Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/lY5kmFeqp40bJTAHSYquktQ1mGY.roa
File:                     lY5kmFeqp40bJTAHSYquktQ1mGY.roa (raw, json)
Hash identifier:          IxmyoSgbRNiRzj38mX3fulMm1CP4S4N3AKLdLxvwvQ4=
Subject key identifier:   95:8E:64:98:57:AA:A7:8D:1B:25:30:07:49:8A:AE:92:D4:35:98:66
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       018EACEEB1AE1DA901DC7761877773A99AC5
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/lY5kmFeqp40bJTAHSYquktQ1mGY.roa
Signing time:             Fri 05 Apr 2024 06:25:07 +0000
ROA not before:           Fri 05 Apr 2024 06:25:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50738
IP address blocks:        5.180.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ac:ee:b1:ae:1d:a9:01:dc:77:61:87:77:73:a9:9a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Apr  5 06:25:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=958e649857aaa78d1b253007498aae92d4359866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c0:bf:59:e6:15:9c:ff:51:bf:ec:8a:6b:f4:
                    b9:25:d3:5c:bb:19:97:33:09:1b:6e:42:0f:91:47:
                    78:f8:54:cd:5f:ec:a8:f4:a8:18:8a:91:b3:d2:e8:
                    44:1d:37:80:95:21:26:43:41:26:6b:e0:70:6d:d5:
                    4e:c0:7c:52:ed:8c:7d:e2:0d:69:b4:81:e3:98:9b:
                    51:75:ee:7f:71:86:52:8c:18:43:eb:5c:83:aa:e5:
                    80:1e:8d:2d:16:4e:f5:88:fc:e5:85:33:26:f0:a2:
                    4d:c0:ce:33:23:cf:6e:58:26:73:58:74:cd:8b:5d:
                    8e:40:70:6b:5f:b0:71:63:02:bf:34:9f:7d:70:03:
                    67:f2:f2:a4:d5:cf:a5:ce:16:b4:94:53:69:d1:bd:
                    78:0c:f3:e0:6b:c1:9c:cd:23:2a:b8:9a:5b:e8:6e:
                    b7:a1:a0:44:c4:ef:7d:35:b5:ea:00:00:55:8c:e0:
                    8d:68:76:ac:41:71:4d:c1:47:0d:ee:1a:23:d7:9a:
                    62:f1:f9:be:a2:9d:2e:11:44:a7:18:43:b1:c6:cc:
                    11:1d:76:ba:ed:97:4b:28:0a:e1:dd:8e:99:b0:d2:
                    da:40:35:99:dd:82:22:86:cb:5f:fa:a9:01:9e:aa:
                    9f:09:54:07:7c:6c:6c:72:31:09:bb:8a:94:38:57:
                    41:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:8E:64:98:57:AA:A7:8D:1B:25:30:07:49:8A:AE:92:D4:35:98:66
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/lY5kmFeqp40bJTAHSYquktQ1mGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:55:74:cb:90:88:8f:e1:75:94:54:3b:ed:e8:73:18:36:ca:
         38:2f:8d:bc:76:87:dd:fe:15:ea:7f:10:c9:99:91:0b:3c:d5:
         fa:b2:20:86:50:4b:04:58:51:a0:ba:df:09:44:73:78:a5:1e:
         fa:bb:df:71:e0:1d:c8:fd:9c:c5:0a:8b:2e:47:05:e1:47:d5:
         56:0a:78:b0:7e:42:f3:b9:54:3b:af:58:45:db:87:19:1f:e5:
         00:02:82:a3:d9:72:36:ec:b6:62:bd:f8:02:36:de:2c:be:ab:
         07:ef:55:72:c1:cd:7b:45:95:2f:84:ef:dd:d4:b2:a1:7e:11:
         46:e1:18:30:9c:c4:3f:1c:d5:db:ad:ef:9d:f0:63:3c:d6:33:
         ff:9a:45:35:11:a5:71:37:68:77:1f:73:5d:87:c5:32:39:63:
         45:8e:88:55:ab:06:74:20:98:fa:33:23:ee:0c:e7:8e:ba:51:
         5a:df:0d:03:20:a1:cc:63:6d:04:b1:49:db:ee:28:67:72:7f:
         4f:60:e7:91:c8:77:01:b4:f4:01:c6:bb:e4:86:34:d9:55:49:
         b5:96:1a:fe:c0:d2:38:c6:4a:57:97:27:08:7d:44:a3:ce:32:
         4f:5a:a3:8e:c3:a8:0d:d6:a1:93:3d:4a:7f:c7:7d:b9:74:22:
         eb:28:d7:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6s7rGuHakB3Hdhh3dzqZrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjQwNDA1MDYyNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NThlNjQ5ODU3YWFhNzhkMWIyNTMwMDc0OThhYWU5MmQ0MzU5ODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMC/WeYVnP9Rv+yKa/S5JdNcuxmX
MwkbbkIPkUd4+FTNX+yo9KgYipGz0uhEHTeAlSEmQ0Ema+BwbdVOwHxS7Yx94g1p
tIHjmJtRde5/cYZSjBhD61yDquWAHo0tFk71iPzlhTMm8KJNwM4zI89uWCZzWHTN
i12OQHBrX7BxYwK/NJ99cANn8vKk1c+lzha0lFNp0b14DPPga8GczSMquJpb6G63
oaBExO99NbXqAABVjOCNaHasQXFNwUcN7hoj15pi8fm+op0uEUSnGEOxxswRHXa6
7ZdLKArh3Y6ZsNLaQDWZ3YIihstf+qkBnqqfCVQHfGxscjEJu4qUOFdBIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWOZJhXqqeNGyUwB0mKrpLUNZhmMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvbFk1a21GZXFwNDBiSlRBSFNZcXVrdFExbUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbSaMA0G
CSqGSIb3DQEBCwUAA4IBAQCDVXTLkIiP4XWUVDvt6HMYNso4L428dofd/hXqfxDJ
mZELPNX6siCGUEsEWFGgut8JRHN4pR76u99x4B3I/ZzFCosuRwXhR9VWCniwfkLz
uVQ7r1hF24cZH+UAAoKj2XI27LZivfgCNt4svqsH71Vywc17RZUvhO/d1LKhfhFG
4RgwnMQ/HNXbre+d8GM81jP/mkU1EaVxN2h3H3Ndh8UyOWNFjohVqwZ0IJj6MyPu
DOeOulFa3w0DIKHMY20EsUnb7ihncn9PYOeRyHcBtPQBxrvkhjTZVUm1lhr+wNI4
xkpXlycIfUSjzjJPWqOOw6gN1qGTPUp/x325dCLrKNd1
-----END CERTIFICATE-----