Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/OQ80rGRz9hNKGxMZgB22AGbJeiE.roa
File:                     OQ80rGRz9hNKGxMZgB22AGbJeiE.roa (raw, json)
Hash identifier:          Ej3Qvh2szZTOhaYm81MADRDe7WSMHwgSROLc3kvxIfU=
Subject key identifier:   39:0F:34:AC:64:73:F6:13:4A:1B:13:19:80:1D:B6:00:66:C9:7A:21
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01900BA0A18C47D1B02C4C6AD5D52C0775E4
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/OQ80rGRz9hNKGxMZgB22AGbJeiE.roa
Signing time:             Wed 12 Jun 2024 08:46:34 +0000
ROA not before:           Wed 12 Jun 2024 08:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273822
IP address blocks:        201.77.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0b:a0:a1:8c:47:d1:b0:2c:4c:6a:d5:d5:2c:07:75:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jun 12 08:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=390f34ac6473f6134a1b1319801db60066c97a21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e6:fa:5a:be:df:70:91:ca:3d:e9:f4:86:f1:
                    c4:e5:cf:64:da:22:57:93:40:9e:7c:c9:b8:40:f9:
                    fa:cc:3f:74:dd:63:c4:b2:63:f2:70:15:7e:b8:3e:
                    81:99:b7:ee:7b:32:6d:c8:a7:eb:57:13:a5:a5:46:
                    2e:7c:08:bb:4c:92:e9:0b:d7:42:34:8b:be:5b:d1:
                    42:87:28:7e:fa:1f:5e:aa:90:7a:c2:ea:34:8c:e7:
                    b1:ce:70:f8:3e:50:af:93:13:f7:95:c4:c6:57:f2:
                    65:7e:bb:c7:f9:20:7c:ad:86:ea:af:bb:30:99:25:
                    86:a0:9f:ba:81:12:7b:ba:fb:9a:3e:a4:c9:c2:c9:
                    45:13:fd:cc:d6:20:cb:b6:b3:49:12:3d:27:b3:c3:
                    3b:89:2d:54:a9:f8:b1:6a:40:f0:62:a8:e4:96:e9:
                    37:7d:96:05:a7:fc:8b:bf:eb:de:4f:04:78:c0:76:
                    33:8b:fa:a8:12:c0:ac:a4:ad:c1:34:81:2c:66:aa:
                    f7:8f:b2:db:3a:ab:de:23:b0:5a:d3:32:f2:ca:68:
                    f7:63:fe:1d:2c:d2:af:90:36:de:8d:b4:6c:be:03:
                    1f:29:16:25:c6:ac:e8:d5:d0:d9:55:d3:f5:5f:32:
                    7a:d4:52:d9:01:05:7c:e6:ce:7f:92:51:31:6d:2a:
                    01:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:0F:34:AC:64:73:F6:13:4A:1B:13:19:80:1D:B6:00:66:C9:7A:21
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/OQ80rGRz9hNKGxMZgB22AGbJeiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:10:5d:76:51:ed:0a:3c:4f:6d:9d:38:5e:c1:20:85:0c:7a:
         8d:77:ee:09:e1:f6:2a:39:71:41:b8:93:c0:65:e0:2b:4a:f6:
         4e:ec:aa:53:f0:5d:03:f4:f3:b2:b5:d4:7c:2a:71:b9:a4:c3:
         df:6c:ef:3a:ce:a9:89:3b:b8:22:05:05:67:e5:5b:0f:8a:b3:
         63:a5:e9:f1:20:67:88:4a:4f:c9:81:25:b5:dd:62:ec:2d:fe:
         ba:14:71:98:a7:c9:11:1c:7e:82:7f:71:df:8e:c7:95:bc:54:
         a0:53:5a:e9:81:31:70:2f:e6:f8:fe:12:1f:61:9a:a0:b3:36:
         68:fe:df:65:f4:f2:25:d5:f0:96:2f:08:92:c7:7f:44:9d:5f:
         0a:f2:79:ce:12:2f:68:aa:0e:ee:cc:3a:ae:cd:91:95:23:82:
         f1:01:02:14:ab:34:2f:10:90:53:fd:b0:2c:c9:38:a6:15:f5:
         e6:e3:ab:3f:a5:97:5e:d9:ab:10:2d:77:13:0c:01:8d:3a:e7:
         04:29:3e:46:c4:6d:ea:15:3f:2e:b5:03:c5:0b:92:fa:d0:b0:
         28:89:d8:f3:72:30:d9:ca:86:de:de:8d:ab:e4:47:d5:1d:75:
         9a:18:ca:12:e0:dc:c5:d1:96:c5:3b:e8:54:09:91:e9:c9:f8:
         33:c0:bc:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZALoKGMR9GwLExq1dUsB3XkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNjEyMDg0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTBmMzRhYzY0NzNmNjEzNGExYjEzMTk4MDFkYjYwMDY2Yzk3YTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqub6Wr7fcJHKPen0hvHE5c9k2iJX
k0CefMm4QPn6zD903WPEsmPycBV+uD6BmbfuezJtyKfrVxOlpUYufAi7TJLpC9dC
NIu+W9FChyh++h9eqpB6wuo0jOexznD4PlCvkxP3lcTGV/JlfrvH+SB8rYbqr7sw
mSWGoJ+6gRJ7uvuaPqTJwslFE/3M1iDLtrNJEj0ns8M7iS1UqfixakDwYqjkluk3
fZYFp/yLv+veTwR4wHYzi/qoEsCspK3BNIEsZqr3j7LbOqveI7Ba0zLyymj3Y/4d
LNKvkDbejbRsvgMfKRYlxqzo1dDZVdP1XzJ61FLZAQV85s5/klExbSoBYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkPNKxkc/YTShsTGYAdtgBmyXohMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvT1E4MHJHUno5aE5LR3hNWmdCMjJBR2JKZWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU0zMA0G
CSqGSIb3DQEBCwUAA4IBAQA+EF12Ue0KPE9tnThewSCFDHqNd+4J4fYqOXFBuJPA
ZeArSvZO7KpT8F0D9POytdR8KnG5pMPfbO86zqmJO7giBQVn5VsPirNjpenxIGeI
Sk/JgSW13WLsLf66FHGYp8kRHH6Cf3HfjseVvFSgU1rpgTFwL+b4/hIfYZqgszZo
/t9l9PIl1fCWLwiSx39EnV8K8nnOEi9oqg7uzDquzZGVI4LxAQIUqzQvEJBT/bAs
yTimFfXm46s/pZde2asQLXcTDAGNOucEKT5GxG3qFT8utQPFC5L60LAoidjzcjDZ
yobe3o2r5EfVHXWaGMoS4NzF0ZbFO+hUCZHpyfgzwLwG
-----END CERTIFICATE-----