Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/5PohA0NjkPZzvGOYRcjWmVkj83I.roa
File:                     5PohA0NjkPZzvGOYRcjWmVkj83I.roa (raw, json)
Hash identifier:          J9FfMP4QwkroTh052Ti0dpL8XgqZSMBTm6kSFOohg+8=
Subject key identifier:   E4:FA:21:03:43:63:90:F6:73:BC:63:98:45:C8:D6:99:59:23:F3:72
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01973FAF3B202ED28B07772AB1E3814C82E2
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/5PohA0NjkPZzvGOYRcjWmVkj83I.roa
Signing time:             Thu 05 Jun 2025 10:42:17 +0000
ROA not before:           Thu 05 Jun 2025 10:42:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48031
IP address blocks:        5.188.48.0/23 maxlen: 23
                          5.188.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:af:3b:20:2e:d2:8b:07:77:2a:b1:e3:81:4c:82:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun  5 10:42:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4fa2103436390f673bc639845c8d6995923f372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f5:17:50:f9:df:37:0c:f9:46:ce:d6:37:0d:
                    82:f4:3a:8c:73:4b:02:aa:39:d1:58:2d:f4:76:3e:
                    ca:49:74:28:07:f2:8e:ff:69:0e:b9:63:0c:77:30:
                    3a:c8:05:64:b3:59:a7:a7:b8:7b:8d:d4:70:41:e5:
                    2c:49:2b:bb:e7:af:e2:c9:58:1c:e5:a6:da:b3:0b:
                    c2:24:37:1c:a8:c9:20:cb:38:c4:76:39:33:14:8d:
                    d6:a3:d0:ea:6b:63:0c:cc:b2:09:23:a9:7b:84:82:
                    11:7f:11:ed:e8:81:39:e1:13:c1:41:da:0d:16:4d:
                    06:fc:22:b2:43:23:00:a9:1f:e1:1c:94:e1:f0:66:
                    3c:74:f5:d8:54:d8:15:a6:9e:b0:e2:f7:b9:e0:8d:
                    f5:83:df:22:44:ff:c6:e6:9b:f7:78:ff:dc:87:8b:
                    14:8a:30:2f:77:a4:ee:79:35:f9:94:20:4d:83:d9:
                    83:1a:4b:25:8c:93:9d:e6:7e:6a:61:a8:04:a5:0f:
                    c4:95:7d:6e:14:a3:3c:ef:24:85:d1:29:1c:d6:25:
                    b5:19:8c:79:27:20:9d:d7:1f:f3:5c:af:f2:6f:c1:
                    f6:6d:11:fa:dd:a6:0a:00:f9:aa:19:96:89:b3:a5:
                    61:57:e0:25:bd:26:b5:fe:4d:50:70:12:9d:7d:03:
                    b1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:FA:21:03:43:63:90:F6:73:BC:63:98:45:C8:D6:99:59:23:F3:72
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/5PohA0NjkPZzvGOYRcjWmVkj83I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.48.0/23
                  5.188.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d2:57:6a:b7:80:92:f1:99:37:eb:9a:90:4e:02:8a:64:29:88:
         87:a4:88:9e:29:df:99:e7:fd:58:eb:86:f9:1c:61:68:11:9b:
         cb:4d:0e:9c:de:32:ab:e7:c1:87:dc:27:40:e9:c4:27:32:67:
         8f:4b:fe:4d:31:cc:b8:f8:7d:d9:f8:2d:c0:90:09:7b:89:6c:
         c9:bf:47:ae:e6:06:78:39:33:76:42:8f:5f:b6:e2:3d:6d:84:
         a1:ca:e4:dd:32:fc:a5:f9:2d:80:60:57:c6:c6:13:85:b8:dc:
         a3:34:fa:d4:ee:c6:53:34:1d:e0:b5:db:05:f6:fe:8f:ce:1d:
         df:32:f5:fa:e8:69:4a:cc:24:43:ca:25:fe:30:6d:4d:90:c8:
         63:fd:43:f3:3e:8e:9c:83:da:86:91:45:38:df:bc:c3:d4:a0:
         b9:62:d1:10:e4:75:a6:33:1c:fd:27:49:0e:58:c0:76:fb:4b:
         53:0b:d9:db:cf:07:c9:38:fc:e7:2f:15:55:9b:e3:4c:6b:65:
         eb:22:7c:7b:5d:85:83:24:9a:df:48:8e:ef:dc:5e:23:58:22:
         30:de:d6:5d:e2:ac:c7:c3:a5:d0:c0:28:20:3f:c7:ff:26:e5:
         07:0b:3e:99:63:37:d5:42:00:4d:74:67:a3:e0:73:2c:60:30:
         22:0e:65:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZc/rzsgLtKLB3cqseOBTILiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNjA1MTA0MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGZhMjEwMzQzNjM5MGY2NzNiYzYzOTg0NWM4ZDY5OTU5MjNmMzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fUXUPnfNwz5Rs7WNw2C9DqMc0sC
qjnRWC30dj7KSXQoB/KO/2kOuWMMdzA6yAVks1mnp7h7jdRwQeUsSSu756/iyVgc
5abaswvCJDccqMkgyzjEdjkzFI3Wo9Dqa2MMzLIJI6l7hIIRfxHt6IE54RPBQdoN
Fk0G/CKyQyMAqR/hHJTh8GY8dPXYVNgVpp6w4ve54I31g98iRP/G5pv3eP/ch4sU
ijAvd6TueTX5lCBNg9mDGksljJOd5n5qYagEpQ/ElX1uFKM87ySF0Skc1iW1GYx5
JyCd1x/zXK/yb8H2bRH63aYKAPmqGZaJs6VhV+AlvSa1/k1QcBKdfQOxhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOT6IQNDY5D2c7xjmEXI1plZI/NyMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvNVBvaEEwTmprUFp6dkdPWVJjaldtVmtqODNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBbwwAwQB
Bbw8MA0GCSqGSIb3DQEBCwUAA4IBAQDSV2q3gJLxmTfrmpBOAopkKYiHpIieKd+Z
5/1Y64b5HGFoEZvLTQ6c3jKr58GH3CdA6cQnMmePS/5NMcy4+H3Z+C3AkAl7iWzJ
v0eu5gZ4OTN2Qo9ftuI9bYShyuTdMvyl+S2AYFfGxhOFuNyjNPrU7sZTNB3gtdsF
9v6Pzh3fMvX66GlKzCRDyiX+MG1NkMhj/UPzPo6cg9qGkUU437zD1KC5YtEQ5HWm
Mxz9J0kOWMB2+0tTC9nbzwfJOPznLxVVm+NMa2XrInx7XYWDJJrfSI7v3F4jWCIw
3tZd4qzHw6XQwCggP8f/JuUHCz6ZYzfVQgBNdGej4HMsYDAiDmVm
-----END CERTIFICATE-----