Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/iaCMHVBu0_bUpYbfLFCw69Xv6qY.roa
File:                     iaCMHVBu0_bUpYbfLFCw69Xv6qY.roa (raw, json)
Hash identifier:          n8YFksfLxTssmGnZHir4W6PzMs+W3yHclF985wiqCNA=
Subject key identifier:   89:A0:8C:1D:50:6E:D3:F6:D4:A5:86:DF:2C:50:B0:EB:D5:EF:EA:A6
Certificate issuer:       /CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
Certificate serial:       018CC6B7A06CD2CCAB804E0EC3BF28A77DAF
Authority key identifier: 4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/iaCMHVBu0_bUpYbfLFCw69Xv6qY.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206817
IP address blocks:        5.129.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a0:6c:d2:cc:ab:80:4e:0e:c3:bf:28:a7:7d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89a08c1d506ed3f6d4a586df2c50b0ebd5efeaa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e6:b1:5e:92:65:80:d2:75:36:6e:9c:92:d9:
                    9f:b2:2d:06:6f:20:78:34:df:8f:bd:50:5b:65:4d:
                    cb:c5:48:3e:18:3a:7f:90:82:1f:94:3b:6f:cf:af:
                    f5:34:f5:67:8c:c9:fd:3c:e6:d9:0e:f1:85:6d:b1:
                    8a:39:43:14:08:a0:41:8a:be:ab:d6:e5:0c:46:28:
                    ce:02:cb:a7:07:02:af:95:75:a4:c4:62:bb:92:68:
                    1e:05:3b:6b:a4:36:b4:c5:b2:5d:66:bc:21:e0:45:
                    da:1c:c8:10:d1:51:3a:1f:e0:81:11:0b:79:0c:10:
                    82:96:50:23:85:45:72:94:1d:03:0e:77:f3:dc:d6:
                    f1:28:f5:dc:26:a9:e5:b4:1b:cc:7e:2a:9b:0b:6c:
                    20:72:90:61:80:b4:9f:32:24:29:35:c9:60:3b:f6:
                    a2:48:d6:58:90:43:66:dd:a6:64:c2:5f:b1:a0:f2:
                    72:bc:5e:30:d5:41:eb:9d:ca:37:cd:c0:25:90:a2:
                    f8:12:7e:84:be:4a:ee:2f:65:5e:ca:d9:0a:98:3c:
                    29:a2:01:35:2e:84:fe:12:79:73:17:c0:7a:11:f7:
                    5c:8a:b2:ee:81:54:9f:ed:e2:88:2d:79:e7:41:10:
                    4d:a5:13:52:7c:7b:0f:87:bf:fc:c6:a8:c5:9e:18:
                    0f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A0:8C:1D:50:6E:D3:F6:D4:A5:86:DF:2C:50:B0:EB:D5:EF:EA:A6
            X509v3 Authority Key Identifier:
                keyid:4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/iaCMHVBu0_bUpYbfLFCw69Xv6qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.129.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:58:ef:2f:64:d6:56:a5:b1:27:df:aa:13:10:30:1c:44:20:
         8c:ae:b0:45:05:f1:ea:6a:15:1c:6b:4a:53:c6:cb:69:cd:da:
         44:dd:9e:ee:51:c2:ef:bc:59:96:b9:c5:fa:2e:2a:6f:3d:be:
         f4:d6:15:bf:57:d2:d3:74:75:be:48:92:10:08:2d:2a:0d:a4:
         f3:83:db:a5:00:c3:73:95:88:09:f3:2f:89:11:8f:a1:f5:fa:
         5c:18:dd:63:d1:6f:cf:6f:c6:9a:3f:13:9f:2d:3d:03:d8:4b:
         82:b3:e4:13:24:1b:1f:ff:ce:8a:0f:ee:be:b8:17:03:0b:f8:
         e5:9b:c4:0e:8b:75:32:8d:cb:99:1e:f4:ee:0c:f4:60:67:27:
         ee:43:75:57:dc:d9:5a:51:73:42:b1:a9:84:ec:10:52:75:31:
         80:eb:48:3b:87:ef:da:c1:31:88:38:ee:d3:9e:70:6a:dc:c8:
         4f:fc:b3:01:2a:61:24:09:8f:db:0c:c1:38:43:4a:f8:ff:73:
         09:54:df:db:3c:cf:43:4d:e6:38:52:95:e7:d0:df:af:5d:53:
         97:ea:9d:dd:39:bb:be:59:f9:e1:e0:27:a6:7d:30:04:02:cd:
         54:c9:35:49:74:85:f5:01:7c:50:90:43:3a:6c:eb:e5:40:6a:
         66:90:d3:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6Bs0syrgE4Ow78op32vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGIzZGNkZjVlNmJlZTA5ODI1YzM3YmYzYjhiZGYyOGI2
ZmI1OTMwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWEwOGMxZDUwNmVkM2Y2ZDRhNTg2ZGYyYzUwYjBlYmQ1ZWZlYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieaxXpJlgNJ1Nm6cktmfsi0GbyB4
NN+PvVBbZU3LxUg+GDp/kIIflDtvz6/1NPVnjMn9PObZDvGFbbGKOUMUCKBBir6r
1uUMRijOAsunBwKvlXWkxGK7kmgeBTtrpDa0xbJdZrwh4EXaHMgQ0VE6H+CBEQt5
DBCCllAjhUVylB0DDnfz3NbxKPXcJqnltBvMfiqbC2wgcpBhgLSfMiQpNclgO/ai
SNZYkENm3aZkwl+xoPJyvF4w1UHrnco3zcAlkKL4En6EvkruL2VeytkKmDwpogE1
LoT+EnlzF8B6EfdcirLugVSf7eKILXnnQRBNpRNSfHsPh7/8xqjFnhgP0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImgjB1QbtP21KWG3yxQsOvV7+qmMB8GA1UdIwQY
MBaAFE3bPc315r7gmCXDe/O4vfKLb7WTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEt
MjE3MGM1YzFkM2VkLzEvaWFDTUhWQnUwX2JVcFliZkxGQ3c2OVh2NnFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEtMjE3MGM1YzFkM2Vk
LzEvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYG0MA0G
CSqGSIb3DQEBCwUAA4IBAQAJWO8vZNZWpbEn36oTEDAcRCCMrrBFBfHqahUca0pT
xstpzdpE3Z7uUcLvvFmWucX6LipvPb701hW/V9LTdHW+SJIQCC0qDaTzg9ulAMNz
lYgJ8y+JEY+h9fpcGN1j0W/Pb8aaPxOfLT0D2EuCs+QTJBsf/86KD+6+uBcDC/jl
m8QOi3UyjcuZHvTuDPRgZyfuQ3VX3NlaUXNCsamE7BBSdTGA60g7h+/awTGIOO7T
nnBq3MhP/LMBKmEkCY/bDME4Q0r4/3MJVN/bPM9DTeY4UpXn0N+vXVOX6p3dObu+
Wfnh4CemfTAEAs1UyTVJdIX1AXxQkEM6bOvlQGpmkNPO
-----END CERTIFICATE-----