Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/9jFvMPEm8tbNg4P8pvRr1deFnnw.roa
File:                     9jFvMPEm8tbNg4P8pvRr1deFnnw.roa (raw, json)
Hash identifier:          Ci2pDd55z2AsSkGIC6SgBbAmeSS4qgYKY9P5inVnIr4=
Subject key identifier:   F6:31:6F:30:F1:26:F2:D6:CD:83:83:FC:A6:F4:6B:D5:D7:85:9E:7C
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018FC923F4116DD75188BF0F41A517DF12D6
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/9jFvMPEm8tbNg4P8pvRr1deFnnw.roa
Signing time:             Thu 30 May 2024 10:55:27 +0000
ROA not before:           Thu 30 May 2024 10:55:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209618
IP address blocks:        201.77.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 03:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c9:23:f4:11:6d:d7:51:88:bf:0f:41:a5:17:df:12:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 30 10:55:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6316f30f126f2d6cd8383fca6f46bd5d7859e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4f:f1:f6:6a:24:ee:a4:96:4d:43:50:fe:5d:
                    a0:c5:14:af:0b:9e:bd:76:02:72:bc:19:86:5d:76:
                    45:58:90:36:b8:23:73:4d:e8:57:bd:72:d5:23:ea:
                    d5:f0:7c:15:0a:b9:f9:c5:71:f2:8b:23:63:d0:c1:
                    bd:c0:84:36:ea:0e:53:00:0f:7b:2a:af:00:e0:d5:
                    a8:ec:49:bc:51:dd:f5:0f:05:85:e8:1b:d7:76:7c:
                    db:93:d3:25:a0:6c:21:37:bf:1f:c2:be:7c:32:55:
                    7d:9c:74:f7:95:0d:51:1d:07:f8:4a:2f:42:6e:a7:
                    5d:20:9e:e9:72:ed:22:e0:76:28:21:0c:42:47:e4:
                    35:50:27:05:44:74:d5:c7:46:d3:77:44:9a:eb:0f:
                    ce:2e:84:77:3f:5a:2c:26:e7:5c:31:de:93:33:fe:
                    3a:7d:03:3b:08:4f:cb:bb:6a:ad:60:8e:21:01:c0:
                    65:83:11:8f:1b:ad:0e:22:f4:ce:58:3c:fb:7d:fd:
                    cd:9f:f0:8e:40:b9:04:ce:0b:32:af:e6:8d:be:c2:
                    bf:60:0a:e0:d7:c6:a2:6e:28:39:c8:a3:65:5b:04:
                    c0:45:b1:eb:b2:1a:dc:9b:bf:e1:a3:e6:5e:d4:34:
                    b2:2b:04:c5:13:52:16:de:8e:c2:25:65:20:a4:28:
                    8f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:31:6F:30:F1:26:F2:D6:CD:83:83:FC:A6:F4:6B:D5:D7:85:9E:7C
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/9jFvMPEm8tbNg4P8pvRr1deFnnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f9:04:72:a5:f8:4f:c1:c2:50:1f:0c:0c:c6:da:89:d7:45:
         ac:29:bc:d9:9e:d6:56:0c:ca:51:6c:9c:34:db:33:9f:07:3f:
         f2:18:9d:95:08:5d:a4:ab:9a:df:bc:1b:6d:bc:ba:9c:20:86:
         31:60:2e:9c:d0:34:c3:d4:34:51:c5:1f:8b:9a:0d:5a:e3:c4:
         58:b8:06:d3:87:ae:61:99:dc:ba:04:d8:81:fd:8a:b9:2b:68:
         38:ca:db:b1:80:bf:d6:58:c1:31:c0:6e:1b:18:18:82:8f:ac:
         9d:86:cf:73:1e:ff:d4:05:ad:70:c6:a3:bb:8c:d9:b6:45:1c:
         5c:e1:ee:d5:88:3d:0c:b5:33:22:89:e3:c7:91:a0:04:fe:3f:
         8c:d9:ee:d1:5e:c8:d1:26:45:48:fb:e6:8b:8f:ed:e9:e0:58:
         55:95:aa:3b:90:d2:75:ed:32:a9:7c:f2:68:10:46:3d:2c:c7:
         ef:ef:3c:18:ce:ab:1c:9b:cd:99:9f:ff:2c:3e:d7:4a:56:dc:
         51:29:28:79:88:7c:75:c4:98:55:3c:98:ca:4a:fc:f8:4a:b5:
         2d:4f:ea:4f:2a:75:1b:01:48:99:10:b9:19:75:1f:d5:23:46:
         1a:a2:3a:2c:bc:df:01:11:40:55:0d:e0:ce:b9:05:1d:fe:c8:
         b4:e6:6b:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/JI/QRbddRiL8PQaUX3xLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNTMwMTA1NTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjMxNmYzMGYxMjZmMmQ2Y2Q4MzgzZmNhNmY0NmJkNWQ3ODU5ZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0/x9mok7qSWTUNQ/l2gxRSvC569
dgJyvBmGXXZFWJA2uCNzTehXvXLVI+rV8HwVCrn5xXHyiyNj0MG9wIQ26g5TAA97
Kq8A4NWo7Em8Ud31DwWF6BvXdnzbk9MloGwhN78fwr58MlV9nHT3lQ1RHQf4Si9C
bqddIJ7pcu0i4HYoIQxCR+Q1UCcFRHTVx0bTd0Sa6w/OLoR3P1osJudcMd6TM/46
fQM7CE/Lu2qtYI4hAcBlgxGPG60OIvTOWDz7ff3Nn/COQLkEzgsyr+aNvsK/YArg
18aibig5yKNlWwTARbHrshrcm7/ho+Ze1DSyKwTFE1IW3o7CJWUgpCiPCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYxbzDxJvLWzYOD/Kb0a9XXhZ58MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvOWpGdk1QRW04dGJOZzRQOHB2UnIxZGVGbm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU09MA0G
CSqGSIb3DQEBCwUAA4IBAQAz+QRypfhPwcJQHwwMxtqJ10WsKbzZntZWDMpRbJw0
2zOfBz/yGJ2VCF2kq5rfvBttvLqcIIYxYC6c0DTD1DRRxR+Lmg1a48RYuAbTh65h
mdy6BNiB/Yq5K2g4ytuxgL/WWMExwG4bGBiCj6ydhs9zHv/UBa1wxqO7jNm2RRxc
4e7ViD0MtTMiiePHkaAE/j+M2e7RXsjRJkVI++aLj+3p4FhVlao7kNJ17TKpfPJo
EEY9LMfv7zwYzqscm82Zn/8sPtdKVtxRKSh5iHx1xJhVPJjKSvz4SrUtT+pPKnUb
AUiZELkZdR/VI0YaojosvN8BEUBVDeDOuQUd/si05mtU
-----END CERTIFICATE-----