Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Rv9byLyAANixWCgCUXjHpZ6aEHI.roa
File:                     Rv9byLyAANixWCgCUXjHpZ6aEHI.roa (raw, json)
Hash identifier:          dUxDlVXFNHrkbw32Xuvm49F47rpkPwizdv/vVaG834c=
Subject key identifier:   46:FF:5B:C8:BC:80:00:D8:B1:58:28:02:51:78:C7:A5:9E:9A:10:72
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E9F14581244C03D95F1F9AE8304C93BC7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Rv9byLyAANixWCgCUXjHpZ6aEHI.roa
Signing time:             Sat 06 Jun 2026 22:36:11 +0000
ROA not before:           Sat 06 Jun 2026 22:36:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36352
IP address blocks:        5.181.182.0/24 maxlen: 24
                          31.77.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9f:14:58:12:44:c0:3d:95:f1:f9:ae:83:04:c9:3b:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  6 22:36:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46ff5bc8bc8000d8b15828025178c7a59e9a1072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:00:91:d0:09:a9:b7:a2:6b:c3:84:65:bd:ca:
                    03:54:5a:19:2b:dd:a5:a7:9f:f2:75:c9:d4:51:6b:
                    00:b9:ce:0f:82:27:6b:9e:1e:4e:ec:c8:48:75:78:
                    5c:d7:d5:5e:29:1e:9e:29:f8:a9:6f:57:5d:24:8f:
                    bd:c8:43:8a:39:28:15:14:83:f1:d6:6a:20:6d:80:
                    93:0a:60:ed:31:a6:f3:ac:cd:63:f7:52:78:35:f7:
                    1f:ba:fa:9a:04:1d:55:bd:fe:3b:b7:52:ae:76:86:
                    f7:1f:7e:fc:96:15:5a:7d:c1:79:08:7e:60:25:0d:
                    f9:71:57:46:b1:0d:3e:3c:90:a6:ff:1e:6e:86:0a:
                    e7:62:38:86:e0:59:cf:80:21:1e:d2:cd:e9:2e:a9:
                    4c:c4:bc:37:c6:bb:d8:e0:53:c8:40:12:c0:40:a9:
                    a6:56:37:c9:32:09:0d:af:dc:75:5c:4e:71:fb:43:
                    07:25:4c:08:38:13:fe:7b:b2:58:4d:b4:fe:68:9e:
                    3e:b8:4b:ae:c2:f3:5e:71:d0:b6:3e:28:ff:58:3e:
                    e3:48:04:f1:43:50:0d:97:84:fc:7f:c9:2e:2e:44:
                    e5:aa:84:11:54:af:b2:3c:3a:34:3e:89:44:77:f8:
                    c9:e0:a0:d1:5b:35:38:5b:eb:48:5d:6f:e3:ad:6a:
                    b9:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:FF:5B:C8:BC:80:00:D8:B1:58:28:02:51:78:C7:A5:9E:9A:10:72
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Rv9byLyAANixWCgCUXjHpZ6aEHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.182.0/24
                  31.77.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:dd:f7:8c:18:75:9c:80:ea:5f:f3:a3:7b:6c:fe:d5:d6:83:
         11:ba:3b:75:af:e1:09:54:9c:c7:5b:fb:26:07:84:8d:ca:7e:
         98:6c:51:9a:64:9b:eb:74:c1:d7:ba:ff:67:da:a2:b9:bb:21:
         1f:b1:a8:18:32:79:a9:30:ad:94:a2:51:e3:dd:7a:ac:93:23:
         db:53:7f:b3:4c:e6:6e:f6:63:88:da:88:48:5d:e2:8b:da:87:
         b4:8d:b8:ce:15:64:30:fd:61:1a:3e:78:d0:5e:91:ae:b9:f6:
         79:a0:c2:3d:ff:eb:25:61:e2:ae:bf:e7:fb:6b:66:e8:b9:57:
         11:6d:42:19:d6:07:d7:fd:50:27:a1:02:b2:22:4c:ec:05:c4:
         d3:2e:e2:94:4b:f4:1e:66:ff:2e:4c:47:ec:d2:1d:33:e3:dc:
         f1:1a:42:30:ea:42:a7:ba:88:61:0d:ed:a3:59:eb:58:6b:f7:
         40:f5:55:2a:a7:ea:77:87:66:68:bc:51:ef:5f:12:19:70:7d:
         00:8c:73:05:f9:75:1b:44:d7:d0:a0:64:50:02:42:8a:a4:c6:
         bb:67:b2:b6:7d:07:4c:81:d1:62:ba:30:09:b4:51:c0:31:20:
         11:e6:29:c6:07:11:e2:1a:c0:2c:21:de:df:86:f7:a8:86:29:
         6a:0d:bc:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6fFFgSRMA9lfH5roMEyTvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA2MjIzNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmZmNWJjOGJjODAwMGQ4YjE1ODI4MDI1MTc4YzdhNTllOWExMDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgCR0Ampt6Jrw4RlvcoDVFoZK92l
p5/ydcnUUWsAuc4Pgidrnh5O7MhIdXhc19VeKR6eKfipb1ddJI+9yEOKOSgVFIPx
1mogbYCTCmDtMabzrM1j91J4NfcfuvqaBB1Vvf47t1Kudob3H378lhVafcF5CH5g
JQ35cVdGsQ0+PJCm/x5uhgrnYjiG4FnPgCEe0s3pLqlMxLw3xrvY4FPIQBLAQKmm
VjfJMgkNr9x1XE5x+0MHJUwIOBP+e7JYTbT+aJ4+uEuuwvNecdC2Pij/WD7jSATx
Q1ANl4T8f8kuLkTlqoQRVK+yPDo0PolEd/jJ4KDRWzU4W+tIXW/jrWq5vwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEb/W8i8gADYsVgoAlF4x6WemhByMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUnY5YnlMeUFBTml4V0NnQ1VYakhwWjZhRUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbW2AwQA
H03IMA0GCSqGSIb3DQEBCwUAA4IBAQAo3feMGHWcgOpf86N7bP7V1oMRujt1r+EJ
VJzHW/smB4SNyn6YbFGaZJvrdMHXuv9n2qK5uyEfsagYMnmpMK2UolHj3XqskyPb
U3+zTOZu9mOI2ohIXeKL2oe0jbjOFWQw/WEaPnjQXpGuufZ5oMI9/+slYeKuv+f7
a2bouVcRbUIZ1gfX/VAnoQKyIkzsBcTTLuKUS/QeZv8uTEfs0h0z49zxGkIw6kKn
uohhDe2jWetYa/dA9VUqp+p3h2ZovFHvXxIZcH0AjHMF+XUbRNfQoGRQAkKKpMa7
Z7K2fQdMgdFiujAJtFHAMSAR5inGBxHiGsAsId7fhveohilqDbyH
-----END CERTIFICATE-----