Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SX_lnCXyA_VelzYxojdu0_NVJKE.roa
File:                     SX_lnCXyA_VelzYxojdu0_NVJKE.roa (raw, json)
Hash identifier:          TlIta1c5/3+8FG1ZFCaVXaYZ27uKYLydcSBdog054tU=
Subject key identifier:   49:7F:E5:9C:25:F2:03:F5:5E:97:36:31:A2:37:6E:D3:F3:55:24:A1
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E8BE6A32C430D86514929CA232F001AC4
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SX_lnCXyA_VelzYxojdu0_NVJKE.roa
Signing time:             Wed 03 Jun 2026 05:13:28 +0000
ROA not before:           Wed 03 Jun 2026 05:13:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32159
IP address blocks:        151.244.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8b:e6:a3:2c:43:0d:86:51:49:29:ca:23:2f:00:1a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  3 05:13:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=497fe59c25f203f55e973631a2376ed3f35524a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:94:c3:c4:f9:18:24:e3:c9:de:ed:78:92:ce:
                    b6:a1:bd:1b:51:33:45:72:11:d7:9a:d0:18:97:3e:
                    cb:df:14:ec:c8:67:5e:d4:f8:2d:06:c9:75:8f:1d:
                    3b:e3:58:20:1c:5a:17:13:31:59:03:96:88:f1:6b:
                    78:9b:ff:f0:5e:28:a2:b8:b4:5d:e4:f3:95:bd:90:
                    c6:97:94:63:4a:06:59:bf:3d:c9:21:e2:ca:27:eb:
                    c1:06:b9:fc:06:c6:67:0a:9d:0d:a2:0a:14:06:95:
                    48:cd:c4:50:cb:4e:8a:c2:68:cb:2d:cb:d9:c6:2f:
                    53:e8:23:ce:4c:f9:fe:d0:ee:e4:aa:c1:73:88:33:
                    92:75:8c:81:37:7d:6b:a0:b5:8b:bd:3a:e3:1a:c5:
                    ef:57:50:e0:fd:47:eb:2d:98:23:53:fb:bb:e4:13:
                    81:1c:b7:7e:d3:d5:1f:81:41:58:42:e0:8e:a1:cb:
                    7c:31:04:46:c6:f3:c5:df:b1:5f:e2:56:68:1c:3e:
                    b8:ba:d6:e3:43:47:51:b0:fb:f5:11:da:97:eb:6b:
                    54:86:b3:26:d6:42:b1:b9:50:0e:3a:61:39:91:76:
                    3d:63:94:70:27:80:7d:cb:42:c1:53:5c:12:8a:88:
                    1c:04:c2:b8:cf:e4:29:f0:a5:4a:8e:a5:21:92:20:
                    47:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:7F:E5:9C:25:F2:03:F5:5E:97:36:31:A2:37:6E:D3:F3:55:24:A1
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SX_lnCXyA_VelzYxojdu0_NVJKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:47:4e:5e:69:f5:27:d5:bc:77:06:8d:bd:6c:6c:27:cc:b0:
         cd:7a:26:a8:c5:1a:a2:8c:1c:f4:f4:92:12:a1:dd:dd:99:58:
         45:48:47:09:11:a9:d5:56:fb:e3:16:0f:91:29:cb:e4:49:9b:
         63:72:6e:6d:28:35:59:0b:ad:ed:e4:0c:73:16:bc:19:f5:87:
         60:ff:b0:76:e2:6d:af:07:0a:b6:7e:48:0b:3a:07:90:bd:fb:
         12:1d:cd:e0:e8:89:b9:69:46:0e:b7:f2:43:c6:3d:de:90:ab:
         92:d3:e8:f0:ed:b0:5f:fa:9d:a5:38:eb:fb:8f:20:1c:02:4a:
         7d:c6:7c:ac:99:15:b0:40:46:f9:26:a0:a9:21:e6:da:51:49:
         70:1c:d1:89:86:dd:47:39:bd:de:51:07:2a:d3:11:ba:da:e5:
         35:56:82:93:a9:a3:db:92:a3:b4:97:1b:95:40:54:83:28:33:
         03:f5:2c:28:f2:7d:65:b3:64:cb:f3:69:79:ae:c1:5c:77:84:
         8d:f9:0e:f1:9c:5d:9b:b4:21:eb:e5:11:47:19:80:66:d3:05:
         c3:7f:12:81:c6:0f:90:69:9c:8c:33:b3:b2:9b:fc:02:ef:bc:
         c7:d0:f9:30:5c:14:b0:fa:bd:ec:a1:74:1b:2b:13:eb:ab:c7:
         bc:bf:34:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6L5qMsQw2GUUkpyiMvABrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjAzMDUxMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTdmZTU5YzI1ZjIwM2Y1NWU5NzM2MzFhMjM3NmVkM2YzNTUyNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpTDxPkYJOPJ3u14ks62ob0bUTNF
chHXmtAYlz7L3xTsyGde1PgtBsl1jx0741ggHFoXEzFZA5aI8Wt4m//wXiiiuLRd
5POVvZDGl5RjSgZZvz3JIeLKJ+vBBrn8BsZnCp0NogoUBpVIzcRQy06KwmjLLcvZ
xi9T6CPOTPn+0O7kqsFziDOSdYyBN31roLWLvTrjGsXvV1Dg/UfrLZgjU/u75BOB
HLd+09UfgUFYQuCOoct8MQRGxvPF37Ff4lZoHD64utbjQ0dRsPv1EdqX62tUhrMm
1kKxuVAOOmE5kXY9Y5RwJ4B9y0LBU1wSiogcBMK4z+Qp8KVKjqUhkiBH1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEl/5Zwl8gP1Xpc2MaI3btPzVSShMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvU1hfbG5DWHlBX1ZlbHpZeG9qZHUwX05WSktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/TAMA0G
CSqGSIb3DQEBCwUAA4IBAQABR05eafUn1bx3Bo29bGwnzLDNeiaoxRqijBz09JIS
od3dmVhFSEcJEanVVvvjFg+RKcvkSZtjcm5tKDVZC63t5AxzFrwZ9Ydg/7B24m2v
Bwq2fkgLOgeQvfsSHc3g6Im5aUYOt/JDxj3ekKuS0+jw7bBf+p2lOOv7jyAcAkp9
xnysmRWwQEb5JqCpIebaUUlwHNGJht1HOb3eUQcq0xG62uU1VoKTqaPbkqO0lxuV
QFSDKDMD9Swo8n1ls2TL82l5rsFcd4SN+Q7xnF2btCHr5RFHGYBm0wXDfxKBxg+Q
aZyMM7Oym/wC77zH0PkwXBSw+r3soXQbKxPrq8e8vzSl
-----END CERTIFICATE-----