Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sSpPYlx_AgurwVntvrAj7fT4fHA.roa
File:                     sSpPYlx_AgurwVntvrAj7fT4fHA.roa (raw, json)
Hash identifier:          E7okEXyJH25c5jcT5KYImpeK2k7Z34qfpQXU94eCUco=
Subject key identifier:   B1:2A:4F:62:5C:7F:02:0B:AB:C1:59:ED:BE:B0:23:ED:F4:F8:7C:70
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01928E9B8DC1352D5A91E05FCC1C1FCFBA01
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sSpPYlx_AgurwVntvrAj7fT4fHA.roa
Signing time:             Tue 15 Oct 2024 05:16:51 +0000
ROA not before:           Tue 15 Oct 2024 05:16:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28064
IP address blocks:        201.77.50.0/24 maxlen: 24
                          201.77.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8e:9b:8d:c1:35:2d:5a:91:e0:5f:cc:1c:1f:cf:ba:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct 15 05:16:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b12a4f625c7f020babc159edbeb023edf4f87c70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fe:b3:fd:ed:14:6b:81:a8:31:53:c6:f8:93:
                    f0:56:10:72:ab:2e:f9:85:66:bc:ef:37:b9:20:54:
                    a8:fe:c6:5b:18:e6:97:aa:ad:61:3d:77:c9:e2:e5:
                    fb:4b:b6:ef:19:3b:97:68:f0:03:ee:21:80:90:2d:
                    9d:12:0f:c1:c2:e4:14:36:2a:33:16:09:86:4d:88:
                    88:dd:56:9d:29:b4:86:9a:26:ef:10:7f:41:54:3c:
                    db:11:59:a9:77:73:59:1d:43:e9:9d:0b:be:83:e3:
                    7c:6c:69:cb:61:84:d5:62:dd:ad:6a:54:57:f8:e1:
                    b3:22:09:58:6f:04:2c:cf:5c:3a:df:47:81:c4:58:
                    6f:59:a7:b4:62:d5:35:1f:5e:fe:5b:fe:12:fd:51:
                    4a:1f:2e:44:e3:34:45:a3:31:16:19:67:8c:6a:3c:
                    c6:3c:9c:90:1d:a7:f3:3e:58:c2:3c:25:bb:44:ef:
                    83:36:37:46:53:f2:ec:00:fe:69:c2:ea:cb:10:82:
                    62:9f:f6:34:44:7f:03:a7:26:0a:b0:ce:49:32:8b:
                    89:85:79:c7:74:e2:aa:69:a9:e6:18:67:f0:54:3c:
                    fb:6c:f8:30:ec:25:4f:ce:e5:e4:fa:cb:30:a9:25:
                    02:79:f1:a4:0e:8f:5d:ae:0a:8c:e8:81:31:cd:29:
                    0f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2A:4F:62:5C:7F:02:0B:AB:C1:59:ED:BE:B0:23:ED:F4:F8:7C:70
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sSpPYlx_AgurwVntvrAj7fT4fHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.50.0/24
                  201.77.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:06:2b:da:5a:62:52:74:92:8e:a1:f9:72:6e:a6:e0:b0:c9:
         08:f4:29:47:e2:03:ef:67:98:29:e6:01:ce:59:2c:db:09:b1:
         2e:ca:dd:22:96:b1:d8:47:5f:d7:ab:c8:87:b4:fc:37:1e:05:
         a7:c1:17:f1:a0:6a:df:b2:20:1e:f4:1f:96:d9:6b:83:ac:d6:
         b0:c8:b7:d3:84:64:47:cd:21:b6:99:ca:6b:00:86:de:47:37:
         6a:fe:69:e2:ea:f5:a8:db:b3:82:54:a7:e9:25:bd:dc:72:56:
         24:fd:b6:10:17:6d:56:66:fa:ef:cd:c7:7a:f3:c4:37:15:82:
         ab:fd:95:de:25:8f:5d:55:a3:1c:5b:71:92:46:63:05:9e:9a:
         c1:4f:64:2d:ac:6a:e2:0d:e3:02:e6:ea:6c:02:f7:01:2d:63:
         ff:bc:89:c4:ee:02:96:62:ad:9b:d0:98:cf:75:b8:69:95:bd:
         27:2f:1f:e1:1f:fe:85:c4:59:f0:48:af:f5:73:8f:dc:10:2e:
         1f:6e:5b:98:77:47:f5:b8:1e:ce:0f:67:1f:e6:89:af:c1:ce:
         52:e1:63:82:b5:41:81:25:61:8e:54:f5:8c:91:ff:08:c2:a5:
         ae:74:3a:90:14:a6:1f:b6:9c:f9:92:a6:2a:bb:ec:53:7e:68:
         af:50:28:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKOm43BNS1akeBfzBwfz7oBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQxMDE1MDUxNjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTJhNGY2MjVjN2YwMjBiYWJjMTU5ZWRiZWIwMjNlZGY0Zjg3YzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/6z/e0Ua4GoMVPG+JPwVhByqy75
hWa87ze5IFSo/sZbGOaXqq1hPXfJ4uX7S7bvGTuXaPAD7iGAkC2dEg/BwuQUNioz
FgmGTYiI3VadKbSGmibvEH9BVDzbEVmpd3NZHUPpnQu+g+N8bGnLYYTVYt2talRX
+OGzIglYbwQsz1w630eBxFhvWae0YtU1H17+W/4S/VFKHy5E4zRFozEWGWeMajzG
PJyQHafzPljCPCW7RO+DNjdGU/LsAP5pwurLEIJin/Y0RH8DpyYKsM5JMouJhXnH
dOKqaanmGGfwVDz7bPgw7CVPzuXk+sswqSUCefGkDo9drgqM6IExzSkPHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLEqT2JcfwILq8FZ7b6wI+30+HxwMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvc1NwUFlseF9BZ3Vyd1ZudHZyQWo3ZlQ0ZkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAyU0yAwQA
yU00MA0GCSqGSIb3DQEBCwUAA4IBAQDFBivaWmJSdJKOoflybqbgsMkI9ClH4gPv
Z5gp5gHOWSzbCbEuyt0ilrHYR1/Xq8iHtPw3HgWnwRfxoGrfsiAe9B+W2WuDrNaw
yLfThGRHzSG2mcprAIbeRzdq/mni6vWo27OCVKfpJb3cclYk/bYQF21WZvrvzcd6
88Q3FYKr/ZXeJY9dVaMcW3GSRmMFnprBT2QtrGriDeMC5upsAvcBLWP/vInE7gKW
Yq2b0JjPdbhplb0nLx/hH/6FxFnwSK/1c4/cEC4fbluYd0f1uB7OD2cf5omvwc5S
4WOCtUGBJWGOVPWMkf8IwqWudDqQFKYftpz5kqYqu+xTfmivUCic
-----END CERTIFICATE-----