Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/c489fLecnaiT0E1wzRZmfoFJ_eQ.roa
File:                     c489fLecnaiT0E1wzRZmfoFJ_eQ.roa (raw, json)
Hash identifier:          XEaj9+TyFFd1ymI2Af539q9GNDkeNZojOZe3lzAjUp8=
Subject key identifier:   73:8F:3D:7C:B7:9C:9D:A8:93:D0:4D:70:CD:16:66:7E:81:49:FD:E4
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018F50C1012E66297A81370727D80BCFC3C1
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/c489fLecnaiT0E1wzRZmfoFJ_eQ.roa
Signing time:             Tue 07 May 2024 01:52:56 +0000
ROA not before:           Tue 07 May 2024 01:52:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27796
IP address blocks:        201.77.54.0/24 maxlen: 24
                          201.77.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:50:c1:01:2e:66:29:7a:81:37:07:27:d8:0b:cf:c3:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May  7 01:52:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=738f3d7cb79c9da893d04d70cd16667e8149fde4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:5e:bc:0f:c1:56:1e:79:32:70:ed:3b:bf:62:
                    9b:dd:02:e0:a5:b9:64:a0:37:e3:a8:1c:5c:81:6a:
                    88:77:e7:18:62:03:17:0e:ce:4c:b1:ba:a4:6a:ce:
                    02:75:98:2b:8d:c6:8b:a8:f0:68:53:b5:1d:5b:7d:
                    fc:5e:9b:31:ac:33:ac:fa:02:70:c1:2b:91:61:a4:
                    b8:0a:e1:bb:f4:94:27:61:54:e0:75:52:55:b7:6a:
                    dc:64:e6:70:88:df:6e:11:65:71:0e:e6:ce:c4:2d:
                    71:15:a5:34:35:77:c4:0a:39:27:4c:06:b8:6b:fe:
                    4d:8d:cc:c5:58:fd:bc:e2:b1:30:d1:92:2e:42:59:
                    3f:cf:51:e6:36:df:2b:8f:c4:12:61:e8:60:bb:cf:
                    f3:7c:14:51:a2:8a:22:73:ce:a6:ec:c5:71:95:6d:
                    84:f1:ab:d3:3c:88:38:d3:ba:0e:ce:80:0d:c5:79:
                    4d:d8:94:62:12:1c:ea:41:9f:ef:67:cd:37:fa:4f:
                    3f:09:4e:51:08:7a:40:05:6d:fa:de:9f:2b:67:7d:
                    17:c2:cb:2b:20:12:84:01:d4:95:bb:3b:f3:f9:49:
                    79:1e:14:26:a3:0d:cb:48:3e:56:7d:21:85:30:42:
                    25:b2:ee:d6:d5:00:a8:a6:07:c2:cc:19:02:a9:aa:
                    a1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:8F:3D:7C:B7:9C:9D:A8:93:D0:4D:70:CD:16:66:7E:81:49:FD:E4
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/c489fLecnaiT0E1wzRZmfoFJ_eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.54.0/24
                  201.77.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:9b:b3:bf:3d:e1:4a:19:3d:58:93:f4:64:1a:f6:23:a5:11:
         d8:a3:46:b0:a4:e5:d3:f5:96:ff:58:a5:ab:6c:e5:46:9b:b1:
         1c:cb:82:1a:1b:81:b4:74:61:ce:64:fc:cd:88:e8:43:7a:65:
         35:58:f2:d9:c0:98:b3:2b:18:3d:6a:c8:5a:f0:09:90:82:78:
         76:8e:d4:59:00:b9:38:24:b4:17:7b:66:c8:65:99:a3:27:83:
         f1:87:4d:80:a9:92:b3:17:a5:55:e0:0b:bb:14:4e:f5:32:1f:
         b6:30:6d:01:91:ed:2e:8a:1e:a6:4e:26:c6:58:ba:9e:c9:17:
         51:25:dc:9f:fd:d6:4d:a6:ac:13:6b:0d:4c:7a:1c:3f:16:54:
         37:a0:3a:29:17:63:1c:78:c8:2e:2c:73:b9:e8:4b:2b:77:8b:
         c6:16:77:21:01:fe:8c:86:1f:cf:ae:dc:26:43:5d:6e:c5:14:
         84:ed:2f:ab:81:c1:50:cf:58:bd:b7:49:1b:f5:a1:ef:a2:cc:
         34:cd:a9:19:bc:e7:e0:7c:19:4e:a6:a2:ae:74:b9:15:1a:e4:
         14:a3:54:a6:b3:95:95:bd:39:0d:80:f3:bf:25:07:a3:bc:ec:
         82:b7:ed:12:67:6c:bb:fc:3c:42:3b:f9:98:92:06:1e:7a:b1:
         72:9f:80:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9QwQEuZil6gTcHJ9gLz8PBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNTA3MDE1MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzhmM2Q3Y2I3OWM5ZGE4OTNkMDRkNzBjZDE2NjY3ZTgxNDlmZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/V68D8FWHnkycO07v2Kb3QLgpblk
oDfjqBxcgWqId+cYYgMXDs5Msbqkas4CdZgrjcaLqPBoU7UdW338XpsxrDOs+gJw
wSuRYaS4CuG79JQnYVTgdVJVt2rcZOZwiN9uEWVxDubOxC1xFaU0NXfECjknTAa4
a/5NjczFWP284rEw0ZIuQlk/z1HmNt8rj8QSYehgu8/zfBRRoooic86m7MVxlW2E
8avTPIg407oOzoANxXlN2JRiEhzqQZ/vZ803+k8/CU5RCHpABW363p8rZ30Xwssr
IBKEAdSVuzvz+Ul5HhQmow3LSD5WfSGFMEIlsu7W1QCopgfCzBkCqaqhxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHOPPXy3nJ2ok9BNcM0WZn6BSf3kMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvYzQ4OWZMZWNuYWlUMEUxd3pSWm1mb0ZKX2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAyU02AwQA
yU0+MA0GCSqGSIb3DQEBCwUAA4IBAQCmm7O/PeFKGT1Yk/RkGvYjpRHYo0awpOXT
9Zb/WKWrbOVGm7Ecy4IaG4G0dGHOZPzNiOhDemU1WPLZwJizKxg9asha8AmQgnh2
jtRZALk4JLQXe2bIZZmjJ4Pxh02AqZKzF6VV4Au7FE71Mh+2MG0Bke0uih6mTibG
WLqeyRdRJdyf/dZNpqwTaw1Mehw/FlQ3oDopF2MceMguLHO56Esrd4vGFnchAf6M
hh/PrtwmQ11uxRSE7S+rgcFQz1i9t0kb9aHvosw0zakZvOfgfBlOpqKudLkVGuQU
o1Sms5WVvTkNgPO/JQejvOyCt+0SZ2y7/DxCO/mYkgYeerFyn4Bf
-----END CERTIFICATE-----