Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/yA_UUlRWLsFt2t5NZ2bCg06OP28.roa
File:                     yA_UUlRWLsFt2t5NZ2bCg06OP28.roa (raw, json)
Hash identifier:          lJL/gQdd2DessRjRedVMqofn2VwLMyOkk1II/xxjZLA=
Subject key identifier:   C8:0F:D4:52:54:56:2E:C1:6D:DA:DE:4D:67:66:C2:83:4E:8E:3F:6F
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0197CA12DA8745EF5657F020C9FAC773F25C
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/yA_UUlRWLsFt2t5NZ2bCg06OP28.roa
Signing time:             Wed 02 Jul 2025 07:38:42 +0000
ROA not before:           Wed 02 Jul 2025 07:38:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     272104
IP address blocks:        201.77.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:12:da:87:45:ef:56:57:f0:20:c9:fa:c7:73:f2:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jul  2 07:38:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c80fd45254562ec16ddade4d6766c2834e8e3f6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3e:1e:b7:39:1c:d0:56:80:23:5b:fd:7b:52:
                    e3:b2:1b:96:93:81:1c:3f:41:e0:10:82:ab:d4:66:
                    bd:31:19:6a:99:58:70:1e:e2:1b:f4:1e:27:62:6d:
                    70:53:86:a8:17:2a:7e:e4:b6:c6:b4:66:63:24:d4:
                    b6:f0:f0:0b:40:43:c5:a2:07:89:1d:52:5c:21:32:
                    8a:a9:d6:98:ef:47:2c:e2:20:52:ce:26:42:8a:ea:
                    21:40:a8:6a:11:64:fe:79:b5:08:d0:fa:08:64:20:
                    07:3c:a3:4b:49:6a:87:50:e5:14:e3:98:75:b6:6d:
                    f9:60:5f:63:92:93:ba:c2:e0:db:7c:f1:d5:16:5d:
                    bc:1f:41:42:6b:0d:49:2d:f0:11:a5:38:5c:13:b5:
                    89:90:a1:52:92:59:32:23:8b:ca:97:16:b9:68:35:
                    87:be:1e:02:b3:7c:98:3a:c8:89:d0:d7:b4:7c:8b:
                    fc:eb:aa:1f:8c:48:10:0d:c8:cc:09:b8:b9:9e:da:
                    23:50:6d:ea:f4:3b:e6:8a:f8:04:d2:fa:8e:8e:97:
                    d2:55:b2:30:b7:d9:88:08:a8:6f:e3:e2:bb:d8:c9:
                    32:24:1f:f2:ae:4c:40:cb:17:fb:86:be:61:04:f4:
                    77:de:be:68:e6:27:21:98:53:84:ce:99:8b:46:af:
                    e2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0F:D4:52:54:56:2E:C1:6D:DA:DE:4D:67:66:C2:83:4E:8E:3F:6F
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/yA_UUlRWLsFt2t5NZ2bCg06OP28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:97:58:8c:c7:0b:fc:dd:65:d9:f5:c2:b6:2a:17:19:e5:80:
         5d:76:9b:15:2b:18:bd:4c:50:27:1c:b7:3c:f8:27:65:91:23:
         b7:66:5b:e6:06:1d:bd:73:b6:60:45:7d:90:98:ed:3c:aa:9b:
         02:c6:fd:da:47:bf:80:ea:7d:44:e0:a5:1d:f9:45:41:2e:49:
         2c:6d:dd:17:39:f3:15:d5:ab:00:18:87:cb:b7:04:e9:ae:9f:
         e1:48:86:eb:2c:19:38:76:58:f8:f4:cf:f0:65:85:58:78:0f:
         e0:d7:5e:8d:fa:3e:9a:c3:4d:4f:a8:f0:eb:e3:a8:9f:59:b2:
         c3:ac:ea:2c:45:e0:1e:b4:4e:46:ba:49:7b:12:13:4f:8f:cc:
         51:47:c1:24:d1:71:df:11:ae:97:8b:65:04:33:38:3e:2f:68:
         29:34:0c:92:bb:b9:4a:76:76:e3:64:d0:d9:46:8a:9e:41:c9:
         cd:8f:85:c4:2d:84:3a:ea:6b:77:c4:79:76:2a:8b:6c:51:8c:
         45:bc:dc:5d:99:75:42:50:55:fd:90:09:c6:e8:cb:08:ae:89:
         97:25:7a:11:b9:7a:d4:ab:c1:b8:c7:14:a9:1c:03:46:28:83:
         ad:6d:a2:fb:57:4b:33:47:82:7e:a5:fc:83:b8:43:6f:94:e4:
         77:46:9d:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfKEtqHRe9WV/AgyfrHc/JcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNzAyMDczODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODBmZDQ1MjU0NTYyZWMxNmRkYWRlNGQ2NzY2YzI4MzRlOGUzZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0D4etzkc0FaAI1v9e1LjshuWk4Ec
P0HgEIKr1Ga9MRlqmVhwHuIb9B4nYm1wU4aoFyp+5LbGtGZjJNS28PALQEPFogeJ
HVJcITKKqdaY70cs4iBSziZCiuohQKhqEWT+ebUI0PoIZCAHPKNLSWqHUOUU45h1
tm35YF9jkpO6wuDbfPHVFl28H0FCaw1JLfARpThcE7WJkKFSklkyI4vKlxa5aDWH
vh4Cs3yYOsiJ0Ne0fIv866ofjEgQDcjMCbi5ntojUG3q9DvmivgE0vqOjpfSVbIw
t9mICKhv4+K72MkyJB/yrkxAyxf7hr5hBPR33r5o5ichmFOEzpmLRq/i4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgP1FJUVi7BbdreTWdmwoNOjj9vMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEveUFfVVVsUldMc0Z0MnQ1TloyYkNnMDZPUDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU09MA0G
CSqGSIb3DQEBCwUAA4IBAQCHl1iMxwv83WXZ9cK2KhcZ5YBddpsVKxi9TFAnHLc8
+CdlkSO3ZlvmBh29c7ZgRX2QmO08qpsCxv3aR7+A6n1E4KUd+UVBLkksbd0XOfMV
1asAGIfLtwTprp/hSIbrLBk4dlj49M/wZYVYeA/g116N+j6aw01PqPDr46ifWbLD
rOosReAetE5Gukl7EhNPj8xRR8Ek0XHfEa6Xi2UEMzg+L2gpNAySu7lKdnbjZNDZ
RoqeQcnNj4XELYQ66mt3xHl2KotsUYxFvNxdmXVCUFX9kAnG6MsIromXJXoRuXrU
q8G4xxSpHANGKIOtbaL7V0szR4J+pfyDuENvlOR3Rp3w
-----END CERTIFICATE-----