3:ad:4b:93:03:bd:a6:44:20:27:6d:72:07:01:d3:
                    1b:62:88:f9:fa:73:ad:5a:c7:bc:42:a6:d3:52:30:
                    7a:9c:26:4e:ed:e9:b8:07:1e:28:67:0d:60:79:d3:
                    12:fd:ed:e6:79:81:c2:28:93:00:c6:45:8c:99:1c:
                    26:33:78:1a:f3:1c:04:6c:9b:9f:4d:aa:53:b1:ab:
                    ce:ee:18:e3:71:b9:cf:b1:ae:38:05:ff:a0:d6:ee:
                    98:44:78:5d:9b:68:42:43:df:70:04:79:88:be:7c:
                    18:0b:d3:47:4f:bd:40:eb:67:e3:b0:92:db:08:a9:
                    3c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:13:E8:93:94:48:79:77:B9:EB:DA:5C:BC:37:FF:61:8E:D7:D2:90
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/PxPok5RIeXe569pcvDf_YY7X0pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.153.0/24
                IPv6:
                  2a10:4bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:d7:66:b2:a8:f7:dc:18:b7:8a:79:df:85:ce:1e:f8:4c:61:
         85:0e:5a:04:43:ba:b9:b0:ec:66:67:10:ad:a4:8b:2c:f1:9b:
         6f:98:37:71:71:59:b7:56:a4:27:82:f2:d6:4e:54:50:5f:47:
         70:9d:36:24:24:66:0a:1b:e4:ee:08:b7:4f:d0:7c:00:c8:7c:
         f2:10:5f:53:c6:40:14:8b:28:82:9b:6f:e4:2a:f7:76:d3:fb:
         79:96:41:ac:bd:9e:20:55:9f:cd:7a:ba:34:21:e3:bb:0a:3b:
         ef:0c:e4:60:7c:88:31:3d:61:46:ad:5c:72:17:44:ed:af:1e:
         ee:03:e8:1a:f5:7c:e2:b2:af:b0:69:21:2c:0f:0d:8e:b0:88:
         38:72:d1:59:b3:1d:73:89:58:a6:4e:f2:42:df:6c:fb:6d:e9:
         2b:47:f6:d4:24:02:95:6a:e2:d1:9e:84:51:37:a7:e8:d9:4f:
         a0:3e:72:66:4b:d7:42:4e:db:33:0b:02:e3:80:05:65:a2:76:
         ba:34:40:a6:c2:96:7b:2d:28:48:81:7e:fd:6a:9f:75:15:82:
         2f:dc:45:38:21:3c:c3:b1:3e:22:f8:52:84:24:af:63:a4:1d:
         f0:f0:96:39:1b:d9:d2:2d:60:bd:09:e0:9a:b4:8b:4f:44:77:
         78:5e:f1:a4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7moOHv0L1eKU9ZXHduVs+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjQwNDE2MTExODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjEzZTg5Mzk0NDg3OTc3YjllYmRhNWNiYzM3ZmY2MThlZDdkMjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJ6P3Zx/zsJsSXMr2HLqahSlrM3U
Odd+JJ1+8NrHMF7FNitHtW5M+zcRuMVImwKfPMOTzp1zTCEBQ9z7K41DaVjM9Fst
tmgNZZLBGitFQ/2A9AmlZYGR4PmCaRgtcnWe+uryKPKnguzqI3+a91+ATSEqs9xk
kvqeKZDhpbVzwniaw3oQLRGjrUuTA72mRCAnbXIHAdMbYoj5+nOtWse8QqbTUjB6
nCZO7em4Bx4oZw1gedMS/e3meYHCKJMAxkWMmRwmM3ga8xwEbJufTapTsavO7hjj
cbnPsa44Bf+g1u6YRHhdm2hCQ99wBHmIvnwYC9NHT71A62fjsJLbCKk8twIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD8T6JOUSHl3uevaXLw3/2GO19KQMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvUHhQb2s1UkllWGU1NjlwY3ZEZl9ZWTdYMHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABbSZMA0E
AgACMAcDBQMqEEvAMA0GCSqGSIb3DQEBCwUAA4IBAQAq12ayqPfcGLeKed+Fzh74
TGGFDloEQ7q5sOxmZxCtpIss8ZtvmDdxcVm3VqQngvLWTlRQX0dwnTYkJGYKG+Tu
CLdP0HwAyHzyEF9TxkAUiyiCm2/kKvd20/t5lkGsvZ4gVZ/Nero0IeO7CjvvDORg
fIgxPWFGrVxyF0Ttrx7uA+ga9Xzisq+waSEsDw2OsIg4ctFZsx1ziVimTvJC32z7
bekrR/bUJAKVauLRnoRRN6fo2U+gPnJmS9dCTtszCwLjgAVlona6NECmwpZ7LShI
gX79ap91FYIv3EU4ITzDsT4i+FKEJK9jpB3w8JY5G9nSLWC9CeCatItPRHd4XvGk
-----END CERTIFICATE-----