Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/SG-oYWBeZ8PdnxfhbLJBRMxInjk.roa
File:                     SG-oYWBeZ8PdnxfhbLJBRMxInjk.roa (raw, json)
Hash identifier:          IQmUUHJFzP7J5Wi5OG22cXQ7JSU97X0TL3RWD8DykE4=
Subject key identifier:   48:6F:A8:61:60:5E:67:C3:DD:9F:17:E1:6C:B2:41:44:CC:48:9E:39
Certificate issuer:       /CN=2ba1cfd757f51f2feb74509e9c39be46806be642
Certificate serial:       0198C4A9452721E4886F49F0E26D7B49B53D
Authority key identifier: 2B:A1:CF:D7:57:F5:1F:2F:EB:74:50:9E:9C:39:BE:46:80:6B:E6:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K6HP11f1Hy_rdFCenDm-RoBr5kI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/SG-oYWBeZ8PdnxfhbLJBRMxInjk.roa
Signing time:             Tue 19 Aug 2025 23:28:04 +0000
ROA not before:           Tue 19 Aug 2025 23:28:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        62.231.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/K6HP11f1Hy_rdFCenDm-RoBr5kI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/K6HP11f1Hy_rdFCenDm-RoBr5kI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K6HP11f1Hy_rdFCenDm-RoBr5kI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c4:a9:45:27:21:e4:88:6f:49:f0:e2:6d:7b:49:b5:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ba1cfd757f51f2feb74509e9c39be46806be642
        Validity
            Not Before: Aug 19 23:28:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=486fa861605e67c3dd9f17e16cb24144cc489e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:79:20:bb:e7:4b:a4:40:7f:74:08:1e:24:2a:
                    ed:8d:61:fb:f5:69:af:f0:92:d3:5d:15:f9:09:18:
                    51:25:bc:f0:f2:dd:e4:63:14:35:32:f3:eb:17:1b:
                    de:28:c4:e2:58:af:63:59:48:d8:93:f8:8c:30:5c:
                    90:19:8e:dc:48:4e:19:e4:23:2e:cb:07:c1:12:e7:
                    27:45:77:5f:e4:aa:24:05:34:e8:b8:9f:53:a6:1f:
                    54:46:5d:55:29:3d:5d:82:8a:32:cc:ce:2e:b6:72:
                    bc:3a:4b:e4:82:33:55:1b:f3:e8:de:6e:4f:33:ea:
                    e2:fc:5f:44:de:05:8d:13:91:32:fa:fd:a0:9e:53:
                    4c:c4:b8:36:4c:19:1d:e2:ca:e5:d9:fe:85:cc:35:
                    36:ce:78:4b:90:e1:cd:fb:db:3a:b9:e4:90:3c:d6:
                    f5:26:43:16:dc:59:a0:5f:94:94:ef:b5:72:d8:4a:
                    18:f7:f2:ff:06:ab:2c:90:98:5f:fe:44:1a:9a:e0:
                    de:fa:ea:48:a5:d5:93:f7:52:85:d9:aa:c1:d6:e3:
                    d1:7b:2d:a8:ac:33:6a:e4:1f:dd:00:42:06:25:63:
                    09:97:e6:a3:0f:24:2f:8b:72:ad:1d:77:c7:7e:5e:
                    c1:0b:bd:65:53:40:d6:87:95:f6:57:c7:cb:00:de:
                    28:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:6F:A8:61:60:5E:67:C3:DD:9F:17:E1:6C:B2:41:44:CC:48:9E:39
            X509v3 Authority Key Identifier:
                keyid:2B:A1:CF:D7:57:F5:1F:2F:EB:74:50:9E:9C:39:BE:46:80:6B:E6:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K6HP11f1Hy_rdFCenDm-RoBr5kI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/SG-oYWBeZ8PdnxfhbLJBRMxInjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/K6HP11f1Hy_rdFCenDm-RoBr5kI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.231.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:c9:d7:7b:b2:a6:56:25:26:f3:07:05:be:bd:f8:c8:1f:6d:
         b7:1a:18:3c:d5:df:1e:2c:8c:05:a5:d9:f7:3b:23:50:13:86:
         f1:68:90:95:09:ed:2f:9a:32:d7:57:4c:4f:35:e3:6f:5b:28:
         f6:ea:a7:c4:87:11:0f:b3:f3:b8:76:b2:00:7f:4a:f3:91:6f:
         fe:1c:bb:fa:6c:5a:03:1b:ba:ed:9e:e7:8f:b2:89:d6:ca:f7:
         5e:04:a6:08:1f:7a:9d:08:0d:18:53:c6:70:bb:d7:a2:e3:5d:
         5a:22:bb:8d:5a:62:e4:83:4b:3e:ee:74:9d:eb:d0:b3:ea:2b:
         19:47:bd:6e:ff:cc:e3:44:79:54:3a:6e:5b:aa:50:f9:8f:d2:
         07:22:41:63:aa:b4:cf:a1:5c:26:69:5c:65:07:e3:bd:ac:56:
         82:e6:70:d5:60:46:d9:9f:34:cc:4e:05:54:c1:67:8e:c1:73:
         14:6d:5e:d2:82:11:88:84:49:48:a7:ad:e5:84:d6:d8:a9:60:
         6e:02:a9:74:cc:45:61:dd:1a:76:2b:00:db:00:ad:cc:ad:93:
         c2:41:6f:e2:4f:c1:f5:af:6d:30:46:31:48:49:09:52:a7:b0:
         00:86:db:60:e6:cf:32:90:09:3e:c4:40:4e:70:df:2c:08:df:
         ad:0a:03:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjEqUUnIeSIb0nw4m17SbU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYTFjZmQ3NTdmNTFmMmZlYjc0NTA5ZTljMzliZTQ2ODA2
YmU2NDIwHhcNMjUwODE5MjMyODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODZmYTg2MTYwNWU2N2MzZGQ5ZjE3ZTE2Y2IyNDE0NGNjNDg5ZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXkgu+dLpEB/dAgeJCrtjWH79Wmv
8JLTXRX5CRhRJbzw8t3kYxQ1MvPrFxveKMTiWK9jWUjYk/iMMFyQGY7cSE4Z5CMu
ywfBEucnRXdf5KokBTTouJ9Tph9URl1VKT1dgooyzM4utnK8OkvkgjNVG/Po3m5P
M+ri/F9E3gWNE5Ey+v2gnlNMxLg2TBkd4srl2f6FzDU2znhLkOHN+9s6ueSQPNb1
JkMW3FmgX5SU77Vy2EoY9/L/BqsskJhf/kQamuDe+upIpdWT91KF2arB1uPRey2o
rDNq5B/dAEIGJWMJl+ajDyQvi3KtHXfHfl7BC71lU0DWh5X2V8fLAN4oHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhvqGFgXmfD3Z8X4WyyQUTMSJ45MB8GA1UdIwQY
MBaAFCuhz9dX9R8v63RQnpw5vkaAa+ZCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzZIUDExZjFIeV9yZEZDZW5EbS1Sb0JyNWtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS83NDU5MTAtODZjNi00M2QxLTk3NjUt
NTc4OWRlNDI0YTQyLzEvU0ctb1lXQmVaOFBkbnhmaGJMSkJSTXhJbmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS83NDU5MTAtODZjNi00M2QxLTk3NjUtNTc4OWRlNDI0YTQy
LzEvSzZIUDExZjFIeV9yZEZDZW5EbS1Sb0JyNWtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuc1MA0G
CSqGSIb3DQEBCwUAA4IBAQAZydd7sqZWJSbzBwW+vfjIH223Ghg81d8eLIwFpdn3
OyNQE4bxaJCVCe0vmjLXV0xPNeNvWyj26qfEhxEPs/O4drIAf0rzkW/+HLv6bFoD
G7rtnuePsonWyvdeBKYIH3qdCA0YU8Zwu9ei411aIruNWmLkg0s+7nSd69Cz6isZ
R71u/8zjRHlUOm5bqlD5j9IHIkFjqrTPoVwmaVxlB+O9rFaC5nDVYEbZnzTMTgVU
wWeOwXMUbV7SghGIhElIp63lhNbYqWBuAql0zEVh3Rp2KwDbAK3MrZPCQW/iT8H1
r20wRjFISQlSp7AAhttg5s8ykAk+xEBOcN8sCN+tCgMj
-----END CERTIFICATE-----