Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sxG-nv8LqkyKVpcv5tEoerg6EKM.roa
File:                     sxG-nv8LqkyKVpcv5tEoerg6EKM.roa (raw, json)
Hash identifier:          yiGjfXs9akPf+QntIcKA3/F0NQfkU7vE/pQdx+lvTOQ=
Subject key identifier:   B3:11:BE:9E:FF:0B:AA:4C:8A:56:97:2F:E6:D1:28:7A:B8:3A:10:A3
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019E470C1F1B9E186824874003D23D777041
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sxG-nv8LqkyKVpcv5tEoerg6EKM.roa
Signing time:             Wed 20 May 2026 20:20:37 +0000
ROA not before:           Wed 20 May 2026 20:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     274032
IP address blocks:        45.130.162.0/24 maxlen: 24
                          181.41.144.0/24 maxlen: 24
                          181.41.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jun 2026 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:47:0c:1f:1b:9e:18:68:24:87:40:03:d2:3d:77:70:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 20 20:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b311be9eff0baa4c8a56972fe6d1287ab83a10a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3e:77:46:2b:cf:fc:91:75:0b:e7:79:c0:47:
                    cf:c6:df:85:39:5a:11:44:80:af:76:89:82:0f:84:
                    3b:fd:98:6d:7a:88:b3:b7:d2:7b:ab:11:f5:94:b8:
                    cd:92:9a:b4:26:53:75:1a:fb:b9:8d:db:64:43:03:
                    14:8e:b2:a3:a5:b3:f5:dc:18:d0:d4:0c:6d:88:6d:
                    d8:48:26:f2:0c:a0:8a:18:4d:4d:42:de:14:fd:2d:
                    ce:84:d5:9c:c5:01:0f:90:bd:1f:c5:73:10:51:26:
                    8c:88:a2:73:dd:57:a7:c3:4c:66:2b:9d:9c:8e:21:
                    a1:2d:43:74:7e:00:67:e1:0a:cb:90:a5:26:6f:e8:
                    3d:62:8a:d8:14:47:41:7a:f0:fd:a7:a1:bd:5e:c2:
                    d7:7b:0c:ff:36:ab:5d:2d:e4:40:c5:2a:5f:0e:44:
                    02:fa:be:89:db:81:2a:46:45:b9:a4:bc:36:37:a3:
                    14:34:c8:97:d7:a3:32:76:d9:4d:f6:45:db:b5:0c:
                    d2:a4:f9:bc:23:01:8a:78:94:21:85:d7:30:c8:78:
                    bf:43:e2:d8:55:da:5b:a1:0f:e3:fc:11:3e:9e:70:
                    35:71:bb:25:f3:1a:2a:bb:b4:ab:22:95:b9:d6:86:
                    56:c8:91:05:78:43:75:cf:63:4d:52:72:3c:c2:da:
                    78:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:11:BE:9E:FF:0B:AA:4C:8A:56:97:2F:E6:D1:28:7A:B8:3A:10:A3
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sxG-nv8LqkyKVpcv5tEoerg6EKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.162.0/24
                  181.41.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:24:ac:b8:ff:68:93:88:23:ed:e9:a5:10:6d:37:ff:48:31:
         0d:9d:b4:cf:6e:23:bc:49:b3:b0:c4:8b:3e:3a:d3:b7:a4:b3:
         ca:ae:09:0d:0b:47:41:17:06:9d:20:c8:40:0e:e7:f3:74:5d:
         54:2f:55:a3:0c:cd:42:39:62:da:9a:c4:c0:e4:bf:f1:fd:56:
         85:7f:e1:d9:95:95:a1:03:9b:d0:12:10:f7:46:a7:98:11:5a:
         86:28:9a:d8:36:92:64:7c:9b:5e:35:51:0c:06:21:e0:10:e7:
         90:9e:de:d6:3a:3c:3e:7a:52:e4:dd:05:bd:c3:64:68:74:57:
         15:f0:1d:d0:c3:ce:94:21:54:e8:2d:a4:b2:69:63:9d:15:37:
         a6:51:d4:9d:65:03:b1:31:cc:5b:16:3e:97:f7:57:99:48:fc:
         99:97:2f:27:1c:a6:46:87:7f:f8:46:c6:7a:c5:7e:f8:d8:5a:
         06:01:52:1b:58:6b:c1:b7:eb:52:90:c3:ab:da:0a:1f:d0:54:
         a3:c7:d4:11:7b:ac:eb:91:f4:b5:d6:b8:ac:86:b6:fc:46:7f:
         51:1b:cd:1f:ac:e6:32:c9:ab:c3:e3:42:40:0c:7c:75:00:7a:
         3d:65:8c:59:b9:4a:40:6a:20:cc:43:c7:6c:64:2b:3a:c6:80:
         69:db:c7:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5HDB8bnhhoJIdAA9I9d3BBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNTIwMjAyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzExYmU5ZWZmMGJhYTRjOGE1Njk3MmZlNmQxMjg3YWI4M2ExMGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz53RivP/JF1C+d5wEfPxt+FOVoR
RICvdomCD4Q7/Zhteoizt9J7qxH1lLjNkpq0JlN1Gvu5jdtkQwMUjrKjpbP13BjQ
1AxtiG3YSCbyDKCKGE1NQt4U/S3OhNWcxQEPkL0fxXMQUSaMiKJz3Venw0xmK52c
jiGhLUN0fgBn4QrLkKUmb+g9YorYFEdBevD9p6G9XsLXewz/NqtdLeRAxSpfDkQC
+r6J24EqRkW5pLw2N6MUNMiX16MydtlN9kXbtQzSpPm8IwGKeJQhhdcwyHi/Q+LY
VdpboQ/j/BE+nnA1cbsl8xoqu7SrIpW51oZWyJEFeEN1z2NNUnI8wtp4gwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLMRvp7/C6pMilaXL+bRKHq4OhCjMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvc3hHLW52OExxa3lLVnBjdjV0RW9lcmc2RUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYKiAwQB
tSmQMA0GCSqGSIb3DQEBCwUAA4IBAQAWJKy4/2iTiCPt6aUQbTf/SDENnbTPbiO8
SbOwxIs+OtO3pLPKrgkNC0dBFwadIMhADufzdF1UL1WjDM1COWLamsTA5L/x/VaF
f+HZlZWhA5vQEhD3RqeYEVqGKJrYNpJkfJteNVEMBiHgEOeQnt7WOjw+elLk3QW9
w2RodFcV8B3Qw86UIVToLaSyaWOdFTemUdSdZQOxMcxbFj6X91eZSPyZly8nHKZG
h3/4RsZ6xX742FoGAVIbWGvBt+tSkMOr2gof0FSjx9QRe6zrkfS11rishrb8Rn9R
G80frOYyyavD40JADHx1AHo9ZYxZuUpAaiDMQ8dsZCs6xoBp28ep
-----END CERTIFICATE-----