Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/uVImdG6SGy00vV2ZDhkxBbTSAlo.roa
File:                     uVImdG6SGy00vV2ZDhkxBbTSAlo.roa (raw, json)
Hash identifier:          7oJKu4u7Q+LFW3rQfXclVNbOcIliWInIzSpvQPsxPTE=
Subject key identifier:   B9:52:26:74:6E:92:1B:2D:34:BD:5D:99:0E:19:31:05:B4:D2:02:5A
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019C040338F45EFC7C9E289906AC84A3ADD1
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/uVImdG6SGy00vV2ZDhkxBbTSAlo.roa
Signing time:             Wed 28 Jan 2026 09:50:45 +0000
ROA not before:           Wed 28 Jan 2026 09:50:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273295
IP address blocks:        45.133.60.0/23 maxlen: 23
                          45.142.42.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:04:03:38:f4:5e:fc:7c:9e:28:99:06:ac:84:a3:ad:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan 28 09:50:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b95226746e921b2d34bd5d990e193105b4d2025a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a7:24:54:75:c9:b4:04:7e:dc:00:43:6c:6b:
                    a4:19:65:2b:b5:e3:57:85:83:41:b6:ea:d1:1f:2a:
                    fd:20:c7:3c:ea:24:8f:34:c1:09:9f:e6:8e:52:bb:
                    97:37:e5:97:8d:03:d5:76:ef:a3:c0:6b:06:45:93:
                    b0:4c:63:20:ac:e5:df:f5:81:41:4a:2e:6a:05:16:
                    6a:be:b5:12:a7:3f:93:d5:3e:19:0d:eb:ea:57:61:
                    f2:b7:8a:85:2b:b5:5a:d2:52:34:0f:a1:fc:a9:fe:
                    14:2b:1d:e9:c1:de:a4:8d:7f:67:c5:c8:a5:31:07:
                    f1:c6:9b:b7:b0:f3:1b:ea:ee:e1:83:27:ba:e4:b2:
                    15:b7:dc:27:ea:2c:fc:df:de:b5:14:3e:41:18:ba:
                    06:22:8c:74:46:c3:bf:df:d4:ea:f9:d3:78:2f:30:
                    7a:61:68:67:95:6d:7f:95:60:c9:12:e4:e2:bf:28:
                    52:c2:76:62:16:48:e7:c0:03:b2:3d:6c:44:6f:f8:
                    bf:eb:25:5a:60:0c:5c:f9:38:4f:a0:88:4e:62:3e:
                    9c:50:4a:4f:45:66:10:32:4a:42:39:13:68:04:d2:
                    d8:ed:8c:8e:b9:ed:b6:b0:79:d7:d3:43:79:27:7e:
                    90:1f:33:73:2d:c8:75:de:07:4e:45:ac:e3:cc:7f:
                    ab:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:52:26:74:6E:92:1B:2D:34:BD:5D:99:0E:19:31:05:B4:D2:02:5A
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/uVImdG6SGy00vV2ZDhkxBbTSAlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.60.0/23
                  45.142.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:59:e0:3b:e8:a2:ab:8f:a3:03:88:e2:93:da:a0:32:38:60:
         63:52:ce:fe:1e:38:8d:6a:ea:6b:12:d8:bc:6a:8d:11:5e:4a:
         c2:8f:35:2a:fe:45:16:89:d4:5b:f4:18:11:3e:7e:0a:6c:e0:
         4c:e4:3e:ff:1d:36:80:ca:3e:7b:da:c4:83:7f:f4:b8:c6:32:
         94:09:91:8a:3a:aa:ef:ad:fa:c4:61:5d:81:32:05:a5:cc:6e:
         20:86:98:82:d3:7e:14:23:67:67:9a:41:26:5e:44:88:35:c2:
         74:8f:6d:1a:d1:9d:b3:11:0c:cb:29:ea:40:07:2d:08:09:91:
         9e:30:d0:b6:7f:6e:ef:22:a3:c9:0a:50:12:18:d5:fe:e6:ed:
         64:40:7e:c1:03:90:90:8a:4f:6a:69:a6:b8:a1:37:26:fa:4a:
         f8:f4:66:68:9c:fe:e8:d6:04:44:59:30:60:7b:dc:60:c7:66:
         22:ba:00:f5:a7:31:27:46:e6:7a:eb:e8:d5:f4:67:d6:13:0a:
         d3:28:79:81:a5:dd:9d:00:94:12:1d:d0:c0:b4:44:0e:2a:44:
         31:b2:b2:30:8b:48:88:fc:0e:33:9f:da:52:72:e9:61:fe:ea:
         be:7f:19:91:d3:39:fb:c1:d1:71:7c:0f:ba:7f:41:0c:86:57:
         f0:d6:0b:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwEAzj0Xvx8niiZBqyEo63RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMTI4MDk1MDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTUyMjY3NDZlOTIxYjJkMzRiZDVkOTkwZTE5MzEwNWI0ZDIwMjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6ckVHXJtAR+3ABDbGukGWUrteNX
hYNBturRHyr9IMc86iSPNMEJn+aOUruXN+WXjQPVdu+jwGsGRZOwTGMgrOXf9YFB
Si5qBRZqvrUSpz+T1T4ZDevqV2Hyt4qFK7Va0lI0D6H8qf4UKx3pwd6kjX9nxcil
MQfxxpu3sPMb6u7hgye65LIVt9wn6iz83961FD5BGLoGIox0RsO/39Tq+dN4LzB6
YWhnlW1/lWDJEuTivyhSwnZiFkjnwAOyPWxEb/i/6yVaYAxc+ThPoIhOYj6cUEpP
RWYQMkpCORNoBNLY7YyOue22sHnX00N5J36QHzNzLch13gdORazjzH+rbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLlSJnRukhstNL1dmQ4ZMQW00gJaMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvdVZJbWRHNlNHeTAwdlYyWkRoa3hCYlRTQWxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLYU8AwQB
LY4qMA0GCSqGSIb3DQEBCwUAA4IBAQCAWeA76KKrj6MDiOKT2qAyOGBjUs7+HjiN
auprEti8ao0RXkrCjzUq/kUWidRb9BgRPn4KbOBM5D7/HTaAyj572sSDf/S4xjKU
CZGKOqrvrfrEYV2BMgWlzG4ghpiC034UI2dnmkEmXkSINcJ0j20a0Z2zEQzLKepA
By0ICZGeMNC2f27vIqPJClASGNX+5u1kQH7BA5CQik9qaaa4oTcm+kr49GZonP7o
1gREWTBge9xgx2YiugD1pzEnRuZ66+jV9GfWEwrTKHmBpd2dAJQSHdDAtEQOKkQx
srIwi0iI/A4zn9pSculh/uq+fxmR0zn7wdFxfA+6f0EMhlfw1gsJ
-----END CERTIFICATE-----