Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/TXPiLvAJU01GDq77VFiPGnSHxkU.roa
File:                     TXPiLvAJU01GDq77VFiPGnSHxkU.roa (raw, json)
Hash identifier:          hLziDrUh4T19H9aB08LfDKtciXTFCVmkUgQW9cFUN4M=
Subject key identifier:   4D:73:E2:2E:F0:09:53:4D:46:0E:AE:FB:54:58:8F:1A:74:87:C6:45
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019E821A1361CB13EDE86BEB0760C327D8AB
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/TXPiLvAJU01GDq77VFiPGnSHxkU.roa
Signing time:             Mon 01 Jun 2026 07:33:27 +0000
ROA not before:           Mon 01 Jun 2026 07:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273295
IP address blocks:        45.133.60.0/23 maxlen: 23
                          45.142.42.0/23 maxlen: 23
                          85.92.126.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jun 2026 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:1a:13:61:cb:13:ed:e8:6b:eb:07:60:c3:27:d8:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jun  1 07:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d73e22ef009534d460eaefb54588f1a7487c645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:7c:68:ab:99:e2:2b:c8:95:16:dc:78:00:e3:
                    3f:fc:ef:f5:76:6b:41:90:5c:7a:5c:a6:34:85:d1:
                    be:03:5e:c4:b9:b0:61:f5:c7:a5:db:ee:d3:e7:f3:
                    11:9d:63:88:ef:c2:1d:34:a4:9b:51:7a:c2:22:b9:
                    c0:15:96:0f:dd:a2:40:0c:a5:13:90:c9:85:35:cd:
                    09:2b:07:d1:68:bf:d2:2c:ff:51:ee:68:99:10:92:
                    bf:a8:0e:e1:24:c9:13:9a:5e:4f:1b:76:86:43:c7:
                    6d:80:1c:21:a6:f7:65:31:3b:0f:aa:b0:d0:de:30:
                    db:a0:76:04:0c:5c:1b:aa:3d:db:f5:df:fa:76:a2:
                    7e:83:06:d5:bc:ba:96:cd:57:0d:f6:7d:25:c6:f1:
                    6c:03:78:ca:68:05:5f:ea:e7:81:06:82:05:d2:84:
                    20:3a:1d:62:70:4f:c3:a8:cf:02:e4:fe:6b:29:95:
                    96:78:49:ab:e8:e3:50:a4:e9:ce:ea:4b:49:d9:aa:
                    aa:de:ab:57:15:14:6b:98:91:24:2c:d1:f7:b8:bd:
                    16:e5:13:26:1f:0f:b8:af:b8:4b:21:8d:7f:c4:92:
                    4a:bd:dd:cb:cc:a6:cf:ac:a2:e9:b2:43:2f:a2:34:
                    c2:21:e5:57:25:26:a6:8b:c4:20:44:09:08:88:43:
                    6f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:73:E2:2E:F0:09:53:4D:46:0E:AE:FB:54:58:8F:1A:74:87:C6:45
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/TXPiLvAJU01GDq77VFiPGnSHxkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.60.0/23
                  45.142.42.0/23
                  85.92.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:3c:e7:21:f0:e1:63:59:a1:06:be:39:d9:62:09:fd:87:94:
         9c:38:d3:e1:61:5d:76:6d:7e:66:e5:b2:00:30:93:cd:ea:03:
         31:81:71:2a:23:84:22:3a:f0:33:23:af:ea:be:01:b9:97:76:
         78:f2:90:4b:37:61:77:6d:13:9a:ec:89:2e:f0:72:21:8c:cc:
         59:e5:5d:5c:04:1e:d4:c5:cb:5f:66:8a:4b:03:5c:71:48:41:
         a1:c0:23:90:2f:d5:9b:01:a3:17:03:e0:9e:2e:aa:57:da:ea:
         74:f8:32:e4:2e:f6:4a:2c:50:23:c1:4e:9c:dc:27:e9:ff:a1:
         53:50:ff:9d:00:21:d4:9b:e9:be:7b:d3:16:e5:23:e4:2d:db:
         d5:a9:b6:5c:93:95:bb:9f:0b:1f:ec:a4:d5:a3:93:a0:31:30:
         33:ca:31:93:c2:b6:58:81:47:af:29:bd:0b:73:41:3a:d1:81:
         7a:f1:97:57:2b:9f:05:d3:ad:77:31:a8:06:d1:9a:e4:20:42:
         e4:51:4d:f4:2a:54:a6:3d:c1:66:92:43:a8:63:a6:83:e4:66:
         9d:e1:c9:50:39:cd:c9:d7:a8:f2:35:7b:6a:bd:de:8d:71:ff:
         37:af:8b:86:79:e5:9a:6c:e2:c3:03:39:a8:9a:67:c6:99:2b:
         00:e4:11:a3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6CGhNhyxPt6GvrB2DDJ9irMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNjAxMDczMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDczZTIyZWYwMDk1MzRkNDYwZWFlZmI1NDU4OGYxYTc0ODdjNjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7nxoq5niK8iVFtx4AOM//O/1dmtB
kFx6XKY0hdG+A17EubBh9cel2+7T5/MRnWOI78IdNKSbUXrCIrnAFZYP3aJADKUT
kMmFNc0JKwfRaL/SLP9R7miZEJK/qA7hJMkTml5PG3aGQ8dtgBwhpvdlMTsPqrDQ
3jDboHYEDFwbqj3b9d/6dqJ+gwbVvLqWzVcN9n0lxvFsA3jKaAVf6ueBBoIF0oQg
Oh1icE/DqM8C5P5rKZWWeEmr6ONQpOnO6ktJ2aqq3qtXFRRrmJEkLNH3uL0W5RMm
Hw+4r7hLIY1/xJJKvd3LzKbPrKLpskMvojTCIeVXJSami8QgRAkIiENvbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE1z4i7wCVNNRg6u+1RYjxp0h8ZFMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvVFhQaUx2QUpVMDFHRHE3N1ZGaVBHblNIeGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLYU8AwQB
LY4qAwQBVVx+MA0GCSqGSIb3DQEBCwUAA4IBAQBBPOch8OFjWaEGvjnZYgn9h5Sc
ONPhYV12bX5m5bIAMJPN6gMxgXEqI4QiOvAzI6/qvgG5l3Z48pBLN2F3bROa7Iku
8HIhjMxZ5V1cBB7UxctfZopLA1xxSEGhwCOQL9WbAaMXA+CeLqpX2up0+DLkLvZK
LFAjwU6c3Cfp/6FTUP+dACHUm+m+e9MW5SPkLdvVqbZck5W7nwsf7KTVo5OgMTAz
yjGTwrZYgUevKb0Lc0E60YF68ZdXK58F0613MagG0ZrkIELkUU30KlSmPcFmkkOo
Y6aD5Gad4clQOc3J16jyNXtqvd6Ncf83r4uGeeWabOLDAzmommfGmSsA5BGj
-----END CERTIFICATE-----