Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ox6BwYAQUNcz0KQLZt-81xUMsLE.roa
File:                     ox6BwYAQUNcz0KQLZt-81xUMsLE.roa (raw, json)
Hash identifier:          3EwMYZ3Z0vyCXEqIkK6tzxQdZcNp7fXnro33vJIjOVE=
Subject key identifier:   A3:1E:81:C1:80:10:50:D7:33:D0:A4:0B:66:DF:BC:D7:15:0C:B0:B1
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0199737EF3DEDE0E77B08F71A392D3D0AAA6
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ox6BwYAQUNcz0KQLZt-81xUMsLE.roa
Signing time:             Mon 22 Sep 2025 22:15:23 +0000
ROA not before:           Mon 22 Sep 2025 22:15:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211673
IP address blocks:        5.181.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:11:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:73:7e:f3:de:de:0e:77:b0:8f:71:a3:92:d3:d0:aa:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Sep 22 22:15:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a31e81c1801050d733d0a40b66dfbcd7150cb0b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:11:49:6a:5a:fa:bb:94:b9:f1:00:df:09:78:
                    77:8f:55:50:c2:29:f6:40:6b:bb:9a:cd:d3:4c:d6:
                    b8:8d:5f:06:2b:17:ca:e5:f3:8e:10:c5:d4:f4:3e:
                    a1:bd:78:d6:71:02:a5:d7:fe:7e:27:e8:1f:21:26:
                    31:a8:6a:06:69:d4:0b:64:e8:36:b0:64:7d:a1:42:
                    68:1f:21:96:5a:7d:d7:b8:64:68:78:db:6d:34:d6:
                    3f:f9:3d:31:11:be:af:9e:35:65:ff:3b:15:cd:ae:
                    2e:9a:1a:2e:18:a4:2c:ad:2a:c6:cc:28:3b:94:f9:
                    ff:7c:7d:0a:7c:ac:11:4f:05:82:58:28:eb:ec:68:
                    58:0f:9f:4a:0f:a5:c2:67:37:2d:2e:4f:7d:bb:82:
                    96:c5:7a:97:2c:2a:b7:93:c1:e6:fb:d2:e0:28:11:
                    b9:19:00:8d:44:bc:19:1e:1c:8e:87:cd:61:e9:e1:
                    4c:3e:02:9c:9a:c4:8a:7a:5c:f2:53:26:6a:ec:84:
                    79:b1:b1:73:a9:cd:6c:e2:1f:16:40:e9:44:0a:91:
                    56:35:e5:23:49:82:53:64:a0:39:68:cd:5f:f0:d5:
                    96:82:2b:78:f2:54:03:db:dd:de:c1:dd:f0:99:07:
                    8f:26:3b:75:ac:b5:ba:ee:c1:26:4e:c9:0e:e2:d5:
                    68:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:1E:81:C1:80:10:50:D7:33:D0:A4:0B:66:DF:BC:D7:15:0C:B0:B1
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ox6BwYAQUNcz0KQLZt-81xUMsLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ce:fa:2c:75:78:b0:9d:a0:3c:bf:a9:89:37:d5:34:70:60:
         e5:ec:88:63:fe:d0:1d:25:df:20:0b:25:d0:45:c6:41:aa:36:
         99:06:10:11:31:a8:7b:19:79:5d:9d:c3:a8:76:b7:35:6e:b7:
         4f:ac:f1:65:ea:9f:0e:92:27:fb:e9:a3:ea:cb:13:07:0b:ec:
         7c:7a:3c:df:7e:7a:e9:6b:8a:15:ac:43:1f:e7:76:da:0c:d1:
         3e:69:c6:40:32:2e:c8:a0:1e:28:ef:06:d0:8a:a2:e1:80:6b:
         bd:16:b8:cf:7c:b2:db:1b:4a:ed:e1:d3:27:fb:55:82:83:83:
         6b:b6:34:49:7f:9c:ec:27:0a:44:ce:24:26:4f:e3:f0:df:4f:
         af:89:2e:40:7a:b6:f1:0d:ec:03:9e:23:cb:f0:5c:40:cf:91:
         47:1d:7a:8c:fa:6a:a0:cd:a1:54:e3:d6:da:50:22:35:96:18:
         7d:6b:8f:74:bf:93:36:c3:4e:60:9c:71:2e:fb:f5:fb:03:a6:
         ab:5c:ae:63:66:cf:82:d5:30:53:75:6e:2f:14:fc:3d:14:05:
         c2:77:3d:ae:bc:ab:cb:64:2f:d4:75:d2:71:a8:ec:a5:e4:bb:
         d8:cb:7f:f6:b6:12:15:11:81:81:44:75:50:cd:ef:8d:b5:be:
         84:ad:11:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlzfvPe3g53sI9xo5LT0KqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwOTIyMjIxNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzFlODFjMTgwMTA1MGQ3MzNkMGE0MGI2NmRmYmNkNzE1MGNiMGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRFJalr6u5S58QDfCXh3j1VQwin2
QGu7ms3TTNa4jV8GKxfK5fOOEMXU9D6hvXjWcQKl1/5+J+gfISYxqGoGadQLZOg2
sGR9oUJoHyGWWn3XuGRoeNttNNY/+T0xEb6vnjVl/zsVza4umhouGKQsrSrGzCg7
lPn/fH0KfKwRTwWCWCjr7GhYD59KD6XCZzctLk99u4KWxXqXLCq3k8Hm+9LgKBG5
GQCNRLwZHhyOh81h6eFMPgKcmsSKelzyUyZq7IR5sbFzqc1s4h8WQOlECpFWNeUj
SYJTZKA5aM1f8NWWgit48lQD293ewd3wmQePJjt1rLW67sEmTskO4tVojwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMegcGAEFDXM9CkC2bfvNcVDLCxMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvb3g2QndZQVFVTmN6MEtRTFp0LTgxeFVNc0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbW1MA0G
CSqGSIb3DQEBCwUAA4IBAQBMzvosdXiwnaA8v6mJN9U0cGDl7Ihj/tAdJd8gCyXQ
RcZBqjaZBhARMah7GXldncOodrc1brdPrPFl6p8Okif76aPqyxMHC+x8ejzffnrp
a4oVrEMf53baDNE+acZAMi7IoB4o7wbQiqLhgGu9FrjPfLLbG0rt4dMn+1WCg4Nr
tjRJf5zsJwpEziQmT+Pw30+viS5AerbxDewDniPL8FxAz5FHHXqM+mqgzaFU49ba
UCI1lhh9a490v5M2w05gnHEu+/X7A6arXK5jZs+C1TBTdW4vFPw9FAXCdz2uvKvL
ZC/UddJxqOyl5LvYy3/2thIVEYGBRHVQze+Ntb6ErRGr
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:28:24 2025 by rpki-client