Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/UpbRqYrfuDdgboJSO_RRSH0MSMM.roa
File:                     UpbRqYrfuDdgboJSO_RRSH0MSMM.roa (raw, json)
Hash identifier:          3YQX4Le9E1+oSqm9sc8iIssVk+isVS2jATeH9K+/YMs=
Subject key identifier:   52:96:D1:A9:8A:DF:B8:37:60:6E:82:52:3B:F4:51:48:7D:0C:48:C3
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0198CD4D3000E3536EB584800894DE5F0E9D
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/UpbRqYrfuDdgboJSO_RRSH0MSMM.roa
Signing time:             Thu 21 Aug 2025 15:44:04 +0000
ROA not before:           Thu 21 Aug 2025 15:44:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273142
IP address blocks:        201.77.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:4d:30:00:e3:53:6e:b5:84:80:08:94:de:5f:0e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Aug 21 15:44:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5296d1a98adfb837606e82523bf451487d0c48c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ce:06:c6:a4:f6:1c:12:fa:7c:40:3f:9d:00:
                    7e:7e:d3:bd:00:e9:21:8e:57:69:a3:8e:54:c0:7f:
                    99:76:bb:79:93:b3:96:5e:30:c0:1b:1d:b8:c6:da:
                    b3:9e:f3:c6:fc:cd:83:b5:e4:1b:1d:77:59:52:66:
                    54:28:82:71:9a:08:08:2d:dc:ae:f8:61:e4:20:22:
                    1b:64:93:3c:11:80:74:dc:79:8c:7f:fc:ff:17:a5:
                    61:af:9d:e1:6d:58:fa:d3:e2:73:b3:9e:41:c0:79:
                    2c:2a:e0:f6:76:4e:b9:45:ce:bc:e3:f5:bb:a5:b6:
                    c7:04:b8:82:8e:62:31:11:cd:37:6d:f4:a2:0b:d5:
                    af:f4:fc:f3:a6:b4:55:28:57:cb:ca:0e:ac:5d:82:
                    83:6e:39:6b:e9:64:ec:a2:d6:35:d3:f7:5b:54:9c:
                    d2:24:49:3d:de:7e:de:e3:eb:8e:eb:68:d7:3d:fd:
                    de:54:8c:6f:74:cc:3b:92:57:a2:fa:35:12:da:c8:
                    5d:13:14:e1:3f:c7:cf:fb:1e:76:4c:3d:4c:2d:ff:
                    e7:f1:2e:4e:13:10:d4:da:8c:b1:8b:cc:eb:61:45:
                    51:f3:2e:73:db:21:70:bc:1a:df:5c:71:1c:f2:88:
                    f4:34:52:84:6b:17:02:dc:54:30:6d:e6:ea:92:b7:
                    4c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:96:D1:A9:8A:DF:B8:37:60:6E:82:52:3B:F4:51:48:7D:0C:48:C3
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/UpbRqYrfuDdgboJSO_RRSH0MSMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:f3:57:99:4f:3e:7f:d6:57:81:ca:4d:95:bc:2a:09:d0:44:
         92:c4:8d:f6:7c:5e:bf:ac:ec:27:c0:e4:b4:8b:7a:0a:ae:01:
         a4:56:3f:f6:00:2e:04:fd:0a:2e:27:2d:5f:f2:5b:89:da:d6:
         43:d6:e7:e7:5f:73:5a:37:c9:27:d4:0b:20:77:47:e5:16:b0:
         20:84:e3:7b:bc:5b:7f:4f:32:a0:9f:05:9a:d4:cf:b4:78:0c:
         f2:a6:2f:2c:e8:5c:91:f0:c1:d9:d0:8a:43:d3:df:6c:17:37:
         ea:39:4f:6b:91:09:10:32:ce:ab:28:d7:29:b8:29:d2:7f:d4:
         f7:d4:d0:11:5d:50:6f:77:02:9a:03:27:f1:8b:49:b2:3f:4f:
         39:24:56:87:10:fe:88:32:44:d6:b8:2b:0a:9f:7a:b3:e9:f7:
         7e:b2:67:46:09:81:39:5d:f1:b5:4d:a2:9e:a8:f5:5a:e1:df:
         7f:8b:43:ef:3a:67:82:db:9f:75:75:92:bd:78:94:ad:9f:4c:
         84:f4:d7:e4:b1:a6:bf:89:f8:cf:58:45:ec:0b:77:8f:9b:c1:
         89:f5:b4:a7:5d:25:77:d0:10:98:b1:26:a9:95:74:13:5d:7a:
         4b:f3:38:1c:c0:9c:42:0d:83:8b:72:6f:78:b1:f4:44:50:0c:
         be:ea:3e:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjNTTAA41NutYSACJTeXw6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwODIxMTU0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjk2ZDFhOThhZGZiODM3NjA2ZTgyNTIzYmY0NTE0ODdkMGM0OGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc4GxqT2HBL6fEA/nQB+ftO9AOkh
jldpo45UwH+Zdrt5k7OWXjDAGx24xtqznvPG/M2DteQbHXdZUmZUKIJxmggILdyu
+GHkICIbZJM8EYB03HmMf/z/F6Vhr53hbVj60+Jzs55BwHksKuD2dk65Rc684/W7
pbbHBLiCjmIxEc03bfSiC9Wv9PzzprRVKFfLyg6sXYKDbjlr6WTsotY10/dbVJzS
JEk93n7e4+uO62jXPf3eVIxvdMw7klei+jUS2shdExThP8fP+x52TD1MLf/n8S5O
ExDU2oyxi8zrYUVR8y5z2yFwvBrfXHEc8oj0NFKEaxcC3FQwbebqkrdMNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKW0amK37g3YG6CUjv0UUh9DEjDMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvVXBiUnFZcmZ1RGRnYm9KU09fUlJTSDBNU01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyU05MA0G
CSqGSIb3DQEBCwUAA4IBAQBd81eZTz5/1leByk2VvCoJ0ESSxI32fF6/rOwnwOS0
i3oKrgGkVj/2AC4E/QouJy1f8luJ2tZD1ufnX3NaN8kn1Asgd0flFrAghON7vFt/
TzKgnwWa1M+0eAzypi8s6FyR8MHZ0IpD099sFzfqOU9rkQkQMs6rKNcpuCnSf9T3
1NARXVBvdwKaAyfxi0myP085JFaHEP6IMkTWuCsKn3qz6fd+smdGCYE5XfG1TaKe
qPVa4d9/i0PvOmeC2591dZK9eJStn0yE9Nfksaa/ifjPWEXsC3ePm8GJ9bSnXSV3
0BCYsSaplXQTXXpL8zgcwJxCDYOLcm94sfREUAy+6j7J
-----END CERTIFICATE-----