Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/LZ0s0Mc-dH4ydO20rwWWP8JRI90.roa
File:                     LZ0s0Mc-dH4ydO20rwWWP8JRI90.roa (raw, json)
Hash identifier:          BUs/TIhzLRK1wYJ9zX/yDqD3T7wynm3N4HrVWA6XWjY=
Subject key identifier:   2D:9D:2C:D0:C7:3E:74:7E:32:74:ED:B4:AF:05:96:3F:C2:51:23:DD
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D1B7F9422A7F8A521F23E519DFC946221
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/LZ0s0Mc-dH4ydO20rwWWP8JRI90.roa
Signing time:             Mon 23 Mar 2026 16:20:39 +0000
ROA not before:           Mon 23 Mar 2026 16:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     27796
IP address blocks:        201.77.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:18:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:7f:94:22:a7:f8:a5:21:f2:3e:51:9d:fc:94:62:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 23 16:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d9d2cd0c73e747e3274edb4af05963fc25123dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:31:20:ab:00:3b:eb:76:79:50:bf:9c:23:2a:
                    e0:a6:8d:fa:46:e0:6c:eb:6a:1c:60:62:8c:10:59:
                    cd:18:d0:34:14:1b:e0:b6:11:fb:25:58:8f:97:67:
                    04:3a:63:26:e6:e8:6d:f3:4b:fb:3d:6e:cd:62:a7:
                    97:55:df:ef:0e:3b:75:1c:22:b7:7c:61:ba:fc:bb:
                    34:5c:0e:0b:4a:e0:01:ed:d1:cd:59:e3:c2:1d:8e:
                    b2:7e:f5:0b:2f:54:2f:ce:ce:76:fe:92:07:1c:b2:
                    0d:49:1a:fd:67:07:b3:7f:5f:40:97:d0:78:b3:42:
                    9b:ff:10:af:73:43:94:64:fc:b1:d6:50:8a:3e:39:
                    d2:15:e7:fb:9e:c1:53:5c:e8:05:ac:82:95:ba:82:
                    7b:9e:ec:79:88:99:04:28:b2:2b:2c:ea:50:d3:15:
                    a9:1f:bc:5f:a8:c2:ed:c0:b4:0f:37:aa:0c:c5:d4:
                    19:44:ba:b6:38:f9:02:f1:12:01:7b:4c:60:0d:ce:
                    f4:31:02:b9:4c:81:1e:47:b3:f8:cc:98:e4:b9:a1:
                    dd:6d:9d:81:09:3f:d3:fa:e6:da:f5:5f:e6:26:6c:
                    1b:9d:85:f5:2d:d2:52:02:54:df:bf:7b:82:30:4b:
                    52:4b:f0:d9:42:64:91:31:1b:84:09:70:37:2e:16:
                    ad:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:9D:2C:D0:C7:3E:74:7E:32:74:ED:B4:AF:05:96:3F:C2:51:23:DD
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/LZ0s0Mc-dH4ydO20rwWWP8JRI90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:a6:ed:73:f3:59:dc:66:c2:8c:be:59:07:7f:fb:05:47:8c:
         53:50:af:7f:3a:dc:9b:05:72:b4:a6:61:dc:fd:af:31:75:de:
         f0:80:51:a1:d1:aa:98:67:d1:03:32:c4:12:a9:83:fa:a8:fa:
         6b:16:d0:7d:64:bc:13:45:f9:49:c6:7a:8b:8b:d0:8d:7c:39:
         ee:88:82:95:8a:19:35:67:6a:2e:99:b6:e1:c3:97:c0:d9:81:
         7e:9f:da:4a:d8:b6:8c:61:a6:6f:79:e9:a4:d6:71:68:9f:3d:
         f0:eb:72:bc:86:2e:ab:c7:56:a7:e5:b0:0a:76:72:6b:39:c7:
         f9:ad:3e:61:68:b2:a8:dc:55:4f:5a:77:7f:ba:40:44:9e:51:
         ed:66:67:97:70:d6:3c:58:7a:0c:4e:88:a1:97:5b:2b:8c:5b:
         8e:93:eb:64:fe:22:03:30:65:3d:9c:8c:b9:c6:0e:3f:95:49:
         5b:e9:06:09:1d:55:b5:4e:af:7b:a7:a7:40:03:0b:5d:e1:fd:
         16:a4:ed:3b:7f:b8:b4:fa:81:a5:82:08:e6:79:ab:db:7f:b9:
         43:b3:a9:75:75:f9:e5:0d:45:f3:48:e5:25:c1:d7:09:48:a5:
         40:56:0a:27:51:07:12:d8:c7:83:b5:20:1e:0f:cc:ab:11:32:
         3d:68:4d:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0bf5Qip/ilIfI+UZ38lGIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzIzMTYyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDlkMmNkMGM3M2U3NDdlMzI3NGVkYjRhZjA1OTYzZmMyNTEyM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojEgqwA763Z5UL+cIyrgpo36RuBs
62ocYGKMEFnNGNA0FBvgthH7JViPl2cEOmMm5uht80v7PW7NYqeXVd/vDjt1HCK3
fGG6/Ls0XA4LSuAB7dHNWePCHY6yfvULL1Qvzs52/pIHHLINSRr9Zwezf19Al9B4
s0Kb/xCvc0OUZPyx1lCKPjnSFef7nsFTXOgFrIKVuoJ7nux5iJkEKLIrLOpQ0xWp
H7xfqMLtwLQPN6oMxdQZRLq2OPkC8RIBe0xgDc70MQK5TIEeR7P4zJjkuaHdbZ2B
CT/T+uba9V/mJmwbnYX1LdJSAlTfv3uCMEtSS/DZQmSRMRuECXA3Lhat4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2dLNDHPnR+MnTttK8Flj/CUSPdMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvTFowczBNYy1kSDR5ZE8yMHJ3V1dQOEpSSTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU0+MA0G
CSqGSIb3DQEBCwUAA4IBAQBipu1z81ncZsKMvlkHf/sFR4xTUK9/OtybBXK0pmHc
/a8xdd7wgFGh0aqYZ9EDMsQSqYP6qPprFtB9ZLwTRflJxnqLi9CNfDnuiIKVihk1
Z2oumbbhw5fA2YF+n9pK2LaMYaZveemk1nFonz3w63K8hi6rx1an5bAKdnJrOcf5
rT5haLKo3FVPWnd/ukBEnlHtZmeXcNY8WHoMToihl1srjFuOk+tk/iIDMGU9nIy5
xg4/lUlb6QYJHVW1Tq97p6dAAwtd4f0WpO07f7i0+oGlggjmeavbf7lDs6l1dfnl
DUXzSOUlwdcJSKVAVgonUQcS2MeDtSAeD8yrETI9aE2d
-----END CERTIFICATE-----