Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/HEl0mCtVG0h2h57a9gyCcDunhnU.roa
File:                     HEl0mCtVG0h2h57a9gyCcDunhnU.roa (raw, json)
Hash identifier:          1Ueazms+7Wv2de26NHj9KKwZc+MjLnF2P81PKwOiRXU=
Subject key identifier:   1C:49:74:98:2B:55:1B:48:76:87:9E:DA:F6:0C:82:70:3B:A7:86:75
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0197259E85BF8580F2938D899A15D3AE3D6E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/HEl0mCtVG0h2h57a9gyCcDunhnU.roa
Signing time:             Sat 31 May 2025 09:13:55 +0000
ROA not before:           Sat 31 May 2025 09:13:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273192
IP address blocks:        201.77.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:25:9e:85:bf:85:80:f2:93:8d:89:9a:15:d3:ae:3d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 31 09:13:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c4974982b551b4876879edaf60c82703ba78675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:19:c7:75:c6:9b:1d:e5:d6:71:43:97:c0:92:
                    c8:38:7f:2a:c2:ec:9d:8e:da:bb:b4:5a:f3:ef:ed:
                    f9:c5:15:62:84:1f:41:03:72:d2:a6:d0:e9:10:68:
                    e2:b6:c6:e5:63:6a:ad:56:d2:ed:42:9d:48:09:cd:
                    bd:fd:7e:57:c2:19:06:e2:98:c1:fa:9d:e7:42:a0:
                    8a:4e:bb:44:52:46:2c:42:ff:25:02:19:c1:01:48:
                    63:f1:05:7c:6f:12:37:7b:4e:eb:5a:98:3f:0f:7d:
                    86:91:12:bb:2f:4b:2f:6b:48:5d:5f:df:52:41:68:
                    e4:e4:85:e0:30:89:eb:e7:fd:13:c8:40:9d:2a:aa:
                    ab:4d:11:20:8e:dd:1c:40:3c:b6:11:6d:1d:c8:44:
                    75:04:ba:4d:9c:52:d2:c5:40:6f:1b:6e:10:4b:7d:
                    d4:e2:9f:4d:04:6c:90:40:16:b1:95:fc:88:2b:4f:
                    6c:e1:81:48:40:73:c6:d4:aa:e0:b3:1e:04:76:00:
                    4d:a1:67:30:4a:8f:b7:45:1a:60:a9:6d:d9:90:2f:
                    45:8f:6a:81:30:59:f1:d9:4a:33:06:9e:54:13:86:
                    b1:71:89:33:88:84:64:c4:bf:da:80:e3:06:a4:b4:
                    e8:69:aa:c1:39:fd:04:15:51:49:91:64:99:c9:c1:
                    44:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:49:74:98:2B:55:1B:48:76:87:9E:DA:F6:0C:82:70:3B:A7:86:75
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/HEl0mCtVG0h2h57a9gyCcDunhnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:8b:e4:d5:b4:42:f8:44:1e:26:f4:cb:b3:7c:05:76:66:52:
         c9:64:01:77:96:35:98:e9:b6:74:4a:a3:42:31:6d:34:95:29:
         f6:7b:f1:da:16:f1:eb:60:36:fc:ea:a5:cb:d1:2b:8b:2c:5a:
         39:2c:a7:ea:63:bb:07:30:4e:13:69:a9:c0:31:fe:11:78:ab:
         96:38:64:d5:ca:3f:75:62:a2:51:4e:23:b4:7e:64:62:a1:a9:
         57:0b:a6:24:60:d8:d1:27:0c:d7:97:a4:8b:f2:69:30:75:6f:
         07:fa:4e:00:ec:6e:f7:75:e2:d2:21:57:4c:5b:1c:4e:c7:82:
         f4:d4:a6:f6:b1:ec:02:45:cf:f2:fe:dc:5a:61:ef:4a:bc:9a:
         30:cd:ea:44:d6:a5:11:1a:18:ef:5f:9c:6d:75:e0:9a:bc:81:
         15:69:49:7c:ad:72:ae:cf:e2:e1:bb:a0:46:7a:50:c5:48:0f:
         e6:cf:c3:e4:c2:eb:ae:a3:81:37:38:d5:f4:f7:15:31:88:ae:
         04:15:b6:31:78:ac:28:3c:97:6c:b0:d0:86:e4:ee:1b:5c:76:
         d1:62:b0:a4:d8:9f:7d:ae:60:54:67:16:72:78:43:f6:1f:41:
         10:28:3a:43:b1:70:0b:8f:ff:16:d3:a5:dc:21:f9:36:0e:e7:
         90:fa:12:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZclnoW/hYDyk42JmhXTrj1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNTMxMDkxMzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQ5NzQ5ODJiNTUxYjQ4NzY4NzllZGFmNjBjODI3MDNiYTc4Njc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BnHdcabHeXWcUOXwJLIOH8qwuyd
jtq7tFrz7+35xRVihB9BA3LSptDpEGjitsblY2qtVtLtQp1ICc29/X5XwhkG4pjB
+p3nQqCKTrtEUkYsQv8lAhnBAUhj8QV8bxI3e07rWpg/D32GkRK7L0sva0hdX99S
QWjk5IXgMInr5/0TyECdKqqrTREgjt0cQDy2EW0dyER1BLpNnFLSxUBvG24QS33U
4p9NBGyQQBaxlfyIK09s4YFIQHPG1Krgsx4EdgBNoWcwSo+3RRpgqW3ZkC9Fj2qB
MFnx2UozBp5UE4axcYkziIRkxL/agOMGpLToaarBOf0EFVFJkWSZycFE6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxJdJgrVRtIdoee2vYMgnA7p4Z1MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvSEVsMG1DdFZHMGgyaDU3YTlneUNjRHVuaG5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU0xMA0G
CSqGSIb3DQEBCwUAA4IBAQDDi+TVtEL4RB4m9MuzfAV2ZlLJZAF3ljWY6bZ0SqNC
MW00lSn2e/HaFvHrYDb86qXL0SuLLFo5LKfqY7sHME4TaanAMf4ReKuWOGTVyj91
YqJRTiO0fmRioalXC6YkYNjRJwzXl6SL8mkwdW8H+k4A7G73deLSIVdMWxxOx4L0
1Kb2sewCRc/y/txaYe9KvJowzepE1qURGhjvX5xtdeCavIEVaUl8rXKuz+Lhu6BG
elDFSA/mz8Pkwuuuo4E3ONX09xUxiK4EFbYxeKwoPJdssNCG5O4bXHbRYrCk2J99
rmBUZxZyeEP2H0EQKDpDsXALj/8W06XcIfk2DueQ+hKW
-----END CERTIFICATE-----