Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Larc1jhgynoPgv6DlLHGr9Q0uzo.roa
File:                     Larc1jhgynoPgv6DlLHGr9Q0uzo.roa (raw, json)
Hash identifier:          0z0i8pM+ah/YnFboxG8FrFoOx7hByeWqRwemSEJdbT4=
Subject key identifier:   2D:AA:DC:D6:38:60:CA:7A:0F:82:FE:83:94:B1:C6:AF:D4:34:BB:3A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019A07995FBEBE4632B1D2D967357CA567F4
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Larc1jhgynoPgv6DlLHGr9Q0uzo.roa
Signing time:             Tue 21 Oct 2025 16:28:03 +0000
ROA not before:           Tue 21 Oct 2025 16:28:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        5.181.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:18:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:99:5f:be:be:46:32:b1:d2:d9:67:35:7c:a5:67:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Oct 21 16:28:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2daadcd63860ca7a0f82fe8394b1c6afd434bb3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3e:81:0f:98:ef:78:c3:75:7e:78:a1:90:40:
                    c9:c0:bb:2f:c5:69:e3:33:94:51:75:38:08:4c:1c:
                    90:6c:5e:d4:e9:be:c7:e3:5c:ac:84:f6:40:c3:8d:
                    aa:4f:bc:e1:51:83:86:9c:c8:f8:92:54:20:95:5b:
                    02:a0:b7:42:57:45:44:f3:40:aa:50:4a:50:bb:c5:
                    99:42:a3:35:26:73:b4:9a:cb:43:bc:42:0a:05:ce:
                    5c:f5:be:c5:ce:c3:f3:47:e8:33:bd:b4:14:5d:91:
                    ef:46:35:6f:6e:71:b6:26:7d:dd:3e:0a:a9:1f:f1:
                    99:2a:ac:5c:62:9a:a4:bf:01:90:ad:c0:7f:53:68:
                    ba:f7:71:47:db:0a:69:ed:ca:7e:c2:2c:bd:9d:bf:
                    68:14:10:14:b4:df:11:7d:2c:d9:be:1a:24:96:6c:
                    11:7a:8f:e3:63:d6:bb:71:43:e2:58:5a:e4:e3:87:
                    a9:26:2b:a2:0a:ad:ea:5e:97:41:bd:6d:2f:30:33:
                    03:c2:8b:96:bd:8f:38:df:de:96:cc:a0:86:aa:97:
                    6b:f1:21:11:1e:41:d9:74:af:2d:12:c3:51:fb:e1:
                    53:b6:fb:0e:17:9a:6c:18:6c:e5:4d:13:1d:a6:10:
                    96:d8:cb:73:84:03:59:5a:a9:51:df:d4:bc:a4:33:
                    7f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:AA:DC:D6:38:60:CA:7A:0F:82:FE:83:94:B1:C6:AF:D4:34:BB:3A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Larc1jhgynoPgv6DlLHGr9Q0uzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:3a:76:fa:f2:fb:5a:75:f1:41:64:d9:4c:0b:d0:9f:1b:7c:
         a9:a0:56:2d:02:4f:99:ea:ce:48:03:59:a3:d5:9c:dc:64:82:
         8d:43:4d:60:12:9a:2d:f9:29:c6:4a:d0:b6:8e:3e:cf:f7:b7:
         e1:22:9c:ab:71:22:69:ab:e3:8d:97:bc:6d:b3:5b:99:f9:51:
         2d:4b:fb:92:cc:0a:19:03:8a:93:55:d1:0a:d4:b4:01:74:60:
         1b:82:5a:f5:bf:e1:37:dd:ff:db:b3:21:41:96:2c:4e:54:6e:
         12:09:9d:2d:0c:a7:e6:30:d2:c1:b9:9d:bf:12:c4:19:5c:87:
         ec:42:de:44:b9:52:bc:23:8f:2a:00:1d:21:b9:ca:5f:5f:66:
         e5:47:24:53:da:23:fc:f4:72:be:60:d9:cd:32:c9:00:ed:bd:
         b1:a5:d2:e4:ab:9b:82:37:25:17:5f:3a:cc:78:cc:25:34:cb:
         23:25:0c:94:dc:6f:4b:1c:26:ee:b8:92:8e:5d:f7:5a:56:8a:
         fd:cf:b5:46:55:02:60:98:6e:9f:b2:ba:84:31:d6:f4:f3:2f:
         df:81:26:60:62:90:b9:bc:e6:2f:f0:c4:f3:86:5e:e6:94:21:
         5f:7d:f1:fd:ee:e6:34:94:8e:b1:0b:0a:63:6a:94:cf:9a:a9:
         2c:d2:a0:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoHmV++vkYysdLZZzV8pWf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMDIxMTYyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGFhZGNkNjM4NjBjYTdhMGY4MmZlODM5NGIxYzZhZmQ0MzRiYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArj6BD5jveMN1fnihkEDJwLsvxWnj
M5RRdTgITByQbF7U6b7H41yshPZAw42qT7zhUYOGnMj4klQglVsCoLdCV0VE80Cq
UEpQu8WZQqM1JnO0mstDvEIKBc5c9b7FzsPzR+gzvbQUXZHvRjVvbnG2Jn3dPgqp
H/GZKqxcYpqkvwGQrcB/U2i693FH2wpp7cp+wiy9nb9oFBAUtN8RfSzZvhoklmwR
eo/jY9a7cUPiWFrk44epJiuiCq3qXpdBvW0vMDMDwouWvY84396WzKCGqpdr8SER
HkHZdK8tEsNR++FTtvsOF5psGGzlTRMdphCW2MtzhANZWqlR39S8pDN/FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2q3NY4YMp6D4L+g5Sxxq/UNLs6MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTGFyYzFqaGd5bm9QZ3Y2RGxMSEdyOVEwdXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbW0MA0G
CSqGSIb3DQEBCwUAA4IBAQCkOnb68vtadfFBZNlMC9CfG3ypoFYtAk+Z6s5IA1mj
1ZzcZIKNQ01gEpot+SnGStC2jj7P97fhIpyrcSJpq+ONl7xts1uZ+VEtS/uSzAoZ
A4qTVdEK1LQBdGAbglr1v+E33f/bsyFBlixOVG4SCZ0tDKfmMNLBuZ2/EsQZXIfs
Qt5EuVK8I48qAB0hucpfX2blRyRT2iP89HK+YNnNMskA7b2xpdLkq5uCNyUXXzrM
eMwlNMsjJQyU3G9LHCbuuJKOXfdaVor9z7VGVQJgmG6fsrqEMdb08y/fgSZgYpC5
vOYv8MTzhl7mlCFfffH97uY0lI6xCwpjapTPmqks0qCk
-----END CERTIFICATE-----