Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/I5UK-VyL9S_aCG8r-kmMqLwOWeY.roa
File:                     I5UK-VyL9S_aCG8r-kmMqLwOWeY.roa (raw, json)
Hash identifier:          C9ysqAFpqsBQ4lR2WKtM3pduiVUv+mz/TM5ZzH58K1E=
Subject key identifier:   23:95:0A:F9:5C:8B:F5:2F:DA:08:6F:2B:FA:49:8C:A8:BC:0E:59:E6
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018D78E033915F40FACBF89451A012A83E5E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/I5UK-VyL9S_aCG8r-kmMqLwOWeY.roa
Signing time:             Mon 05 Feb 2024 10:46:15 +0000
ROA not before:           Mon 05 Feb 2024 10:46:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273171
IP address blocks:        201.77.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:e0:33:91:5f:40:fa:cb:f8:94:51:a0:12:a8:3e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Feb  5 10:46:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23950af95c8bf52fda086f2bfa498ca8bc0e59e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:86:c9:d6:ea:be:1b:97:22:9a:94:fd:de:3b:
                    35:97:ec:4e:d9:37:6f:e0:e1:1f:93:85:ed:97:35:
                    01:e0:f0:ae:95:59:e6:5a:00:fc:b3:84:6d:29:a4:
                    ad:e8:5d:b6:81:3d:6e:3a:72:2f:d2:78:fd:fe:3b:
                    36:96:09:8b:71:ab:0f:23:4d:89:c9:94:50:df:a0:
                    7b:f7:dc:e0:3d:73:6f:be:48:42:32:62:ef:b4:89:
                    01:68:2f:a6:e7:f2:bb:b4:02:0d:f2:d0:77:27:2a:
                    e8:32:3a:00:5d:e5:e0:44:63:a5:e9:b6:d8:67:48:
                    c8:f9:34:1f:da:9b:c4:6f:dc:28:5a:bb:b9:79:6c:
                    ee:a8:22:03:14:e4:4d:98:85:f7:fa:4c:3d:0f:03:
                    7e:58:f6:1d:7b:97:49:1d:81:c4:3f:f4:d7:37:c4:
                    55:dc:b4:69:8f:b5:33:f2:9f:cd:20:e9:62:d3:f5:
                    44:3f:30:da:47:81:77:74:61:ef:73:8b:d7:22:97:
                    99:b7:ea:d7:9e:6a:a0:03:79:21:7e:1b:c6:24:8d:
                    fc:60:3e:8f:fb:bf:e1:df:9a:36:ab:53:b4:24:12:
                    82:3d:0f:39:3e:55:fa:fb:14:60:30:39:58:db:c6:
                    76:d5:db:d2:3e:29:19:48:ea:75:b8:41:bb:40:73:
                    60:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:95:0A:F9:5C:8B:F5:2F:DA:08:6F:2B:FA:49:8C:A8:BC:0E:59:E6
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/I5UK-VyL9S_aCG8r-kmMqLwOWeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:13:8d:6d:15:ae:56:b1:63:92:61:74:06:fa:84:5c:42:ab:
         5d:09:81:c0:8a:47:c2:3e:bc:fc:7e:d1:17:58:17:56:3f:cf:
         ed:86:a5:8e:fb:53:a9:0a:f9:38:7b:56:e5:50:4a:07:13:18:
         97:1a:b6:39:f3:14:8d:95:7b:06:09:2f:d4:e2:88:dc:dc:f7:
         b4:e9:b4:a5:08:99:93:4c:d8:be:0d:0f:f8:eb:af:44:2b:10:
         14:db:67:01:fa:57:15:88:03:05:cd:1c:38:0e:5c:ee:fe:83:
         a6:16:eb:24:3c:9b:56:95:9d:6c:dd:c1:48:84:a6:40:33:10:
         cc:5d:23:88:4e:1c:73:ba:23:80:13:31:b1:c4:8e:f4:52:0c:
         af:5d:82:73:c7:db:9a:22:7d:b9:7d:1a:0c:2e:6a:65:3d:9b:
         41:b4:83:77:0b:c3:5f:81:86:c6:f6:54:30:29:e3:a0:89:71:
         05:20:79:ed:eb:bc:5b:0f:6e:d4:fe:33:44:d4:5e:3f:4f:3f:
         50:fe:84:81:5e:fc:43:af:8d:e4:0c:6b:86:44:7a:cf:00:64:
         a5:d7:15:ff:c8:82:71:e1:c7:8b:b1:3e:08:88:82:27:5f:fb:
         32:2c:11:b6:3e:2d:59:0b:19:cd:1b:19:8e:cf:e9:2e:04:c6:
         e4:8f:50:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY144DORX0D6y/iUUaASqD5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMjA1MTA0NjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzk1MGFmOTVjOGJmNTJmZGEwODZmMmJmYTQ5OGNhOGJjMGU1OWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYbJ1uq+G5cimpT93js1l+xO2Tdv
4OEfk4XtlzUB4PCulVnmWgD8s4RtKaSt6F22gT1uOnIv0nj9/js2lgmLcasPI02J
yZRQ36B799zgPXNvvkhCMmLvtIkBaC+m5/K7tAIN8tB3JyroMjoAXeXgRGOl6bbY
Z0jI+TQf2pvEb9woWru5eWzuqCIDFORNmIX3+kw9DwN+WPYde5dJHYHEP/TXN8RV
3LRpj7Uz8p/NIOli0/VEPzDaR4F3dGHvc4vXIpeZt+rXnmqgA3khfhvGJI38YD6P
+7/h35o2q1O0JBKCPQ85PlX6+xRgMDlY28Z21dvSPikZSOp1uEG7QHNgJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOVCvlci/Uv2ghvK/pJjKi8DlnmMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvSTVVSy1WeUw5U19hQ0c4ci1rbU1xTHdPV2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU0/MA0G
CSqGSIb3DQEBCwUAA4IBAQABE41tFa5WsWOSYXQG+oRcQqtdCYHAikfCPrz8ftEX
WBdWP8/thqWO+1OpCvk4e1blUEoHExiXGrY58xSNlXsGCS/U4ojc3Pe06bSlCJmT
TNi+DQ/4669EKxAU22cB+lcViAMFzRw4Dlzu/oOmFuskPJtWlZ1s3cFIhKZAMxDM
XSOIThxzuiOAEzGxxI70UgyvXYJzx9uaIn25fRoMLmplPZtBtIN3C8NfgYbG9lQw
KeOgiXEFIHnt67xbD27U/jNE1F4/Tz9Q/oSBXvxDr43kDGuGRHrPAGSl1xX/yIJx
4ceLsT4IiIInX/syLBG2Pi1ZCxnNGxmOz+kuBMbkj1Aa
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:25:56 2024 by rpki-client on console-ams.rpki-client.org