Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/T_JHILSJt0HBaQXaIDRFjZP1bYc.roa
File:                     T_JHILSJt0HBaQXaIDRFjZP1bYc.roa (raw, json)
Hash identifier:          FuCvRQe50u9dZzLZ2UhV8uhan7D7x8Fkgnf+lBDMJzk=
Subject key identifier:   4F:F2:47:20:B4:89:B7:41:C1:69:05:DA:20:34:45:8D:93:F5:6D:87
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019593DED89E28CEDB17BB2367CEF2D04475
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/T_JHILSJt0HBaQXaIDRFjZP1bYc.roa
Signing time:             Fri 14 Mar 2025 08:56:49 +0000
ROA not before:           Fri 14 Mar 2025 08:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     270175
IP address blocks:        201.77.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:93:de:d8:9e:28:ce:db:17:bb:23:67:ce:f2:d0:44:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 14 08:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ff24720b489b741c16905da2034458d93f56d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:32:e8:16:ff:e4:b5:c7:a5:a5:d0:40:48:7c:
                    31:1b:91:bc:e3:1a:c9:ac:1c:2e:3f:10:4e:ab:3e:
                    06:7a:cb:2f:27:e7:bd:7e:d1:fa:e9:20:09:93:b7:
                    e2:b9:55:6a:6f:04:f3:6e:3b:44:6f:f0:2e:93:24:
                    4a:c2:d7:bb:38:78:13:31:b3:dd:ff:6b:52:a9:62:
                    ad:8c:d2:c6:8f:d9:e0:30:ef:24:f2:c2:94:4b:9e:
                    ee:6a:af:d8:2a:68:55:72:c9:8d:49:95:4b:fb:01:
                    c9:52:23:d7:98:7a:94:0f:bd:94:fe:b3:24:ce:6c:
                    6b:e8:60:a7:1b:00:3d:03:d9:5b:01:8c:3c:28:a0:
                    4e:f3:a5:15:47:44:c7:f0:b0:26:08:b5:bd:0e:14:
                    f0:80:6f:c3:10:56:b2:73:c6:c4:9a:f7:95:88:99:
                    b0:46:49:48:f5:9f:a0:4a:2d:f9:0d:fa:cb:40:e0:
                    1e:5b:a1:d5:c7:cf:21:25:d3:28:be:7a:33:ce:d1:
                    93:a6:d1:66:7c:21:83:bf:31:de:28:3d:e9:5a:a8:
                    5b:d8:3a:93:b4:80:ca:ad:78:32:97:bf:6c:52:31:
                    de:b2:3e:a1:20:62:f9:a0:fb:ad:50:d5:d8:ae:a4:
                    49:9e:60:d4:ca:84:2d:d1:3c:5f:2e:8c:9f:6b:dc:
                    ec:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F2:47:20:B4:89:B7:41:C1:69:05:DA:20:34:45:8D:93:F5:6D:87
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/T_JHILSJt0HBaQXaIDRFjZP1bYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:f4:81:ad:fe:08:25:8a:c8:39:9c:ae:c5:7d:67:4b:b7:24:
         e4:cc:0f:4b:aa:b4:e8:64:3a:77:f8:b4:10:15:74:0b:0a:fb:
         d3:1a:eb:45:b1:d3:d0:a9:62:8c:31:11:b1:35:47:f7:8f:98:
         a7:42:7c:d3:a4:d3:42:fc:23:01:f3:b6:ea:2a:be:ac:d1:fc:
         28:ca:08:57:09:39:72:c4:d0:7e:13:d6:c2:c5:e0:35:3e:61:
         c9:28:41:f8:de:24:0c:27:a3:7c:f6:c8:a9:4c:c2:29:ea:66:
         a7:8e:2a:42:ae:af:6f:e2:33:5c:17:87:bf:24:e0:a4:17:af:
         d4:f3:09:37:8d:30:ea:72:ff:ea:80:d7:c6:58:a5:74:b8:71:
         67:f6:fc:51:72:20:90:8d:66:9b:70:2d:3c:d0:15:3c:f4:9a:
         c1:a7:c7:b0:15:48:d9:40:5c:ae:27:b6:8f:d4:52:72:7d:ca:
         b2:75:7f:ad:30:9b:f7:1e:f2:b0:4f:82:ee:e1:39:e4:cd:36:
         29:3a:22:53:8c:c4:0e:be:bb:a9:83:0b:f1:b4:96:ad:67:0a:
         12:46:b0:4e:cb:84:ec:cd:6b:c0:eb:ae:ba:df:de:28:53:69:
         70:a5:0c:c8:09:a4:86:0b:39:42:d1:38:4c:89:46:30:e9:9f:
         28:78:5a:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWT3tieKM7bF7sjZ87y0ER1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMzE0MDg1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmYyNDcyMGI0ODliNzQxYzE2OTA1ZGEyMDM0NDU4ZDkzZjU2ZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozLoFv/ktcelpdBASHwxG5G84xrJ
rBwuPxBOqz4GessvJ+e9ftH66SAJk7fiuVVqbwTzbjtEb/AukyRKwte7OHgTMbPd
/2tSqWKtjNLGj9ngMO8k8sKUS57uaq/YKmhVcsmNSZVL+wHJUiPXmHqUD72U/rMk
zmxr6GCnGwA9A9lbAYw8KKBO86UVR0TH8LAmCLW9DhTwgG/DEFayc8bEmveViJmw
RklI9Z+gSi35DfrLQOAeW6HVx88hJdMovnozztGTptFmfCGDvzHeKD3pWqhb2DqT
tIDKrXgyl79sUjHesj6hIGL5oPutUNXYrqRJnmDUyoQt0TxfLoyfa9zsUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/yRyC0ibdBwWkF2iA0RY2T9W2HMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvVF9KSElMU0p0MEhCYVFYYUlEUkZqWlAxYlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU04MA0G
CSqGSIb3DQEBCwUAA4IBAQBL9IGt/gglisg5nK7FfWdLtyTkzA9LqrToZDp3+LQQ
FXQLCvvTGutFsdPQqWKMMRGxNUf3j5inQnzTpNNC/CMB87bqKr6s0fwoyghXCTly
xNB+E9bCxeA1PmHJKEH43iQMJ6N89sipTMIp6manjipCrq9v4jNcF4e/JOCkF6/U
8wk3jTDqcv/qgNfGWKV0uHFn9vxRciCQjWabcC080BU89JrBp8ewFUjZQFyuJ7aP
1FJyfcqydX+tMJv3HvKwT4Lu4TnkzTYpOiJTjMQOvrupgwvxtJatZwoSRrBOy4Ts
zWvA6666394oU2lwpQzICaSGCzlC0ThMiUYw6Z8oeFq0
-----END CERTIFICATE-----