Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/xRSH_euACmPeK6muA5VkjxlzZN8.roa
File:                     xRSH_euACmPeK6muA5VkjxlzZN8.roa (raw, json)
Hash identifier:          bYyIBii11snb2QXgc4q5ILXwfEWbrgf3+JG+rE2+hVY=
Subject key identifier:   C5:14:87:FD:EB:80:0A:63:DE:2B:A9:AE:03:95:64:8F:19:73:64:DF
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0CB4246CCE35AEAF76633D941750
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/xRSH_euACmPeK6muA5VkjxlzZN8.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28064
IP address blocks:        201.77.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0c:b4:24:6c:ce:35:ae:af:76:63:3d:94:17:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c51487fdeb800a63de2ba9ae0395648f197364df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:73:ca:d1:bf:9d:0d:db:2f:2f:c2:7d:81:98:
                    2b:6c:3c:c5:a6:43:11:04:7e:5d:18:a2:94:e9:a4:
                    7a:91:58:e9:49:86:1c:1f:77:5f:f2:3a:36:59:48:
                    c3:4b:d0:db:7b:cc:93:6e:32:3d:01:61:00:ae:f3:
                    ff:39:49:e2:0c:52:ab:b8:da:dc:40:78:45:9f:77:
                    19:32:a4:f4:a9:b7:2a:89:6f:3d:c2:1b:5e:18:f5:
                    4b:34:03:53:a1:fa:55:a0:9b:f0:5c:2e:e2:dc:43:
                    22:77:7e:c1:66:a8:7b:1d:f7:dc:28:65:02:da:0d:
                    6c:5b:be:ae:30:64:ad:51:ec:59:85:46:20:6e:31:
                    d2:9d:9c:9b:de:fe:4e:45:d8:5d:2f:2e:ce:30:77:
                    ba:bc:1d:55:84:6f:bf:81:99:92:7b:d0:e2:d2:cb:
                    fb:b9:53:b6:c0:79:dc:26:91:f2:d3:4a:00:bb:9c:
                    75:df:1e:05:7b:f2:03:75:18:c8:83:38:8d:5d:07:
                    ed:60:8a:12:71:ba:be:1c:ec:c3:86:0c:cf:58:46:
                    fe:bd:49:2c:f1:c1:5a:f5:dd:e4:6c:89:df:b7:c4:
                    e5:a8:8f:7e:b7:9e:a9:cd:8c:c6:55:12:d9:4a:94:
                    2f:32:dc:bb:ea:6d:5a:70:bb:71:48:86:93:17:88:
                    aa:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:14:87:FD:EB:80:0A:63:DE:2B:A9:AE:03:95:64:8F:19:73:64:DF
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/xRSH_euACmPeK6muA5VkjxlzZN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:2f:16:ef:c1:39:50:28:e8:2f:85:99:0b:17:99:80:5b:02:
         d2:87:8c:54:b0:ae:64:0d:45:67:1e:ac:f5:96:8e:86:fe:32:
         37:07:5c:ec:45:24:ca:11:ff:3b:e7:c7:24:e4:23:96:80:d6:
         32:8d:c9:d6:ac:9b:57:03:29:99:d7:ec:a8:0e:f3:b6:42:ea:
         3e:b1:af:c5:9d:d0:54:2b:d4:77:c5:a9:e5:57:75:fe:36:26:
         cd:7b:86:d5:d0:5e:bb:72:a5:38:84:35:82:95:7c:1b:31:d2:
         8d:40:66:52:55:94:f0:32:b3:48:1f:7d:38:2d:2b:45:d7:1a:
         5c:c4:56:d2:b1:3c:29:6e:6e:22:42:f1:b9:28:e4:f7:63:ea:
         8f:fe:91:21:59:2d:86:5e:38:21:30:46:0b:2f:4e:06:bf:44:
         81:dd:c2:54:ca:3c:4e:24:26:ba:5a:b5:60:6f:04:bb:ba:10:
         07:f7:1b:2f:6d:42:ef:4e:61:47:31:95:a9:20:52:2f:52:20:
         75:d3:d5:fb:a8:15:3f:15:28:50:95:a6:8b:66:ab:f5:c2:f6:
         f7:63:3e:4d:d2:10:d3:e8:ab:a2:2a:6c:1c:4d:57:93:c8:b8:
         f1:69:f1:cf:cd:06:95:19:67:7e:c0:5a:7c:6a:61:6c:5e:66:
         16:cd:dd:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgy0JGzONa6vdmM9lBdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTE0ODdmZGViODAwYTYzZGUyYmE5YWUwMzk1NjQ4ZjE5NzM2NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnPK0b+dDdsvL8J9gZgrbDzFpkMR
BH5dGKKU6aR6kVjpSYYcH3df8jo2WUjDS9Dbe8yTbjI9AWEArvP/OUniDFKruNrc
QHhFn3cZMqT0qbcqiW89whteGPVLNANTofpVoJvwXC7i3EMid37BZqh7HffcKGUC
2g1sW76uMGStUexZhUYgbjHSnZyb3v5ORdhdLy7OMHe6vB1VhG+/gZmSe9Di0sv7
uVO2wHncJpHy00oAu5x13x4Fe/IDdRjIgziNXQftYIoScbq+HOzDhgzPWEb+vUks
8cFa9d3kbInft8TlqI9+t56pzYzGVRLZSpQvMty76m1acLtxSIaTF4iqFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUUh/3rgApj3iuprgOVZI8Zc2TfMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEveFJTSF9ldUFDbVBlSzZtdUE1VmtqeGx6Wk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU00MA0G
CSqGSIb3DQEBCwUAA4IBAQBlLxbvwTlQKOgvhZkLF5mAWwLSh4xUsK5kDUVnHqz1
lo6G/jI3B1zsRSTKEf8758ck5COWgNYyjcnWrJtXAymZ1+yoDvO2Quo+sa/FndBU
K9R3xanlV3X+NibNe4bV0F67cqU4hDWClXwbMdKNQGZSVZTwMrNIH304LStF1xpc
xFbSsTwpbm4iQvG5KOT3Y+qP/pEhWS2GXjghMEYLL04Gv0SB3cJUyjxOJCa6WrVg
bwS7uhAH9xsvbULvTmFHMZWpIFIvUiB109X7qBU/FShQlaaLZqv1wvb3Yz5N0hDT
6KuiKmwcTVeTyLjxafHPzQaVGWd+wFp8amFsXmYWzd1x
-----END CERTIFICATE-----