Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/_doWYD4xZMgrrfH5Qoh5KK8i-Ac.roa
File:                     _doWYD4xZMgrrfH5Qoh5KK8i-Ac.roa (raw, json)
Hash identifier:          YkyB7Lu+Q+/Xs0JmuxLViP+KYK85d1bKVuvgKOeMPss=
Subject key identifier:   FD:DA:16:60:3E:31:64:C8:2B:AD:F1:F9:42:88:79:28:AF:22:F8:07
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01942748578102A39F270F873F2955963114
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/_doWYD4xZMgrrfH5Qoh5KK8i-Ac.roa
Signing time:             Thu 02 Jan 2025 13:50:39 +0000
ROA not before:           Thu 02 Jan 2025 13:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273822
IP address blocks:        201.77.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:57:81:02:a3:9f:27:0f:87:3f:29:55:96:31:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdda16603e3164c82badf1f942887928af22f807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:92:d9:25:35:e0:b4:86:f3:90:96:85:8c:c5:
                    88:3f:98:db:d5:0a:16:3a:dd:2f:02:ed:53:6b:c2:
                    33:0a:70:93:bd:1e:33:c9:a6:07:e7:2b:ed:1b:44:
                    e6:19:b4:27:b3:14:cd:04:10:9c:2d:23:1b:cf:5d:
                    79:74:e9:b7:6b:30:45:b0:6b:f9:22:aa:a0:85:4b:
                    b6:a7:ca:f0:23:7a:81:d6:dc:12:68:7b:0a:d6:dd:
                    8c:96:f6:b7:b7:4f:52:92:91:54:68:71:3d:0e:ee:
                    38:06:82:b0:ea:f7:f2:ad:47:11:8b:d5:c7:7c:7a:
                    0b:a2:5d:65:dd:12:f0:e0:ed:f0:88:a6:81:cc:02:
                    09:fb:23:00:9c:d2:e0:d3:9c:47:ed:11:23:fc:50:
                    67:8f:ab:5e:df:71:f5:12:27:be:1d:66:ea:b2:ff:
                    e6:10:78:f6:e0:29:5e:b3:d2:6f:25:f5:87:29:5e:
                    55:ff:f4:19:fe:96:33:26:63:b7:37:e9:7a:f3:de:
                    5f:db:41:c1:11:10:df:97:4c:62:68:e3:cf:d5:c7:
                    44:e3:16:de:ab:eb:00:ef:7b:ee:65:42:6c:bb:1c:
                    35:91:64:92:ce:6b:b9:e4:65:8a:08:44:38:ca:63:
                    2d:17:c0:32:49:d7:83:a5:46:d5:1e:5e:a5:00:2d:
                    f3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:DA:16:60:3E:31:64:C8:2B:AD:F1:F9:42:88:79:28:AF:22:F8:07
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/_doWYD4xZMgrrfH5Qoh5KK8i-Ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:65:c7:a9:35:90:49:bd:b3:4e:19:1e:3c:ef:78:45:8e:1f:
         f6:66:d5:53:67:8c:3d:15:2e:38:91:c2:ab:42:17:e0:0c:4b:
         bc:8f:47:ff:6b:f9:78:ac:e7:4e:f6:16:7b:8b:2f:4d:23:37:
         7c:1b:b9:08:c8:e2:db:f7:84:3e:bd:3b:ad:cf:e6:14:fb:9e:
         df:4d:fb:32:45:0e:46:0d:01:65:3a:69:55:3e:4f:e9:74:25:
         ac:b0:59:6e:8c:5c:d2:37:39:7e:41:04:87:b6:9e:30:be:18:
         2a:08:11:45:e3:58:aa:61:1c:d7:bf:ce:62:70:3f:73:71:3a:
         04:49:35:1d:d6:fc:e9:44:66:58:e9:ed:3a:c0:4e:82:85:57:
         f4:d7:f0:8f:92:dc:f7:77:0b:b0:2b:ec:ee:1a:e6:14:4f:44:
         eb:8b:54:7f:0b:17:f1:d9:ea:7a:b4:f7:81:23:c4:ce:1f:8f:
         fe:5b:4d:45:49:b2:bd:71:ab:97:f6:c6:2f:09:59:46:3e:f3:
         d3:25:2f:e4:9f:9c:af:e2:fa:90:ef:bb:db:ff:26:1b:f0:19:
         af:21:b1:34:8e:28:48:64:34:fb:3b:a6:64:5e:59:e7:c6:04:
         a2:0b:0a:49:5b:ac:4f:6f:57:68:4a:48:30:2a:3a:1c:c1:54:
         fa:88:d4:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFeBAqOfJw+HPylVljEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGRhMTY2MDNlMzE2NGM4MmJhZGYxZjk0Mjg4NzkyOGFmMjJmODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JLZJTXgtIbzkJaFjMWIP5jb1QoW
Ot0vAu1Ta8IzCnCTvR4zyaYH5yvtG0TmGbQnsxTNBBCcLSMbz115dOm3azBFsGv5
IqqghUu2p8rwI3qB1twSaHsK1t2Mlva3t09SkpFUaHE9Du44BoKw6vfyrUcRi9XH
fHoLol1l3RLw4O3wiKaBzAIJ+yMAnNLg05xH7REj/FBnj6te33H1Eie+HWbqsv/m
EHj24Cles9JvJfWHKV5V//QZ/pYzJmO3N+l6895f20HBERDfl0xiaOPP1cdE4xbe
q+sA73vuZUJsuxw1kWSSzmu55GWKCEQ4ymMtF8AySdeDpUbVHl6lAC3zQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3aFmA+MWTIK63x+UKIeSivIvgHMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvX2RvV1lENHhaTWdycmZINVFvaDVLSzhpLUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU0zMA0G
CSqGSIb3DQEBCwUAA4IBAQDNZcepNZBJvbNOGR4873hFjh/2ZtVTZ4w9FS44kcKr
QhfgDEu8j0f/a/l4rOdO9hZ7iy9NIzd8G7kIyOLb94Q+vTutz+YU+57fTfsyRQ5G
DQFlOmlVPk/pdCWssFlujFzSNzl+QQSHtp4wvhgqCBFF41iqYRzXv85icD9zcToE
STUd1vzpRGZY6e06wE6ChVf01/CPktz3dwuwK+zuGuYUT0Tri1R/Cxfx2ep6tPeB
I8TOH4/+W01FSbK9cauX9sYvCVlGPvPTJS/kn5yv4vqQ77vb/yYb8BmvIbE0jihI
ZDT7O6ZkXlnnxgSiCwpJW6xPb1doSkgwKjocwVT6iNTL
-----END CERTIFICATE-----