Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/MV4DF158l4IYUxHBlpo0zFgPgt0.roa
File:                     MV4DF158l4IYUxHBlpo0zFgPgt0.roa (raw, json)
Hash identifier:          iL+zjNFFdCbF1gWn8Y75k08Wos9roY1UTL3ECXK8LXU=
Subject key identifier:   31:5E:03:17:5E:7C:97:82:18:53:11:C1:96:9A:34:CC:58:0F:82:DD
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01977933A95C2FB4C8921823808BBE8C9D6E
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/MV4DF158l4IYUxHBlpo0zFgPgt0.roa
Signing time:             Mon 16 Jun 2025 14:45:18 +0000
ROA not before:           Mon 16 Jun 2025 14:45:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48031
IP address blocks:        5.188.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:33:a9:5c:2f:b4:c8:92:18:23:80:8b:be:8c:9d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun 16 14:45:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=315e03175e7c9782185311c1969a34cc580f82dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:71:3e:e8:6a:91:fb:b7:00:f1:21:6c:7e:7e:
                    af:fe:30:7e:13:19:fe:95:4d:e6:59:2a:6b:06:85:
                    6d:5c:e9:ec:e6:da:b3:1f:e2:1f:f9:8f:e8:cc:f5:
                    7d:c1:ee:64:fc:9b:b6:83:f8:5d:14:60:da:a9:f2:
                    2b:48:80:9e:2a:cb:0e:ce:f8:83:8d:e0:e0:67:ff:
                    3b:e5:3d:f4:3e:4c:39:2a:f1:87:c9:17:8c:3c:4a:
                    63:d6:04:15:d5:58:35:cd:13:e3:d7:28:d2:42:94:
                    b6:77:22:c6:31:81:72:e5:99:2b:57:28:99:4a:f2:
                    6e:f8:23:a4:37:9b:68:81:29:e7:71:de:a0:8a:87:
                    a1:53:47:94:f8:f1:8d:27:4f:17:ad:9d:60:32:29:
                    da:46:13:90:bf:4e:54:f6:93:a7:42:0c:4c:b5:e6:
                    7b:a2:20:cb:ee:f5:e9:af:b9:5c:0b:fd:b2:54:dd:
                    b3:bf:7d:72:48:8e:a3:cc:0c:73:74:0e:45:a4:9a:
                    da:c1:5d:a1:69:e8:09:f6:86:f9:12:e9:23:83:1f:
                    5c:94:b3:1f:6e:7f:d7:2d:2d:a2:1a:40:9c:58:fe:
                    db:36:d2:e7:d2:84:e7:11:a0:eb:ad:a9:4d:53:21:
                    fd:c4:dc:d2:59:d2:dc:ce:96:6e:c2:3b:aa:a6:2c:
                    a7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:5E:03:17:5E:7C:97:82:18:53:11:C1:96:9A:34:CC:58:0F:82:DD
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/MV4DF158l4IYUxHBlpo0zFgPgt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:58:0a:e7:b3:cd:84:61:a1:11:02:52:df:2f:1e:30:59:60:
         59:a0:bb:d9:84:4c:b4:b1:63:6e:c6:49:80:96:8e:8b:99:b7:
         43:99:c4:51:3f:27:eb:fb:4c:cb:73:06:99:2c:40:c1:f2:1f:
         be:d9:7c:1b:53:f0:05:e7:da:95:d2:14:a9:12:2a:a1:0c:38:
         8a:38:3f:ac:20:48:52:75:2b:ed:45:b4:c9:63:8b:47:b7:ce:
         d9:23:0c:d5:bb:0f:5c:7f:80:e0:b1:b3:1d:90:34:6f:9c:3b:
         de:65:38:3a:ce:80:74:e5:61:26:54:3c:90:2b:85:e1:8d:a0:
         4e:b2:4b:42:05:38:ed:b5:50:3d:de:a7:21:b5:40:84:a7:6c:
         f0:29:31:fc:88:c4:a6:98:ea:87:ae:d1:a4:d8:98:8d:79:cf:
         ed:71:9c:56:40:70:4c:ed:69:cd:3c:51:2b:d6:05:ec:c7:f0:
         2a:15:18:80:2e:92:54:ea:6c:02:db:a1:c6:4d:b2:1b:fe:b3:
         eb:d3:af:f9:24:d1:3b:19:72:7f:25:29:5d:e6:f4:32:f4:54:
         07:93:37:0b:79:e0:06:e6:bb:08:83:9f:80:f3:30:a8:7b:69:
         59:98:08:04:e1:ba:d5:d7:6b:27:22:a7:6a:36:2b:77:d5:d2:
         32:2a:a6:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd5M6lcL7TIkhgjgIu+jJ1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNjE2MTQ0NTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTVlMDMxNzVlN2M5NzgyMTg1MzExYzE5NjlhMzRjYzU4MGY4MmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXE+6GqR+7cA8SFsfn6v/jB+Exn+
lU3mWSprBoVtXOns5tqzH+If+Y/ozPV9we5k/Ju2g/hdFGDaqfIrSICeKssOzviD
jeDgZ/875T30Pkw5KvGHyReMPEpj1gQV1Vg1zRPj1yjSQpS2dyLGMYFy5ZkrVyiZ
SvJu+COkN5togSnncd6gioehU0eU+PGNJ08XrZ1gMinaRhOQv05U9pOnQgxMteZ7
oiDL7vXpr7lcC/2yVN2zv31ySI6jzAxzdA5FpJrawV2haegJ9ob5Eukjgx9clLMf
bn/XLS2iGkCcWP7bNtLn0oTnEaDrralNUyH9xNzSWdLczpZuwjuqpiyn3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFeAxdefJeCGFMRwZaaNMxYD4LdMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvTVY0REYxNThsNElZVXhIQmxwbzB6RmdQZ3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbw8MA0G
CSqGSIb3DQEBCwUAA4IBAQAvWArns82EYaERAlLfLx4wWWBZoLvZhEy0sWNuxkmA
lo6LmbdDmcRRPyfr+0zLcwaZLEDB8h++2XwbU/AF59qV0hSpEiqhDDiKOD+sIEhS
dSvtRbTJY4tHt87ZIwzVuw9cf4DgsbMdkDRvnDveZTg6zoB05WEmVDyQK4XhjaBO
sktCBTjttVA93qchtUCEp2zwKTH8iMSmmOqHrtGk2JiNec/tcZxWQHBM7WnNPFEr
1gXsx/AqFRiALpJU6mwC26HGTbIb/rPr06/5JNE7GXJ/JSld5vQy9FQHkzcLeeAG
5rsIg5+A8zCoe2lZmAgE4brV12snIqdqNit31dIyKqZf
-----END CERTIFICATE-----