Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/03o7NXcv7U3uhmW3vl8ktxXIEVI.roa
File:                     03o7NXcv7U3uhmW3vl8ktxXIEVI.roa (raw, json)
Hash identifier:          uqR7OCO4P5GAQJzWKXoDWdhHBwfEakY01mZT4sBENQc=
Subject key identifier:   D3:7A:3B:35:77:2F:ED:4D:EE:86:65:B7:BE:5F:24:B7:15:C8:11:52
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       0194274892D28F2AB1663C4CBC4F5B602D06
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/03o7NXcv7U3uhmW3vl8ktxXIEVI.roa
Signing time:             Thu 02 Jan 2025 13:50:55 +0000
ROA not before:           Thu 02 Jan 2025 13:50:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215220
IP address blocks:        5.180.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:92:d2:8f:2a:b1:66:3c:4c:bc:4f:5b:60:2d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Jan  2 13:50:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d37a3b35772fed4dee8665b7be5f24b715c81152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:49:c7:e0:8c:97:ba:13:2a:31:c9:5a:2d:02:
                    5a:5e:38:c0:50:f5:58:bc:da:5e:23:4d:70:4a:bd:
                    6f:d3:a8:b9:e5:f0:93:1e:dc:a4:93:17:f7:49:01:
                    12:8d:33:2a:57:a7:3a:70:14:0a:67:57:5f:84:95:
                    ed:97:d3:0b:1d:2c:53:27:46:04:13:e0:94:aa:c4:
                    a0:e5:fc:8f:e9:7d:33:e1:7b:cd:de:33:05:af:8d:
                    40:59:65:04:3b:89:94:ba:7c:b1:35:85:b9:1d:e6:
                    3b:c1:59:03:9e:36:c2:ab:af:5f:22:f7:cf:bf:df:
                    a6:fa:df:32:58:2a:13:74:c8:f3:e4:04:1d:a3:06:
                    76:f7:f1:26:27:ee:b7:c7:5e:a0:ee:41:69:0c:d6:
                    e2:4f:e8:4e:80:e8:ac:84:f3:8a:1a:0b:29:dd:03:
                    3a:10:f8:60:5d:6b:f5:4e:c6:f7:0d:24:36:da:54:
                    ea:2b:e0:22:8d:73:0b:5a:a8:34:47:e3:80:d7:c7:
                    2a:d9:8a:2d:e4:d6:84:2a:cf:fc:67:67:ea:e0:e3:
                    b0:c2:c6:ce:aa:58:ee:43:aa:66:39:48:45:84:7f:
                    9d:c8:0b:19:09:69:00:22:32:46:b4:0d:ad:bb:56:
                    48:a1:a5:59:85:3e:7a:40:27:7c:7e:9f:5e:de:28:
                    65:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:7A:3B:35:77:2F:ED:4D:EE:86:65:B7:BE:5F:24:B7:15:C8:11:52
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/03o7NXcv7U3uhmW3vl8ktxXIEVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:55:11:b8:5c:79:20:4a:00:95:b1:a5:d6:61:b6:f2:8a:e0:
         39:c6:7e:f1:1c:e0:21:7c:a4:f5:eb:8f:09:42:c4:d1:bc:a1:
         a8:cd:d2:92:9f:93:65:ad:ff:49:c8:43:b3:b6:bd:92:ae:13:
         d3:04:62:46:6b:45:96:4f:9b:d7:33:b3:b4:be:0f:6d:aa:17:
         b5:d8:37:6d:a2:3e:e0:e1:b9:75:1f:25:f8:2e:7c:fa:5c:e7:
         07:69:5f:d5:f0:e4:a0:a6:5f:b1:f0:1a:08:cf:e2:b4:5c:4b:
         fc:8f:49:dc:6e:f4:3c:0f:1e:ab:d0:24:54:66:ce:f5:f4:4f:
         fc:e9:a3:d5:2e:19:6f:4e:c9:3a:39:20:24:9a:da:9a:6b:a2:
         68:09:63:eb:6b:0f:b2:24:ca:1e:e9:f1:28:d2:c5:56:0b:06:
         12:68:3a:35:f5:71:a3:81:d5:ef:a7:a0:63:f4:9c:99:e4:30:
         c3:e6:63:d1:9b:6f:c1:bc:c3:27:78:d9:52:a6:5c:83:56:1d:
         6d:09:18:3b:2a:51:54:fa:1f:e4:63:20:b3:c8:23:de:2f:98:
         81:80:b0:a8:a4:13:14:0f:60:8f:40:d4:ea:dc:68:93:b8:27:
         c0:af:0d:05:94:50:1d:21:e9:e4:ca:74:c7:03:57:34:a4:4e:
         8e:13:50:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJLSjyqxZjxMvE9bYC0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjUwMTAyMTM1MDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzdhM2IzNTc3MmZlZDRkZWU4NjY1YjdiZTVmMjRiNzE1YzgxMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUnH4IyXuhMqMclaLQJaXjjAUPVY
vNpeI01wSr1v06i55fCTHtykkxf3SQESjTMqV6c6cBQKZ1dfhJXtl9MLHSxTJ0YE
E+CUqsSg5fyP6X0z4XvN3jMFr41AWWUEO4mUunyxNYW5HeY7wVkDnjbCq69fIvfP
v9+m+t8yWCoTdMjz5AQdowZ29/EmJ+63x16g7kFpDNbiT+hOgOishPOKGgsp3QM6
EPhgXWv1Tsb3DSQ22lTqK+AijXMLWqg0R+OA18cq2Yot5NaEKs/8Z2fq4OOwwsbO
qljuQ6pmOUhFhH+dyAsZCWkAIjJGtA2tu1ZIoaVZhT56QCd8fp9e3ihlZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNN6OzV3L+1N7oZlt75fJLcVyBFSMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvMDNvN05YY3Y3VTN1aG1XM3ZsOGt0eFhJRVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbSYMA0G
CSqGSIb3DQEBCwUAA4IBAQBkVRG4XHkgSgCVsaXWYbbyiuA5xn7xHOAhfKT1648J
QsTRvKGozdKSn5Nlrf9JyEOztr2SrhPTBGJGa0WWT5vXM7O0vg9tqhe12Ddtoj7g
4bl1HyX4Lnz6XOcHaV/V8OSgpl+x8BoIz+K0XEv8j0ncbvQ8Dx6r0CRUZs719E/8
6aPVLhlvTsk6OSAkmtqaa6JoCWPraw+yJMoe6fEo0sVWCwYSaDo19XGjgdXvp6Bj
9JyZ5DDD5mPRm2/BvMMneNlSplyDVh1tCRg7KlFU+h/kYyCzyCPeL5iBgLCopBMU
D2CPQNTq3GiTuCfArw0FlFAdIenkynTHA1c0pE6OE1Dl
-----END CERTIFICATE-----