Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/3wToZwYlYJhmj7mm8PpwNtnWHVk.roa
File:                     3wToZwYlYJhmj7mm8PpwNtnWHVk.roa (raw, json)
Hash identifier:          O8XdzrDLKhZRvl13MXXTR1JiyTE2ZlieoyWEJ7nOUTA=
Subject key identifier:   DF:04:E8:67:06:25:60:98:66:8F:B9:A6:F0:FA:70:36:D9:D6:1D:59
Certificate issuer:       /CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
Certificate serial:       0194221F9A6BFB747F1B41EAD53A56498E3F
Authority key identifier: 4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/3wToZwYlYJhmj7mm8PpwNtnWHVk.roa
Signing time:             Wed 01 Jan 2025 13:48:03 +0000
ROA not before:           Wed 01 Jan 2025 13:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206817
IP address blocks:        5.129.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9a:6b:fb:74:7f:1b:41:ea:d5:3a:56:49:8e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
        Validity
            Not Before: Jan  1 13:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df04e86706256098668fb9a6f0fa7036d9d61d59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:32:a6:78:d8:f4:ac:a3:71:bc:f7:68:72:72:
                    ef:c5:83:fb:4b:c9:fe:8a:77:be:17:ce:fe:c1:81:
                    5c:30:d6:45:a7:0a:05:0e:e0:f1:15:ec:43:cb:2e:
                    ad:8b:23:15:93:b3:c2:c4:de:ef:9e:9c:29:59:7b:
                    76:f9:2b:5f:40:3a:d5:1e:20:b2:c5:a8:f2:c7:58:
                    e9:22:8d:1b:a3:8b:5a:1b:40:da:dd:15:e2:7a:21:
                    21:89:6f:e6:86:c1:74:aa:2b:71:10:3e:35:2c:4a:
                    57:ed:9c:f6:57:d8:b5:8f:8a:b5:07:c5:a5:e3:e7:
                    03:c1:11:c5:8d:ec:2a:ee:28:07:37:66:4b:f7:aa:
                    ed:ff:d3:2a:91:f7:e2:bf:ab:8e:cb:a4:61:34:4e:
                    c7:7a:ba:08:69:54:57:07:99:44:02:07:b9:6b:42:
                    62:b2:2d:0d:f9:92:c7:35:b4:2b:44:65:5a:35:61:
                    76:dd:25:8f:d4:dc:a6:eb:0c:a4:ce:32:19:3f:20:
                    cf:3b:78:de:8a:06:37:b3:61:c3:ae:38:cd:32:ab:
                    57:a8:0d:8f:e1:ab:1f:63:08:aa:3d:c1:50:69:aa:
                    a5:bd:be:ca:14:88:dd:c2:eb:f6:cd:a3:0d:72:83:
                    7f:81:0a:ef:4d:a3:18:40:b7:59:70:2f:42:7d:fd:
                    57:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:04:E8:67:06:25:60:98:66:8F:B9:A6:F0:FA:70:36:D9:D6:1D:59
            X509v3 Authority Key Identifier:
                keyid:4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/3wToZwYlYJhmj7mm8PpwNtnWHVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.129.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:d4:b1:a1:39:b8:39:61:2e:59:32:7e:cf:84:e4:fd:4e:08:
         2a:57:90:9e:84:c3:7d:4b:86:1b:21:4c:d9:66:0e:0c:a9:da:
         c0:de:3c:e1:37:d0:52:54:df:8a:58:8c:cd:f7:9f:04:04:18:
         1f:cf:d7:ba:19:e1:c1:95:82:b1:05:48:b1:d9:91:b1:f2:b9:
         82:3f:1e:dd:b0:7e:31:cf:85:db:97:23:a8:85:95:8e:c5:2e:
         aa:ab:a1:8b:d2:fe:09:41:07:7f:cb:b2:35:67:32:50:b6:80:
         17:d7:ad:a4:25:c1:ba:b7:14:c4:4e:b6:00:ea:bc:f9:42:87:
         3a:e2:3e:a7:90:07:37:65:fa:18:38:13:47:f8:71:03:af:36:
         bd:d1:ba:8f:e3:4f:0b:8a:46:94:d9:14:d3:48:92:b9:89:65:
         dd:ab:94:22:94:26:61:ed:52:45:96:52:16:6c:f6:f4:f3:2e:
         06:6e:2a:a2:5c:0c:e5:be:de:03:69:90:56:b6:47:29:56:f4:
         03:c9:8d:8d:9a:6d:97:8c:31:6c:38:ef:78:62:0f:ab:ee:ca:
         c6:87:23:2c:76:d5:72:ab:0b:9e:61:cf:81:1c:e1:c4:d6:6d:
         dd:cf:90:b2:41:c4:d3:dc:5c:0c:f0:7c:51:bd:e4:8f:90:d7:
         2e:bd:b1:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH5pr+3R/G0Hq1TpWSY4/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGIzZGNkZjVlNmJlZTA5ODI1YzM3YmYzYjhiZGYyOGI2
ZmI1OTMwHhcNMjUwMTAxMTM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjA0ZTg2NzA2MjU2MDk4NjY4ZmI5YTZmMGZhNzAzNmQ5ZDYxZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDKmeNj0rKNxvPdocnLvxYP7S8n+
ine+F87+wYFcMNZFpwoFDuDxFexDyy6tiyMVk7PCxN7vnpwpWXt2+StfQDrVHiCy
xajyx1jpIo0bo4taG0Da3RXieiEhiW/mhsF0qitxED41LEpX7Zz2V9i1j4q1B8Wl
4+cDwRHFjewq7igHN2ZL96rt/9Mqkffiv6uOy6RhNE7HeroIaVRXB5lEAge5a0Ji
si0N+ZLHNbQrRGVaNWF23SWP1Nym6wykzjIZPyDPO3jeigY3s2HDrjjNMqtXqA2P
4asfYwiqPcFQaaqlvb7KFIjdwuv2zaMNcoN/gQrvTaMYQLdZcC9Cff1XnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8E6GcGJWCYZo+5pvD6cDbZ1h1ZMB8GA1UdIwQY
MBaAFE3bPc315r7gmCXDe/O4vfKLb7WTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEt
MjE3MGM1YzFkM2VkLzEvM3dUb1p3WWxZSmhtajdtbThQcHdOdG5XSFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEtMjE3MGM1YzFkM2Vk
LzEvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYG0MA0G
CSqGSIb3DQEBCwUAA4IBAQAW1LGhObg5YS5ZMn7PhOT9TggqV5CehMN9S4YbIUzZ
Zg4MqdrA3jzhN9BSVN+KWIzN958EBBgfz9e6GeHBlYKxBUix2ZGx8rmCPx7dsH4x
z4XblyOohZWOxS6qq6GL0v4JQQd/y7I1ZzJQtoAX162kJcG6txTETrYA6rz5Qoc6
4j6nkAc3ZfoYOBNH+HEDrza90bqP408LikaU2RTTSJK5iWXdq5QilCZh7VJFllIW
bPb08y4GbiqiXAzlvt4DaZBWtkcpVvQDyY2Nmm2XjDFsOO94Yg+r7srGhyMsdtVy
qwueYc+BHOHE1m3dz5CyQcTT3FwM8HxRveSPkNcuvbFz
-----END CERTIFICATE-----