Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/wOXLOc7N2sT7rzZN2fWQJ8T6Dko.roa
File:                     wOXLOc7N2sT7rzZN2fWQJ8T6Dko.roa (raw, json)
Hash identifier:          ms88tJ098YyKEID8bKL0xYP5sO334DuuK9BGlp9R6Ak=
Subject key identifier:   C0:E5:CB:39:CE:CD:DA:C4:FB:AF:36:4D:D9:F5:90:27:C4:FA:0E:4A
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019A01BEA70BD4A3AD0678D73CB9A1A80277
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/wOXLOc7N2sT7rzZN2fWQJ8T6Dko.roa
Signing time:             Mon 20 Oct 2025 13:11:03 +0000
ROA not before:           Mon 20 Oct 2025 13:11:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47193
IP address blocks:        5.188.192.0/22 maxlen: 23
                          5.188.192.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 22:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:be:a7:0b:d4:a3:ad:06:78:d7:3c:b9:a1:a8:02:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Oct 20 13:11:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0e5cb39cecddac4fbaf364dd9f59027c4fa0e4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:af:92:a1:46:b1:2d:92:81:db:dd:b6:26:e2:
                    a1:b0:d5:04:3b:40:e6:ec:52:df:b9:30:9e:a5:f1:
                    a7:7b:d4:5a:e4:9b:71:d6:ac:63:0e:c2:3e:70:74:
                    81:53:78:fa:2e:6a:27:ee:4f:8d:61:ca:23:58:02:
                    cb:69:12:10:53:23:d3:89:0e:df:f2:66:4f:85:4d:
                    f2:39:c4:48:9c:1d:54:38:52:8e:7f:9f:f4:44:17:
                    78:9d:5c:b2:fb:e3:6d:3e:92:e5:5a:92:c3:3c:53:
                    fb:ac:23:61:8e:f2:0d:7a:d6:d4:75:d2:8d:c9:9c:
                    eb:23:1e:21:76:fc:83:fe:98:ff:41:c6:4b:65:21:
                    6c:ae:c1:ea:8f:df:be:02:58:df:8e:bb:66:18:da:
                    6d:45:b7:31:ca:59:d0:e1:99:76:07:99:52:b2:92:
                    81:c4:c5:43:22:d9:6b:5f:84:19:4f:14:7e:c1:a1:
                    93:15:15:7e:f8:29:ae:ae:05:7c:da:82:e2:90:f8:
                    2b:ff:2f:44:2b:93:9b:b3:1a:c0:88:99:5c:0c:15:
                    8b:9f:d9:17:37:31:e6:d9:5c:5c:d4:e0:90:37:ff:
                    5a:07:d4:b7:c8:52:00:00:c6:a5:7b:d6:50:70:08:
                    94:3e:60:fe:91:be:48:3f:b2:2c:0c:ce:1f:e0:79:
                    b9:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:E5:CB:39:CE:CD:DA:C4:FB:AF:36:4D:D9:F5:90:27:C4:FA:0E:4A
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/wOXLOc7N2sT7rzZN2fWQJ8T6Dko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:7d:23:9b:58:f7:78:8c:c8:9d:7c:04:81:0e:f6:13:32:6c:
         e4:a1:50:e4:b8:87:15:d9:fe:e4:68:4a:04:03:e4:cf:d4:83:
         2b:5a:58:38:8e:22:e0:35:f2:3a:08:08:06:17:14:ef:dc:3f:
         2a:ce:af:96:d6:be:32:59:82:bf:d6:8e:62:04:c5:6f:d7:cd:
         9e:7c:5a:14:52:67:ef:89:e6:e6:0c:55:1a:d5:6d:b2:e1:ad:
         73:c9:12:b4:56:1e:22:64:e2:43:36:91:e7:92:bf:64:c0:84:
         97:e6:0d:25:78:7a:da:86:20:6a:f5:ba:b5:ce:89:f6:aa:ae:
         0b:23:88:ab:6c:00:d5:23:fc:2a:3f:7e:8d:ba:81:a8:97:1d:
         41:cb:1a:5a:c4:b6:6a:48:0a:81:4f:ef:46:9f:19:41:75:b0:
         df:ab:fc:0e:20:c0:f0:08:51:a2:6b:e5:89:85:24:62:9f:03:
         b0:a8:96:3a:ed:30:be:ca:3c:e7:2f:74:15:f9:f1:2a:1d:9a:
         ba:38:23:8c:45:ff:d5:f1:13:ff:7f:6b:9e:74:9d:6f:77:93:
         ed:66:85:ab:dc:ca:ad:42:b0:c4:a7:0b:7b:b2:3e:14:84:e7:
         78:88:56:9f:19:27:89:cb:ca:70:3b:80:b4:32:4d:eb:2e:08:
         b4:a5:3a:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoBvqcL1KOtBnjXPLmhqAJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUxMDIwMTMxMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGU1Y2IzOWNlY2RkYWM0ZmJhZjM2NGRkOWY1OTAyN2M0ZmEwZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4q+SoUaxLZKB2922JuKhsNUEO0Dm
7FLfuTCepfGne9Ra5Jtx1qxjDsI+cHSBU3j6Lmon7k+NYcojWALLaRIQUyPTiQ7f
8mZPhU3yOcRInB1UOFKOf5/0RBd4nVyy++NtPpLlWpLDPFP7rCNhjvINetbUddKN
yZzrIx4hdvyD/pj/QcZLZSFsrsHqj9++AljfjrtmGNptRbcxylnQ4Zl2B5lSspKB
xMVDItlrX4QZTxR+waGTFRV++CmurgV82oLikPgr/y9EK5ObsxrAiJlcDBWLn9kX
NzHm2Vxc1OCQN/9aB9S3yFIAAMale9ZQcAiUPmD+kb5IP7IsDM4f4Hm5OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDlyznOzdrE+682Tdn1kCfE+g5KMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvd09YTE9jN04yc1Q3cnpaTjJmV1FKOFQ2RGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbzAMA0G
CSqGSIb3DQEBCwUAA4IBAQAFfSObWPd4jMidfASBDvYTMmzkoVDkuIcV2f7kaEoE
A+TP1IMrWlg4jiLgNfI6CAgGFxTv3D8qzq+W1r4yWYK/1o5iBMVv182efFoUUmfv
iebmDFUa1W2y4a1zyRK0Vh4iZOJDNpHnkr9kwISX5g0leHrahiBq9bq1zon2qq4L
I4irbADVI/wqP36NuoGolx1ByxpaxLZqSAqBT+9GnxlBdbDfq/wOIMDwCFGia+WJ
hSRinwOwqJY67TC+yjznL3QV+fEqHZq6OCOMRf/V8RP/f2uedJ1vd5PtZoWr3Mqt
QrDEpwt7sj4UhOd4iFafGSeJy8pwO4C0Mk3rLgi0pTpU
-----END CERTIFICATE-----