Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gSZdznT_y5hjQswrP9Tr6a58WeY.roa
File:                     gSZdznT_y5hjQswrP9Tr6a58WeY.roa (raw, json)
Hash identifier:          Rbk1ruMHee6eMSTzwyAV0FQ9vtkmyDbmtwJryhZMdXQ=
Subject key identifier:   81:26:5D:CE:74:FF:CB:98:63:42:CC:2B:3F:D4:EB:E9:AE:7C:59:E6
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0194274858527F4E0EA6C051550F01B259E6
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gSZdznT_y5hjQswrP9Tr6a58WeY.roa
Signing time:             Thu 02 Jan 2025 13:50:40 +0000
ROA not before:           Thu 02 Jan 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273888
IP address blocks:        201.77.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:58:52:7f:4e:0e:a6:c0:51:55:0f:01:b2:59:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81265dce74ffcb986342cc2b3fd4ebe9ae7c59e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d2:82:aa:88:e5:ae:7e:d8:80:aa:c1:cb:ff:
                    5b:3e:1e:47:8e:98:21:87:7b:78:b4:03:3a:0d:1d:
                    ec:0e:dc:1f:de:92:95:f2:a7:c4:2d:58:62:50:79:
                    6e:3f:83:6a:b5:8f:8f:8f:ec:2b:7e:13:70:e1:6f:
                    68:b0:de:3c:bf:34:a0:74:86:da:23:09:b7:c4:88:
                    2c:5f:0c:31:de:87:16:b1:93:56:6a:d0:c4:3a:b3:
                    9f:b6:87:8c:bc:e0:b5:43:c2:d4:6b:fe:85:8f:54:
                    dc:56:e8:3b:dd:6a:66:6b:3d:1e:85:39:df:d7:62:
                    e5:31:bd:61:da:41:99:7b:c6:c3:5b:b4:b9:6d:57:
                    f4:0c:ef:5f:08:c8:c3:bf:e7:a4:e5:12:57:f5:69:
                    29:a2:3f:25:8d:10:1a:fb:ae:9a:99:af:ce:4f:97:
                    fc:95:eb:e2:03:be:cf:88:d6:72:09:e2:eb:fe:85:
                    5f:c8:6d:42:0b:8d:be:3e:8a:31:a1:01:f4:d6:3f:
                    43:36:f6:49:19:74:c2:8d:83:30:86:48:37:8d:ce:
                    f1:c9:39:42:d5:21:a8:7a:0a:62:8e:57:62:08:bd:
                    c1:bd:89:b7:be:60:37:a7:88:aa:d3:dd:21:a4:0d:
                    cb:9d:24:2c:ca:d3:ea:5b:90:a2:98:b5:9c:59:15:
                    23:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:26:5D:CE:74:FF:CB:98:63:42:CC:2B:3F:D4:EB:E9:AE:7C:59:E6
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gSZdznT_y5hjQswrP9Tr6a58WeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:98:51:90:04:9a:b6:cd:11:4d:c1:bf:f4:a4:b7:19:0f:62:
         53:6c:3c:7f:d8:0f:2b:87:ea:3c:50:c7:26:9a:66:2b:88:b5:
         43:a0:8b:25:90:0b:a2:08:26:67:e0:ba:8d:2a:7d:13:b2:91:
         81:82:5f:f6:e1:ea:9b:95:b4:8a:7a:e9:a5:e8:7a:79:a6:9d:
         58:bc:99:fd:52:d3:f8:66:d6:91:78:80:75:c3:b2:4d:03:d9:
         25:1b:77:d9:fe:49:c0:93:4b:23:14:c4:17:cf:1a:3e:a3:17:
         b2:dd:c9:2c:20:bf:b0:dc:25:19:67:86:b2:d9:33:81:b9:d3:
         67:e6:31:26:e0:e2:8d:a1:4c:2f:07:16:c3:02:4f:da:20:6e:
         35:cc:da:1c:1e:b3:92:b1:8f:ad:f0:6a:3e:7a:20:5d:34:46:
         fe:4d:ba:af:59:1d:a1:01:3e:ae:2d:05:6f:9d:19:f1:02:ea:
         c3:8d:33:81:7c:28:4b:d0:ed:f2:4a:86:29:e3:9b:d4:c2:96:
         90:3c:99:58:48:55:ec:ce:0a:d5:f4:c5:fa:27:a8:ef:fe:72:
         12:be:79:89:78:c6:4b:96:e6:6d:9e:94:c4:10:7b:bb:97:46:
         8f:e3:eb:c2:44:6d:b9:ef:bc:96:d0:88:e5:46:fe:ef:79:50:
         11:b1:c4:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFhSf04OpsBRVQ8BslnmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTI2NWRjZTc0ZmZjYjk4NjM0MmNjMmIzZmQ0ZWJlOWFlN2M1OWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdKCqojlrn7YgKrBy/9bPh5Hjpgh
h3t4tAM6DR3sDtwf3pKV8qfELVhiUHluP4NqtY+Pj+wrfhNw4W9osN48vzSgdIba
Iwm3xIgsXwwx3ocWsZNWatDEOrOftoeMvOC1Q8LUa/6Fj1TcVug73Wpmaz0ehTnf
12LlMb1h2kGZe8bDW7S5bVf0DO9fCMjDv+ek5RJX9Wkpoj8ljRAa+66ama/OT5f8
leviA77PiNZyCeLr/oVfyG1CC42+PooxoQH01j9DNvZJGXTCjYMwhkg3jc7xyTlC
1SGoegpijldiCL3BvYm3vmA3p4iq090hpA3LnSQsytPqW5CimLWcWRUjcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEmXc50/8uYY0LMKz/U6+mufFnmMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZ1NaZHpuVF95NWhqUXN3clA5VHI2YTU4V2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU01MA0G
CSqGSIb3DQEBCwUAA4IBAQB6mFGQBJq2zRFNwb/0pLcZD2JTbDx/2A8rh+o8UMcm
mmYriLVDoIslkAuiCCZn4LqNKn0TspGBgl/24eqblbSKeuml6Hp5pp1YvJn9UtP4
ZtaReIB1w7JNA9klG3fZ/knAk0sjFMQXzxo+oxey3cksIL+w3CUZZ4ay2TOBudNn
5jEm4OKNoUwvBxbDAk/aIG41zNocHrOSsY+t8Go+eiBdNEb+TbqvWR2hAT6uLQVv
nRnxAurDjTOBfChL0O3ySoYp45vUwpaQPJlYSFXszgrV9MX6J6jv/nISvnmJeMZL
luZtnpTEEHu7l0aP4+vCRG2577yW0IjlRv7veVARscRh
-----END CERTIFICATE-----