Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/7sjN2_HImQcJ9USVUGWMp0CNmPA.roa
File:                     7sjN2_HImQcJ9USVUGWMp0CNmPA.roa (raw, json)
Hash identifier:          CA5FQ+7/XO2sFqAdifwglNJ59I+wJgTcZkMw34QXhR8=
Subject key identifier:   EE:C8:CD:DB:F1:C8:99:07:09:F5:44:95:50:65:8C:A7:40:8D:98:F0
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       0194274891B54B9A7AD69B6F4057690403F6
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/7sjN2_HImQcJ9USVUGWMp0CNmPA.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211557
IP address blocks:        5.180.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:91:b5:4b:9a:7a:d6:9b:6f:40:57:69:04:03:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eec8cddbf1c8990709f5449550658ca7408d98f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b2:d7:78:a3:75:6c:51:09:cd:a3:c1:e1:4b:
                    ac:80:30:50:b9:80:52:db:f9:8c:d6:c8:07:2e:3e:
                    fc:33:f1:8d:4d:32:f1:a6:01:b9:94:70:87:4c:c6:
                    62:a5:f8:f0:40:f2:c8:d0:d6:9b:f0:43:64:b4:59:
                    5e:fd:b5:aa:42:51:83:51:a3:72:78:32:dd:b5:10:
                    8b:8f:1f:4d:af:73:aa:a8:a8:13:0c:de:9a:48:cb:
                    44:29:8b:63:91:c4:ea:63:12:83:94:ff:cf:4f:90:
                    e7:8f:c5:3f:57:4c:be:dd:af:3f:bb:5d:8b:80:82:
                    fe:01:42:05:2c:eb:23:ba:6c:84:d0:b1:a9:12:59:
                    23:cd:a5:01:50:d6:e1:e1:b4:af:8f:4b:3b:20:70:
                    d7:cc:77:01:63:6e:41:68:b9:71:dd:ea:a8:59:75:
                    43:91:ba:c8:d6:d8:5d:9c:60:b0:30:4a:16:1d:96:
                    31:28:fa:99:75:b8:9d:68:37:8b:fd:c4:82:17:63:
                    11:0f:45:73:02:b5:f4:f7:51:44:11:af:20:ae:b9:
                    ca:1b:02:4a:08:7d:a5:31:ec:55:13:4b:06:93:62:
                    b8:ed:b1:66:41:2b:01:45:c6:ef:e4:b1:a1:a0:62:
                    0e:d3:0c:3b:14:91:c3:1f:5f:c9:c0:12:75:0b:eb:
                    4d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:C8:CD:DB:F1:C8:99:07:09:F5:44:95:50:65:8C:A7:40:8D:98:F0
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/7sjN2_HImQcJ9USVUGWMp0CNmPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:1a:6f:d4:51:5d:a5:40:4e:db:a0:27:c4:87:a1:0f:4a:c2:
         60:d6:b5:25:c2:2e:1c:91:8f:c4:ee:36:76:d0:51:f3:c7:15:
         53:1a:53:f8:d7:60:d1:7a:f0:c1:ac:3d:35:89:92:0e:9c:77:
         0e:bd:25:97:82:1a:8f:25:c8:bc:1d:a6:8e:0c:9a:5a:f9:5a:
         fe:47:b9:6b:81:57:50:d1:f1:82:90:e3:96:8e:83:7f:dd:1a:
         e3:d9:86:3f:4c:6d:fb:d1:61:cf:80:46:db:6f:6d:5b:c7:b7:
         96:98:7d:1c:c4:2f:5a:30:bf:0a:58:04:67:33:03:14:96:04:
         b4:41:d0:c8:ec:92:9f:1b:a8:f6:a6:cf:51:9f:ed:7a:fc:53:
         c8:32:c0:25:7d:16:c1:71:6f:53:b0:4b:e4:d5:5e:eb:79:90:
         9a:42:84:3f:c0:97:82:fe:68:67:4c:a3:21:64:88:8d:73:a9:
         e7:d0:43:e0:b0:09:3d:80:2e:5e:cb:78:93:d0:40:f8:09:5f:
         5b:db:a8:c8:83:4e:2d:ee:98:c6:5d:6c:a3:0a:b5:e7:95:65:
         29:98:ec:5d:d4:c9:5b:e9:86:36:68:69:8f:15:4d:eb:5f:0d:
         60:0b:03:01:b2:e4:02:6d:56:5c:73:8a:c4:da:11:30:5c:a2:
         01:ad:79:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJG1S5p61ptvQFdpBAP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWM4Y2RkYmYxYzg5OTA3MDlmNTQ0OTU1MDY1OGNhNzQwOGQ5OGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbLXeKN1bFEJzaPB4UusgDBQuYBS
2/mM1sgHLj78M/GNTTLxpgG5lHCHTMZipfjwQPLI0Nab8ENktFle/bWqQlGDUaNy
eDLdtRCLjx9Nr3OqqKgTDN6aSMtEKYtjkcTqYxKDlP/PT5Dnj8U/V0y+3a8/u12L
gIL+AUIFLOsjumyE0LGpElkjzaUBUNbh4bSvj0s7IHDXzHcBY25BaLlx3eqoWXVD
kbrI1thdnGCwMEoWHZYxKPqZdbidaDeL/cSCF2MRD0VzArX091FEEa8grrnKGwJK
CH2lMexVE0sGk2K47bFmQSsBRcbv5LGhoGIO0ww7FJHDH1/JwBJ1C+tNqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7IzdvxyJkHCfVElVBljKdAjZjwMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvN3NqTjJfSEltUWNKOVVTVlVHV01wMENObVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbSbMA0G
CSqGSIb3DQEBCwUAA4IBAQBSGm/UUV2lQE7boCfEh6EPSsJg1rUlwi4ckY/E7jZ2
0FHzxxVTGlP412DRevDBrD01iZIOnHcOvSWXghqPJci8HaaODJpa+Vr+R7lrgVdQ
0fGCkOOWjoN/3Rrj2YY/TG370WHPgEbbb21bx7eWmH0cxC9aML8KWARnMwMUlgS0
QdDI7JKfG6j2ps9Rn+16/FPIMsAlfRbBcW9TsEvk1V7reZCaQoQ/wJeC/mhnTKMh
ZIiNc6nn0EPgsAk9gC5ey3iT0ED4CV9b26jIg04t7pjGXWyjCrXnlWUpmOxd1Mlb
6YY2aGmPFU3rXw1gCwMBsuQCbVZcc4rE2hEwXKIBrXlM
-----END CERTIFICATE-----