Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/vlM_ktUPh9YMyXGP5lWXtK5QYKI.roa
File:                     vlM_ktUPh9YMyXGP5lWXtK5QYKI.roa (raw, json)
Hash identifier:          U8y+ivAuQQt5uGM6IT2qpM5NAadxtpu1MJgeCGfGzvc=
Subject key identifier:   BE:53:3F:92:D5:0F:87:D6:0C:C9:71:8F:E6:55:97:B4:AE:50:60:A2
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       0194274891E10E0AB151940B09C9B913BB71
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/vlM_ktUPh9YMyXGP5lWXtK5QYKI.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        5.180.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:91:e1:0e:0a:b1:51:94:0b:09:c9:b9:13:bb:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be533f92d50f87d60cc9718fe65597b4ae5060a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:21:ea:f1:ea:24:74:5b:1b:c6:19:65:af:91:
                    ad:f1:04:62:d7:67:7b:a9:eb:69:e2:f6:cb:5b:03:
                    65:f6:d6:77:25:a7:28:d1:d1:cb:18:58:f4:f8:93:
                    28:d5:93:cf:8a:19:cc:0a:8a:b2:0b:fe:ad:7a:34:
                    09:1a:9e:a6:0b:a6:28:d0:fe:26:a1:fe:f3:e8:d9:
                    17:27:4c:e6:48:76:fa:9b:e7:5e:c4:66:8e:9a:26:
                    bd:9b:e7:a0:3a:14:dd:db:e8:ee:ab:b9:45:49:a3:
                    dd:88:ac:fc:fa:d7:fb:33:d1:bc:30:bd:3f:d6:52:
                    2c:3f:f8:27:c4:7f:6f:37:87:c9:36:dc:86:ba:4b:
                    2e:f3:8e:03:30:cb:30:3c:71:bb:d5:96:20:92:e6:
                    4c:fa:c9:e0:f1:c7:7c:56:b6:d7:ba:6f:a9:9a:f7:
                    1d:3f:f6:13:db:61:4e:ea:5c:3b:b9:58:d3:d5:f3:
                    0c:1c:b1:81:bb:e5:a6:92:97:34:cb:a4:4e:f6:13:
                    f6:a8:db:15:c9:8b:fd:ba:ec:88:83:df:e9:e9:38:
                    47:19:0f:2b:4b:4f:0b:38:50:71:d8:5a:3c:b9:6c:
                    f2:ba:37:86:32:8f:27:2c:43:dd:34:d9:14:4a:83:
                    7d:83:8d:85:b6:dc:08:24:1d:59:ee:ea:73:fc:4d:
                    49:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:53:3F:92:D5:0F:87:D6:0C:C9:71:8F:E6:55:97:B4:AE:50:60:A2
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/vlM_ktUPh9YMyXGP5lWXtK5QYKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:a2:61:87:24:36:57:ac:fe:70:e9:41:22:b2:ee:45:9e:4d:
         64:1b:6a:ec:52:bf:c0:71:95:e4:58:89:7c:33:90:e2:2d:c0:
         e3:39:48:8b:99:9d:80:80:d1:70:42:1b:3a:69:53:ad:48:bd:
         2b:a9:1d:3c:5a:5d:c8:8a:8a:f7:72:60:f1:30:da:ca:77:43:
         d4:bf:49:44:54:65:c9:92:9c:cc:37:12:ae:96:16:4d:5a:02:
         37:d1:54:fd:ae:b0:97:c5:73:db:7f:2f:87:f6:20:79:9a:06:
         81:97:a9:15:33:54:93:81:8c:f7:4f:53:f2:71:b1:5f:f7:bb:
         80:23:b1:79:ec:0c:1e:97:b0:80:54:98:9e:54:cc:be:03:13:
         bd:e6:e3:2c:43:7a:d4:ae:3a:69:d0:7e:cd:28:ea:d6:df:2f:
         7e:ab:5e:bc:cb:f3:0c:f5:b7:7b:ad:8b:28:e4:d7:dd:2a:f6:
         f9:93:c6:ea:fd:bb:30:cf:c2:c8:9e:e6:d1:56:a2:55:33:b8:
         e1:bc:92:f9:bc:fa:bb:cc:91:2c:44:82:d5:f4:d4:fb:96:61:
         67:0a:ed:eb:b0:45:dc:69:7d:36:49:d8:d4:41:91:b0:1e:41:
         90:ee:29:05:dc:9d:60:16:55:a3:86:22:fb:31:ff:18:c9:71:
         60:f1:16:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJHhDgqxUZQLCcm5E7txMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTUzM2Y5MmQ1MGY4N2Q2MGNjOTcxOGZlNjU1OTdiNGFlNTA2MGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSHq8eokdFsbxhllr5Gt8QRi12d7
qetp4vbLWwNl9tZ3Jaco0dHLGFj0+JMo1ZPPihnMCoqyC/6tejQJGp6mC6Yo0P4m
of7z6NkXJ0zmSHb6m+dexGaOmia9m+egOhTd2+juq7lFSaPdiKz8+tf7M9G8ML0/
1lIsP/gnxH9vN4fJNtyGuksu844DMMswPHG71ZYgkuZM+sng8cd8VrbXum+pmvcd
P/YT22FO6lw7uVjT1fMMHLGBu+Wmkpc0y6RO9hP2qNsVyYv9uuyIg9/p6ThHGQ8r
S08LOFBx2Fo8uWzyujeGMo8nLEPdNNkUSoN9g42FttwIJB1Z7upz/E1J3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5TP5LVD4fWDMlxj+ZVl7SuUGCiMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvdmxNX2t0VVBoOVlNeVhHUDVsV1h0SzVRWUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbSZMA0G
CSqGSIb3DQEBCwUAA4IBAQBjomGHJDZXrP5w6UEisu5Fnk1kG2rsUr/AcZXkWIl8
M5DiLcDjOUiLmZ2AgNFwQhs6aVOtSL0rqR08Wl3Iior3cmDxMNrKd0PUv0lEVGXJ
kpzMNxKulhZNWgI30VT9rrCXxXPbfy+H9iB5mgaBl6kVM1STgYz3T1PycbFf97uA
I7F57Awel7CAVJieVMy+AxO95uMsQ3rUrjpp0H7NKOrW3y9+q168y/MM9bd7rYso
5NfdKvb5k8bq/bswz8LInubRVqJVM7jhvJL5vPq7zJEsRILV9NT7lmFnCu3rsEXc
aX02SdjUQZGwHkGQ7ikF3J1gFlWjhiL7Mf8YyXFg8RYP
-----END CERTIFICATE-----