Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ebHQLF5o2PMRyFYNYn9sqKu1nw8.roa
File:                     ebHQLF5o2PMRyFYNYn9sqKu1nw8.roa (raw, json)
Hash identifier:          OQvLpvJRXb5KG/wOQywhZmBx/Qml0ViyfeRDP4hW/hc=
Subject key identifier:   79:B1:D0:2C:5E:68:D8:F3:11:C8:56:0D:62:7F:6C:A8:AB:B5:9F:0F
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01944FACE87938A4E6CF220C7A1C37F9DCE8
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ebHQLF5o2PMRyFYNYn9sqKu1nw8.roa
Signing time:             Fri 10 Jan 2025 10:05:19 +0000
ROA not before:           Fri 10 Jan 2025 10:05:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273000
IP address blocks:        201.77.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4f:ac:e8:79:38:a4:e6:cf:22:0c:7a:1c:37:f9:dc:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan 10 10:05:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79b1d02c5e68d8f311c8560d627f6ca8abb59f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c3:99:db:a6:7d:cd:4d:2f:fd:fe:63:2f:83:
                    3f:04:aa:5d:bf:31:ed:f3:a8:bc:8f:c8:09:69:b2:
                    2a:85:ba:62:5f:0a:ef:b1:02:da:eb:99:7f:b0:78:
                    f0:3e:ec:a4:a5:e8:bb:5c:17:a9:cc:35:84:18:8c:
                    69:d0:1a:29:e6:52:a4:cb:0f:59:c6:a6:0f:f2:e2:
                    e2:e8:a3:35:27:cf:51:d9:71:31:9b:81:fb:76:f6:
                    33:93:f4:52:41:fa:df:47:c1:68:89:a2:af:c0:d3:
                    5c:29:3d:95:0d:20:26:e7:c0:69:f5:62:b4:1c:ec:
                    78:fb:7b:16:44:98:bd:63:01:80:58:8e:07:fc:83:
                    15:06:25:59:a1:c9:d0:5f:65:84:9b:85:c9:37:df:
                    51:a1:a1:54:9b:75:2a:2d:10:68:f2:3f:21:2d:e8:
                    72:58:69:57:70:a3:fe:f2:55:57:da:1c:4b:c0:5a:
                    b0:cd:f0:f0:3f:11:5c:72:e4:e3:4f:40:be:76:c8:
                    54:b9:67:71:09:7a:89:b8:d6:ea:db:3d:35:e8:8f:
                    60:fd:12:9e:99:8d:19:76:a2:d9:cf:0d:d3:8e:af:
                    e5:22:75:96:21:ee:be:00:5c:4a:38:91:66:9c:98:
                    28:aa:c8:f2:ca:9c:37:b0:e6:c2:24:31:74:84:29:
                    dc:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B1:D0:2C:5E:68:D8:F3:11:C8:56:0D:62:7F:6C:A8:AB:B5:9F:0F
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ebHQLF5o2PMRyFYNYn9sqKu1nw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:6a:89:65:70:09:01:0b:02:79:f0:8e:be:6b:b8:0b:f5:70:
         1b:d1:8b:85:7d:b3:31:fd:8c:52:16:6e:e6:e2:c9:d5:d2:cc:
         51:96:fe:e4:53:77:be:ce:5b:c4:8d:f1:27:ea:b3:b9:d3:94:
         f9:35:49:30:4e:3c:4b:d7:ea:32:85:4e:95:6c:8c:55:3a:6a:
         1c:06:d1:ef:20:12:1e:d1:5b:86:82:42:7a:a9:11:b4:b8:8c:
         df:0c:5b:b8:c7:8e:95:18:5c:fb:66:17:ad:54:b8:45:16:bf:
         6e:f4:a8:48:9f:26:17:be:89:31:a4:e4:bd:bc:d3:03:32:8c:
         9d:a2:d8:6a:5a:cf:53:6d:b4:9d:af:1a:c1:17:8e:f8:a7:e2:
         6c:79:99:38:cf:93:fc:3a:9c:84:17:2c:a6:22:a3:99:f2:e4:
         da:fd:15:33:31:d6:27:d6:84:e6:65:12:84:eb:68:01:a1:0f:
         bd:e8:8f:d3:e3:8a:f7:1f:92:1b:94:17:44:43:ea:5c:91:d2:
         c4:53:2d:38:9c:54:63:e6:69:8c:c1:c4:5f:a9:f4:93:fb:b5:
         31:82:c5:76:1c:db:f3:15:b7:19:b5:d0:59:65:81:cb:50:cd:
         ba:40:08:76:30:85:8e:63:8e:01:58:8f:33:6c:58:70:60:e0:
         31:2a:80:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRPrOh5OKTmzyIMehw3+dzoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTEwMTAwNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWIxZDAyYzVlNjhkOGYzMTFjODU2MGQ2MjdmNmNhOGFiYjU5ZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8OZ26Z9zU0v/f5jL4M/BKpdvzHt
86i8j8gJabIqhbpiXwrvsQLa65l/sHjwPuykpei7XBepzDWEGIxp0Bop5lKkyw9Z
xqYP8uLi6KM1J89R2XExm4H7dvYzk/RSQfrfR8FoiaKvwNNcKT2VDSAm58Bp9WK0
HOx4+3sWRJi9YwGAWI4H/IMVBiVZocnQX2WEm4XJN99RoaFUm3UqLRBo8j8hLehy
WGlXcKP+8lVX2hxLwFqwzfDwPxFccuTjT0C+dshUuWdxCXqJuNbq2z016I9g/RKe
mY0ZdqLZzw3Tjq/lInWWIe6+AFxKOJFmnJgoqsjyypw3sObCJDF0hCnc9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmx0CxeaNjzEchWDWJ/bKirtZ8PMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZWJIUUxGNW8yUE1SeUZZTlluOXNxS3Uxbnc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU0wMA0G
CSqGSIb3DQEBCwUAA4IBAQBBaollcAkBCwJ58I6+a7gL9XAb0YuFfbMx/YxSFm7m
4snV0sxRlv7kU3e+zlvEjfEn6rO505T5NUkwTjxL1+oyhU6VbIxVOmocBtHvIBIe
0VuGgkJ6qRG0uIzfDFu4x46VGFz7ZhetVLhFFr9u9KhInyYXvokxpOS9vNMDMoyd
othqWs9TbbSdrxrBF474p+JseZk4z5P8OpyEFyymIqOZ8uTa/RUzMdYn1oTmZRKE
62gBoQ+96I/T44r3H5IblBdEQ+pckdLEUy04nFRj5mmMwcRfqfST+7UxgsV2HNvz
FbcZtdBZZYHLUM26QAh2MIWOY44BWI8zbFhwYOAxKoDG
-----END CERTIFICATE-----