Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/eaysmdopJ4p7tYhN2HmMnW-E7qw.roa
File:                     eaysmdopJ4p7tYhN2HmMnW-E7qw.roa (raw, json)
Hash identifier:          LmvPt5/8ve40G9RvWgIXEnur+VxicS5u+gE4R6Kpcpo=
Subject key identifier:   79:AC:AC:99:DA:29:27:8A:7B:B5:88:4D:D8:79:8C:9D:6F:84:EE:AC
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1E7125BFF34B13EB17C667984223
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/eaysmdopJ4p7tYhN2HmMnW-E7qw.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     270214
IP address blocks:        201.77.56.0/24 maxlen: 24
                          91.109.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1e:71:25:bf:f3:4b:13:eb:17:c6:67:98:42:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79acac99da29278a7bb5884dd8798c9d6f84eeac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b0:7d:da:18:3c:75:33:ba:ea:6b:ca:84:1b:
                    f4:70:55:96:ec:4d:93:b2:5c:3d:55:98:f5:28:f2:
                    c2:a1:67:34:3a:ff:92:fd:3b:b8:c1:6f:90:75:8d:
                    e5:e6:6a:ab:54:37:0e:22:30:f0:0b:19:b4:c1:5c:
                    94:36:9e:93:e7:13:b5:c8:6d:fc:c1:b3:5b:e3:6a:
                    31:82:87:3f:2d:be:7e:10:5d:d4:ef:5f:9e:4a:9d:
                    a0:75:43:8c:41:d0:76:b3:4e:1c:c1:82:5f:c9:a1:
                    0c:a4:3d:58:1f:a8:c4:05:5e:71:8f:e3:24:9d:d3:
                    5b:b8:2b:4c:7c:14:c0:53:0d:8d:33:76:0b:14:6a:
                    ce:87:74:be:9a:10:32:94:d2:5f:9a:5d:80:99:4b:
                    6b:f9:c2:c3:f1:8d:03:77:00:16:82:d0:12:38:1a:
                    d0:6b:ee:a5:9d:2a:b3:66:51:cd:ab:2a:b9:63:37:
                    4a:45:47:ca:92:39:5f:76:d2:38:94:b4:43:c4:e8:
                    55:95:5d:07:ea:2f:85:4d:d5:05:82:89:75:fb:d3:
                    52:bf:0c:5c:32:e2:e9:e5:0c:0f:7a:d6:24:65:3b:
                    bd:5d:e5:65:9f:8b:48:4a:df:30:f5:7f:15:17:0b:
                    d9:70:1b:66:05:97:45:7a:4f:53:34:d9:4f:fe:ec:
                    18:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AC:AC:99:DA:29:27:8A:7B:B5:88:4D:D8:79:8C:9D:6F:84:EE:AC
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/eaysmdopJ4p7tYhN2HmMnW-E7qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.163.0/24
                  201.77.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:71:fd:ba:1b:5c:8c:bb:32:4f:68:b0:6a:1a:79:af:f4:6b:
         db:e3:0e:be:da:84:84:15:e6:16:49:c6:67:15:11:89:e7:66:
         c2:a9:33:dd:ad:42:e3:21:42:72:bd:7f:97:31:82:57:f9:a7:
         da:00:0b:a4:12:1d:9d:dd:e7:d0:8d:a3:b4:88:6e:4a:61:f0:
         38:28:ea:cf:28:b7:e7:38:9c:90:a4:be:37:58:98:b2:ca:66:
         25:90:24:49:bd:1f:7a:c0:f9:05:9a:65:53:19:b9:23:a9:44:
         59:fe:58:76:cd:04:fa:bc:29:ec:79:99:50:b4:50:16:35:7d:
         04:7e:54:48:18:5b:20:85:d7:4c:52:af:c1:e5:4e:ee:fa:49:
         48:4d:af:46:5a:c2:72:74:4f:e5:0b:83:e4:c5:81:d1:33:9c:
         51:ba:d1:ac:07:db:d8:62:6c:e5:a2:4a:d0:b1:58:6f:59:58:
         e3:7d:87:df:63:f8:b8:a6:47:12:3e:a8:25:bf:52:c0:1b:7a:
         07:05:94:51:54:bf:de:36:81:db:a4:b8:44:c8:12:87:b8:2e:
         2f:42:d0:61:fb:05:66:7a:78:16:c9:0c:b8:a6:15:c0:51:ba:
         29:6e:a4:e7:3c:dc:7a:9e:1b:f3:17:51:68:43:e7:32:7a:7b:
         17:98:b6:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbh5xJb/zSxPrF8ZnmEIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWFjYWM5OWRhMjkyNzhhN2JiNTg4NGRkODc5OGM5ZDZmODRlZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLB92hg8dTO66mvKhBv0cFWW7E2T
slw9VZj1KPLCoWc0Ov+S/Tu4wW+QdY3l5mqrVDcOIjDwCxm0wVyUNp6T5xO1yG38
wbNb42oxgoc/Lb5+EF3U71+eSp2gdUOMQdB2s04cwYJfyaEMpD1YH6jEBV5xj+Mk
ndNbuCtMfBTAUw2NM3YLFGrOh3S+mhAylNJfml2AmUtr+cLD8Y0DdwAWgtASOBrQ
a+6lnSqzZlHNqyq5YzdKRUfKkjlfdtI4lLRDxOhVlV0H6i+FTdUFgol1+9NSvwxc
MuLp5QwPetYkZTu9XeVln4tISt8w9X8VFwvZcBtmBZdFek9TNNlP/uwYBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHmsrJnaKSeKe7WITdh5jJ1vhO6sMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZWF5c21kb3BKNHA3dFloTjJIbU1uVy1FN3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW22jAwQA
yU04MA0GCSqGSIb3DQEBCwUAA4IBAQAWcf26G1yMuzJPaLBqGnmv9Gvb4w6+2oSE
FeYWScZnFRGJ52bCqTPdrULjIUJyvX+XMYJX+afaAAukEh2d3efQjaO0iG5KYfA4
KOrPKLfnOJyQpL43WJiyymYlkCRJvR96wPkFmmVTGbkjqURZ/lh2zQT6vCnseZlQ
tFAWNX0EflRIGFsghddMUq/B5U7u+klITa9GWsJydE/lC4PkxYHRM5xRutGsB9vY
YmzlokrQsVhvWVjjfYffY/i4pkcSPqglv1LAG3oHBZRRVL/eNoHbpLhEyBKHuC4v
QtBh+wVmengWyQy4phXAUbopbqTnPNx6nhvzF1FoQ+cyensXmLaG
-----END CERTIFICATE-----