Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/j9Vdd4uvUuX9FJPdKxKiHczBO7g.roa
File:                     j9Vdd4uvUuX9FJPdKxKiHczBO7g.roa (raw, json)
Hash identifier:          VKsg0jHuskerVCkk5DXk8P1Us33UCU0qKL8D4nsJrpc=
Subject key identifier:   8F:D5:5D:77:8B:AF:52:E5:FD:14:93:DD:2B:12:A2:1D:CC:C1:3B:B8
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       018E80D98DA23440B9680009050D869355FB
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/j9Vdd4uvUuX9FJPdKxKiHczBO7g.roa
Signing time:             Wed 27 Mar 2024 16:58:44 +0000
ROA not before:           Wed 27 Mar 2024 16:58:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215220
IP address blocks:        5.180.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:d9:8d:a2:34:40:b9:68:00:09:05:0d:86:93:55:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Mar 27 16:58:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fd55d778baf52e5fd1493dd2b12a21dccc13bb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:90:38:08:48:04:8d:9b:b6:39:fe:f1:24:e9:
                    49:2f:b4:49:6e:e6:08:f3:5a:31:93:31:e7:9d:a4:
                    dd:93:05:e2:b2:61:10:87:02:1f:fb:98:97:d5:72:
                    2a:39:0b:ab:e0:0b:07:03:d8:9a:31:6c:ad:fd:9a:
                    b2:70:e6:a7:b4:dd:6b:2a:f4:12:bc:5e:3f:8c:e7:
                    cb:1b:5f:f7:bf:b8:30:82:a8:0d:a9:8a:90:7b:a2:
                    2a:39:85:48:a2:cd:e8:ad:f5:e5:c3:4a:fe:85:ec:
                    65:2c:2e:e3:f8:f1:c7:b4:eb:e6:8f:28:22:bc:61:
                    94:5a:ef:fd:1f:7e:36:1f:3c:3b:29:36:07:52:47:
                    d2:a0:bc:49:b6:53:4d:73:2f:40:31:62:21:1c:be:
                    cd:71:17:88:a4:85:cf:77:3f:fc:38:4c:60:4e:b0:
                    7a:25:b5:6a:76:32:2c:2a:53:3e:b6:05:4a:8d:8c:
                    1a:c9:cf:16:0b:91:77:50:ea:a3:bd:60:13:37:60:
                    40:d0:51:70:bb:f1:87:df:11:4f:e2:17:68:0d:c0:
                    1a:89:31:15:74:4f:02:3a:a0:86:ca:75:2b:69:4e:
                    ec:8f:4e:13:49:11:8e:83:8d:44:6b:dd:9d:f4:25:
                    b1:d8:34:bc:00:91:8c:5e:12:3c:8f:83:e0:8f:b0:
                    43:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D5:5D:77:8B:AF:52:E5:FD:14:93:DD:2B:12:A2:1D:CC:C1:3B:B8
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/j9Vdd4uvUuX9FJPdKxKiHczBO7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:4c:c6:c0:9a:52:6c:a2:7a:c4:6d:35:32:88:a0:06:e3:c1:
         bc:f6:44:22:b2:ec:b8:ee:7f:41:ef:f5:11:90:e6:ab:fe:d2:
         f0:d5:5b:9c:1e:b3:a6:10:b8:e8:aa:cf:ba:1a:50:27:c1:06:
         ca:90:3d:7c:c8:16:15:ea:ce:1d:d0:8e:e4:7d:2c:db:67:6e:
         02:5c:c5:60:5d:be:74:9a:0a:60:63:fb:8c:66:63:8e:b5:99:
         9f:3d:26:20:f0:71:9e:4e:42:47:b2:c7:f7:f9:68:0f:41:a7:
         35:cc:46:85:ff:c2:20:89:77:a1:c7:83:9e:27:fc:c5:8e:b4:
         b1:e6:71:39:12:c2:1a:0f:2b:be:5a:8f:32:d0:45:43:89:6f:
         c8:f3:72:e1:fb:fa:47:8d:74:24:87:64:73:05:29:18:d0:92:
         92:f1:ab:39:77:d1:df:0d:1e:35:75:d7:c0:de:b2:7f:2c:4a:
         7e:e8:8e:c3:78:8c:68:4f:65:c0:a4:32:5b:2a:5f:bd:01:28:
         41:70:3a:4e:2d:82:89:7e:af:93:7d:26:45:7f:8d:f3:c3:56:
         77:3b:bb:a1:39:d1:15:c8:2e:aa:cd:4d:5a:d1:5a:59:d6:9f:
         88:ae:7a:31:71:68:3f:3c:24:c1:07:f7:d2:e4:3b:15:c6:8d:
         b4:39:2b:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6A2Y2iNEC5aAAJBQ2Gk1X7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjQwMzI3MTY1ODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ1NWQ3NzhiYWY1MmU1ZmQxNDkzZGQyYjEyYTIxZGNjYzEzYmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJA4CEgEjZu2Of7xJOlJL7RJbuYI
81oxkzHnnaTdkwXismEQhwIf+5iX1XIqOQur4AsHA9iaMWyt/ZqycOantN1rKvQS
vF4/jOfLG1/3v7gwgqgNqYqQe6IqOYVIos3orfXlw0r+hexlLC7j+PHHtOvmjygi
vGGUWu/9H342Hzw7KTYHUkfSoLxJtlNNcy9AMWIhHL7NcReIpIXPdz/8OExgTrB6
JbVqdjIsKlM+tgVKjYwayc8WC5F3UOqjvWATN2BA0FFwu/GH3xFP4hdoDcAaiTEV
dE8COqCGynUraU7sj04TSRGOg41Ea92d9CWx2DS8AJGMXhI8j4Pgj7BDVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/VXXeLr1Ll/RST3SsSoh3MwTu4MB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvajlWZGQ0dXZVdVg5RkpQZEt4S2lIY3pCTzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbSYMA0G
CSqGSIb3DQEBCwUAA4IBAQBMTMbAmlJsonrEbTUyiKAG48G89kQisuy47n9B7/UR
kOar/tLw1VucHrOmELjoqs+6GlAnwQbKkD18yBYV6s4d0I7kfSzbZ24CXMVgXb50
mgpgY/uMZmOOtZmfPSYg8HGeTkJHssf3+WgPQac1zEaF/8IgiXehx4OeJ/zFjrSx
5nE5EsIaDyu+Wo8y0EVDiW/I83Lh+/pHjXQkh2RzBSkY0JKS8as5d9HfDR41ddfA
3rJ/LEp+6I7DeIxoT2XApDJbKl+9AShBcDpOLYKJfq+TfSZFf43zw1Z3O7uhOdEV
yC6qzU1a0VpZ1p+IrnoxcWg/PCTBB/fS5DsVxo20OSvF
-----END CERTIFICATE-----