Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/jcViTX7p24bQjfGCB7IY6g4M5io.roa
File:                     jcViTX7p24bQjfGCB7IY6g4M5io.roa (raw, json)
Hash identifier:          aqSJdYAFr1t3WF8VgGWzzX5hijxuqTkWdKUHOj0Va1s=
Subject key identifier:   8D:C5:62:4D:7E:E9:DB:86:D0:8D:F1:82:07:B2:18:EA:0E:0C:E6:2A
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0196B1164D9463F746E1CBFEA8C81EB7ED4A
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/jcViTX7p24bQjfGCB7IY6g4M5io.roa
Signing time:             Thu 08 May 2025 18:09:10 +0000
ROA not before:           Thu 08 May 2025 18:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     270175
IP address blocks:        45.80.83.0/24 maxlen: 24
                          201.77.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:16:4d:94:63:f7:46:e1:cb:fe:a8:c8:1e:b7:ed:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May  8 18:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dc5624d7ee9db86d08df18207b218ea0e0ce62a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:87:29:f7:35:c0:92:ab:d4:73:72:0b:4d:b9:
                    0a:74:c1:9f:33:ba:13:c1:9c:69:ae:11:b7:fd:5a:
                    8f:b3:5b:a0:50:91:28:fc:08:40:c0:30:28:76:e3:
                    0c:69:28:84:2e:b6:67:bf:07:95:bd:d7:58:35:64:
                    fb:e3:0e:16:6f:1e:ad:99:35:c0:2d:b2:3d:a7:d8:
                    27:85:08:78:28:ae:7a:06:88:08:a3:63:8f:37:5a:
                    0f:e4:54:c8:76:d4:7f:fe:ed:f4:4e:48:65:24:ff:
                    3d:eb:6d:e7:2e:ee:7a:24:29:dc:5a:f5:6f:61:00:
                    2b:8a:4a:f3:9a:a6:4d:a9:b8:47:27:b3:1b:8d:3b:
                    bf:67:4e:fe:5c:cb:42:ea:28:95:1a:2c:c0:e9:3a:
                    32:17:f0:64:ce:25:6d:49:a2:d0:00:85:eb:4f:4d:
                    68:2d:ef:04:62:fb:f8:1c:1a:dd:96:03:46:f1:0f:
                    fb:2d:57:cc:80:db:1a:c3:36:c8:56:49:bc:d5:b9:
                    fd:82:7b:27:d2:da:93:13:c2:bd:09:f6:e9:6e:7f:
                    b8:13:72:f7:71:56:c5:b6:94:3a:dd:96:2e:34:61:
                    c5:a9:59:f8:64:3a:e2:4a:75:55:90:a6:af:41:99:
                    b0:67:2f:5d:19:20:09:4a:41:ae:3f:52:84:0c:74:
                    03:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:C5:62:4D:7E:E9:DB:86:D0:8D:F1:82:07:B2:18:EA:0E:0C:E6:2A
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/jcViTX7p24bQjfGCB7IY6g4M5io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.83.0/24
                  201.77.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:ce:be:5f:9c:0b:fc:0c:b6:54:a3:2f:af:d2:f2:f1:0f:76:
         57:c2:09:47:7b:25:67:e2:0b:ca:29:87:ad:99:a9:e5:b9:b3:
         c2:7b:7d:49:62:df:91:c4:39:f4:c6:dc:86:28:43:99:0b:96:
         ec:15:5d:4b:3d:42:87:47:fb:e2:bf:47:9f:5a:35:3f:2a:f7:
         24:0d:ab:3d:94:0c:7a:2a:35:d3:2e:bb:ab:30:23:73:73:a3:
         df:fe:08:31:02:0c:d0:1d:03:5d:9c:e5:17:a1:7a:0c:60:ed:
         2e:91:25:42:d6:6f:a2:e0:ca:d0:ad:e5:6b:1d:10:ab:e7:6b:
         02:7b:02:3b:f9:0e:fa:08:e8:89:91:f9:8a:a4:0c:9e:d7:e3:
         c3:86:54:39:43:bf:56:a8:c8:9e:33:84:b1:d1:10:36:69:fe:
         9f:42:93:93:16:34:f8:7a:6a:ad:44:0e:19:cc:07:02:2b:4b:
         9b:da:ff:74:b1:0d:bf:e7:b8:d5:5a:f7:3b:5a:af:5d:8a:a5:
         04:16:d8:7b:fa:4b:39:8d:67:a2:b3:24:a4:a8:e4:ad:b8:9e:
         69:c5:cc:99:71:a6:1d:fc:ad:ef:93:36:7f:66:b4:6a:47:8a:
         8b:56:b7:67:5e:44:56:93:4a:6b:7c:93:ae:9c:8a:8e:b3:8d:
         65:83:17:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaxFk2UY/dG4cv+qMget+1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNTA4MTgwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGM1NjI0ZDdlZTlkYjg2ZDA4ZGYxODIwN2IyMThlYTBlMGNlNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ocp9zXAkqvUc3ILTbkKdMGfM7oT
wZxprhG3/VqPs1ugUJEo/AhAwDAoduMMaSiELrZnvweVvddYNWT74w4Wbx6tmTXA
LbI9p9gnhQh4KK56BogIo2OPN1oP5FTIdtR//u30TkhlJP89623nLu56JCncWvVv
YQArikrzmqZNqbhHJ7MbjTu/Z07+XMtC6iiVGizA6ToyF/BkziVtSaLQAIXrT01o
Le8EYvv4HBrdlgNG8Q/7LVfMgNsawzbIVkm81bn9gnsn0tqTE8K9Cfbpbn+4E3L3
cVbFtpQ63ZYuNGHFqVn4ZDriSnVVkKavQZmwZy9dGSAJSkGuP1KEDHQDTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI3FYk1+6duG0I3xggeyGOoODOYqMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvamNWaVRYN3AyNGJRamZHQ0I3SVk2ZzRNNWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVBTAwQA
yU04MA0GCSqGSIb3DQEBCwUAA4IBAQC2zr5fnAv8DLZUoy+v0vLxD3ZXwglHeyVn
4gvKKYetmanlubPCe31JYt+RxDn0xtyGKEOZC5bsFV1LPUKHR/viv0efWjU/Kvck
Das9lAx6KjXTLrurMCNzc6Pf/ggxAgzQHQNdnOUXoXoMYO0ukSVC1m+i4MrQreVr
HRCr52sCewI7+Q76COiJkfmKpAye1+PDhlQ5Q79WqMieM4Sx0RA2af6fQpOTFjT4
emqtRA4ZzAcCK0ub2v90sQ2/57jVWvc7Wq9diqUEFth7+ks5jWeisySkqOStuJ5p
xcyZcaYd/K3vkzZ/ZrRqR4qLVrdnXkRWk0prfJOunIqOs41lgxfS
-----END CERTIFICATE-----