Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/d1h3AwXSjU2mHOmdcVUT8ufWcx4.roa
File:                     d1h3AwXSjU2mHOmdcVUT8ufWcx4.roa (raw, json)
Hash identifier:          sb+o2EdjTYFv5wO+JVCeIsiETn718yBChsD8yenzPlQ=
Subject key identifier:   77:58:77:03:05:D2:8D:4D:A6:1C:E9:9D:71:55:13:F2:E7:D6:73:1E
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CF9A3F3EBE4B8DECCC5324E79F8811326
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/d1h3AwXSjU2mHOmdcVUT8ufWcx4.roa
Signing time:             Thu 11 Jan 2024 17:48:40 +0000
ROA not before:           Thu 11 Jan 2024 17:48:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273123
IP address blocks:        201.77.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f9:a3:f3:eb:e4:b8:de:cc:c5:32:4e:79:f8:81:13:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan 11 17:48:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7758770305d28d4da61ce99d715513f2e7d6731e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:45:d6:77:cc:57:a6:cc:e4:60:a3:d2:39:cb:
                    10:d4:6b:e9:9a:0f:b2:2a:0b:2c:be:b9:d2:13:b6:
                    67:ba:14:a3:0a:d5:df:96:a5:70:47:6a:9f:9b:29:
                    27:16:76:49:ac:0e:ed:b0:d0:d0:59:d3:b7:7a:a0:
                    f7:67:ef:3d:05:ce:d4:a6:90:92:ba:a1:5d:67:d9:
                    a1:39:41:e0:4d:b7:f7:0e:19:08:cf:61:30:3f:8a:
                    ea:ff:0a:fe:38:e0:22:96:51:9c:8e:99:31:7b:4a:
                    b9:9a:10:b8:6b:1b:56:c4:d8:d1:16:5c:03:54:58:
                    d7:84:56:47:98:95:8e:04:9d:c5:b7:7e:13:37:c0:
                    1b:17:73:25:ea:9b:3f:c2:21:e2:76:67:d9:7d:0e:
                    25:68:c0:14:51:49:48:ea:a3:ec:4d:a9:48:d1:cc:
                    b3:d2:88:39:d5:f0:61:b1:71:c8:c0:33:fd:15:12:
                    68:17:c2:16:57:4b:05:44:f7:88:74:a9:0f:35:7b:
                    d7:eb:54:75:42:01:9e:05:7f:37:37:d5:b5:78:d5:
                    49:b7:d3:17:ce:1a:71:fb:fc:c0:cc:7c:d5:43:f0:
                    ce:15:c1:e9:23:3a:04:23:a9:3a:79:c4:5b:30:4a:
                    a0:e6:fa:75:4e:d1:e4:16:4d:eb:7e:7e:d6:b8:57:
                    e1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:58:77:03:05:D2:8D:4D:A6:1C:E9:9D:71:55:13:F2:E7:D6:73:1E
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/d1h3AwXSjU2mHOmdcVUT8ufWcx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:e0:45:8a:48:81:d1:14:06:77:b6:cc:38:97:ac:14:ac:5d:
         33:cb:b4:2f:d2:dd:5d:b8:9e:2d:3d:3a:cb:b4:b2:50:a2:32:
         21:e4:b3:45:4a:95:c9:4a:81:bb:e3:f5:79:1f:30:f2:96:28:
         bd:62:54:3f:49:c9:01:7e:5d:e2:b7:24:20:05:26:f5:a8:06:
         f8:19:20:c5:0d:01:ef:e5:34:00:70:8b:a2:2e:ef:9a:a1:9b:
         9a:f9:29:62:c1:b9:99:79:b6:42:af:a5:d5:5c:73:5f:12:41:
         b2:cb:2b:17:bf:68:5d:e0:68:39:06:a5:13:a9:45:04:93:7b:
         47:1a:66:45:d2:6a:38:b0:09:ed:18:73:bf:d5:12:74:b6:f8:
         15:d0:6e:10:01:9f:81:2d:a6:e1:32:b1:f0:67:af:e6:8e:b9:
         dd:31:a3:00:8c:87:29:47:56:92:91:9c:e5:67:55:5f:e6:0d:
         f6:d0:c0:55:51:01:50:2a:f9:42:2d:4c:08:9f:75:4f:5a:59:
         71:85:73:3d:42:8e:3c:ac:c9:39:32:16:fc:a3:8c:7d:e0:57:
         16:3b:14:3d:c4:07:48:49:c3:b8:fc:fd:bb:4c:b4:61:3f:21:
         82:01:1c:2e:94:fb:63:34:b8:de:24:24:d7:77:72:5f:c9:e9:
         1d:b9:13:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz5o/Pr5LjezMUyTnn4gRMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTExMTc0ODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzU4NzcwMzA1ZDI4ZDRkYTYxY2U5OWQ3MTU1MTNmMmU3ZDY3MzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEXWd8xXpszkYKPSOcsQ1Gvpmg+y
KgssvrnSE7ZnuhSjCtXflqVwR2qfmyknFnZJrA7tsNDQWdO3eqD3Z+89Bc7UppCS
uqFdZ9mhOUHgTbf3DhkIz2EwP4rq/wr+OOAillGcjpkxe0q5mhC4axtWxNjRFlwD
VFjXhFZHmJWOBJ3Ft34TN8AbF3Ml6ps/wiHidmfZfQ4laMAUUUlI6qPsTalI0cyz
0og51fBhsXHIwDP9FRJoF8IWV0sFRPeIdKkPNXvX61R1QgGeBX83N9W1eNVJt9MX
zhpx+/zAzHzVQ/DOFcHpIzoEI6k6ecRbMEqg5vp1TtHkFk3rfn7WuFfhnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdYdwMF0o1NphzpnXFVE/Ln1nMeMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZDFoM0F3WFNqVTJtSE9tZGNWVVQ4dWZXY3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU05MA0G
CSqGSIb3DQEBCwUAA4IBAQAH4EWKSIHRFAZ3tsw4l6wUrF0zy7Qv0t1duJ4tPTrL
tLJQojIh5LNFSpXJSoG74/V5HzDylii9YlQ/SckBfl3ityQgBSb1qAb4GSDFDQHv
5TQAcIuiLu+aoZua+SliwbmZebZCr6XVXHNfEkGyyysXv2hd4Gg5BqUTqUUEk3tH
GmZF0mo4sAntGHO/1RJ0tvgV0G4QAZ+BLabhMrHwZ6/mjrndMaMAjIcpR1aSkZzl
Z1Vf5g320MBVUQFQKvlCLUwIn3VPWllxhXM9Qo48rMk5Mhb8o4x94FcWOxQ9xAdI
ScO4/P27TLRhPyGCARwulPtjNLjeJCTXd3JfyekduRPI
-----END CERTIFICATE-----