Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/N8k2TrCtZegKjjZ-WWd6AMPX5RU.roa
File:                     N8k2TrCtZegKjjZ-WWd6AMPX5RU.roa (raw, json)
Hash identifier:          n0kryDikypIQ15lrOig2ttq2l+vMduOB1IWfGgwZy08=
Subject key identifier:   37:C9:36:4E:B0:AD:65:E8:0A:8E:36:7E:59:67:7A:00:C3:D7:E5:15
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       01942748913420D3E006C356B78A12DD294C
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/N8k2TrCtZegKjjZ-WWd6AMPX5RU.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        5.180.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:91:34:20:d3:e0:06:c3:56:b7:8a:12:dd:29:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37c9364eb0ad65e80a8e367e59677a00c3d7e515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:aa:9c:36:15:ae:7e:7e:04:69:94:19:8c:a4:
                    04:f8:70:83:a0:9f:ab:ae:c6:87:5a:8d:c4:5b:f3:
                    b0:98:9b:17:ca:ad:fd:ac:27:cc:08:af:88:c1:2e:
                    ca:a2:30:14:a1:56:aa:23:be:ca:19:6d:af:88:a3:
                    dd:7b:68:af:31:56:17:c0:ae:5e:49:0f:55:45:07:
                    2d:54:45:50:b7:5a:c5:d3:80:98:06:5f:95:29:d3:
                    95:fd:eb:32:51:fa:6c:dd:11:29:0d:c2:83:ee:2f:
                    e9:3d:6b:de:b2:3c:24:25:90:fa:54:b1:79:ff:42:
                    46:eb:77:e7:ce:5f:c1:52:bd:0d:fa:b3:28:63:fd:
                    9f:cc:12:f0:19:3a:18:a4:0d:d9:07:22:9d:75:9e:
                    f0:fd:29:70:b6:40:4a:a1:37:55:83:c0:8b:fe:0d:
                    c0:39:79:fd:df:f8:c1:ba:32:89:83:8e:3f:2f:25:
                    9f:0c:6c:28:00:98:6a:62:36:ec:88:6b:dd:7c:8e:
                    46:29:e1:28:95:4a:d2:23:97:4c:24:be:7f:a4:b0:
                    e6:ed:92:54:33:54:c1:5c:6f:96:cb:81:4a:e6:1b:
                    95:cb:6f:30:c5:3c:5c:82:d8:69:a1:14:48:de:f2:
                    0b:7f:75:8f:92:3d:f7:68:52:9c:f6:6b:f8:97:27:
                    3a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:C9:36:4E:B0:AD:65:E8:0A:8E:36:7E:59:67:7A:00:C3:D7:E5:15
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/N8k2TrCtZegKjjZ-WWd6AMPX5RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:e4:61:58:f1:72:1b:e9:31:aa:7b:b9:78:c9:6c:f6:fc:d5:
         2a:23:f4:6d:68:9d:9b:ac:81:6b:49:07:00:5a:5d:53:44:8b:
         c6:fb:d7:ee:b4:29:11:23:77:7d:e9:f3:ad:f8:a4:40:66:d8:
         50:cb:79:b6:23:31:a4:8c:fb:25:14:a6:23:28:d8:0e:05:a0:
         e0:e6:13:b6:31:31:e4:14:9d:36:5c:d5:bc:4f:1e:a7:62:4c:
         1c:c0:61:62:70:c6:fb:0d:65:6b:08:93:63:fc:68:28:9f:39:
         76:f1:96:7b:d9:ec:47:ec:e7:85:87:02:12:89:9b:a2:19:6d:
         05:90:01:40:40:c9:29:37:f4:1a:8e:2a:7f:84:da:f5:09:2c:
         1a:12:ad:78:57:5d:f8:11:50:35:95:44:e5:23:af:f6:80:f3:
         ed:78:18:04:03:f5:93:5c:0b:20:4b:aa:07:0b:18:ec:72:2c:
         9e:b7:fa:3a:4a:e5:e9:ef:bf:b1:98:2e:17:26:cc:e6:d6:65:
         1d:2d:20:b4:73:4d:f1:25:05:c8:06:e3:a1:c7:7e:4d:b5:d7:
         27:2a:4d:4e:0a:93:fd:f0:24:92:93:57:21:b7:6f:b1:21:9f:
         df:c3:6e:28:76:fd:90:0c:af:0d:32:2a:4a:85:3d:cf:53:4d:
         c3:e8:fa:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJE0INPgBsNWt4oS3SlMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2M5MzY0ZWIwYWQ2NWU4MGE4ZTM2N2U1OTY3N2EwMGMzZDdlNTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKqcNhWufn4EaZQZjKQE+HCDoJ+r
rsaHWo3EW/OwmJsXyq39rCfMCK+IwS7KojAUoVaqI77KGW2viKPde2ivMVYXwK5e
SQ9VRQctVEVQt1rF04CYBl+VKdOV/esyUfps3REpDcKD7i/pPWvesjwkJZD6VLF5
/0JG63fnzl/BUr0N+rMoY/2fzBLwGToYpA3ZByKddZ7w/SlwtkBKoTdVg8CL/g3A
OXn93/jBujKJg44/LyWfDGwoAJhqYjbsiGvdfI5GKeEolUrSI5dMJL5/pLDm7ZJU
M1TBXG+Wy4FK5huVy28wxTxcgthpoRRI3vILf3WPkj33aFKc9mv4lyc6CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfJNk6wrWXoCo42fllnegDD1+UVMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvTjhrMlRyQ3RaZWdLampaLVdXZDZBTVBYNVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbSaMA0G
CSqGSIb3DQEBCwUAA4IBAQAV5GFY8XIb6TGqe7l4yWz2/NUqI/RtaJ2brIFrSQcA
Wl1TRIvG+9futCkRI3d96fOt+KRAZthQy3m2IzGkjPslFKYjKNgOBaDg5hO2MTHk
FJ02XNW8Tx6nYkwcwGFicMb7DWVrCJNj/Ggonzl28ZZ72exH7OeFhwISiZuiGW0F
kAFAQMkpN/Qajip/hNr1CSwaEq14V134EVA1lUTlI6/2gPPteBgEA/WTXAsgS6oH
Cxjsciyet/o6SuXp77+xmC4XJszm1mUdLSC0c03xJQXIBuOhx35NtdcnKk1OCpP9
8CSSk1cht2+xIZ/fw24odv2QDK8NMipKhT3PU03D6PrL
-----END CERTIFICATE-----