Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6H1flwbTiSqqLW_ttNbIGSUx5SM.roa
File:                     6H1flwbTiSqqLW_ttNbIGSUx5SM.roa (raw, json)
Hash identifier:          nYVToy2hta+H7lyAezAfs9owBDr5yg5qh/bnx+irYUs=
Subject key identifier:   E8:7D:5F:97:06:D3:89:2A:AA:2D:6F:ED:B4:D6:C8:19:25:31:E5:23
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01973FAF3C316A33766C86D597CB22FB4A39
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6H1flwbTiSqqLW_ttNbIGSUx5SM.roa
Signing time:             Thu 05 Jun 2025 10:42:18 +0000
ROA not before:           Thu 05 Jun 2025 10:42:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59729
IP address blocks:        5.188.48.0/23 maxlen: 23
                          5.188.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:af:3c:31:6a:33:76:6c:86:d5:97:cb:22:fb:4a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun  5 10:42:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e87d5f9706d3892aaa2d6fedb4d6c8192531e523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:95:b1:68:60:d2:f9:78:39:71:ce:5d:99:f6:
                    08:f7:2e:9f:78:52:08:a2:45:99:19:1f:f7:1e:8a:
                    f0:92:79:26:de:81:f1:da:8d:94:9c:57:1f:77:75:
                    7c:40:33:36:86:b0:f5:3d:f7:01:a1:14:69:22:ca:
                    67:74:45:2f:f2:f3:0e:4a:34:ad:b1:f4:01:07:39:
                    ca:25:b4:91:0b:45:64:fb:ae:e5:b7:fe:39:54:c9:
                    d5:7b:c6:23:88:75:63:67:7c:e4:b2:55:1e:fe:df:
                    34:87:cd:b4:55:9e:12:6c:3f:30:a3:b6:aa:0b:12:
                    34:0b:54:64:21:10:c5:79:63:96:76:45:31:fa:de:
                    8b:14:9e:02:5e:b6:38:17:69:fd:fb:f0:8c:c6:5d:
                    70:ab:ad:9e:5c:f2:c8:cb:6e:91:d3:fa:4c:43:71:
                    42:bd:dc:64:3f:66:26:fd:5c:af:36:90:27:8b:f6:
                    d8:be:86:39:cf:91:36:e1:d8:01:72:0b:74:16:04:
                    98:0d:aa:ce:d9:97:e3:f0:53:ac:82:8c:30:92:c8:
                    5c:b6:e0:59:27:52:74:b5:73:6a:be:6a:60:55:87:
                    69:0c:ab:a2:46:e9:dc:e2:46:0a:a1:b4:b7:32:1d:
                    87:f6:53:8b:8a:6c:80:f1:bd:f9:73:e8:4c:f1:0d:
                    8f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:7D:5F:97:06:D3:89:2A:AA:2D:6F:ED:B4:D6:C8:19:25:31:E5:23
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6H1flwbTiSqqLW_ttNbIGSUx5SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.48.0/23
                  5.188.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:95:c0:79:2d:d3:58:d9:b9:04:71:ac:96:ee:15:72:ce:c5:
         41:44:85:23:a0:21:b2:58:fc:90:e1:10:c5:80:8d:52:46:ed:
         ca:88:00:bd:31:06:42:ac:6f:e7:b8:e4:69:00:d5:40:5e:15:
         ce:84:0c:1c:10:cc:98:2c:c5:0b:bc:0e:49:7e:fa:7d:a2:64:
         1e:29:71:68:04:ee:ea:81:51:fa:a7:1d:e9:96:e1:f0:80:38:
         89:6c:49:71:f3:b4:a8:9c:f4:74:fc:e4:b7:82:6d:17:26:16:
         21:a6:91:2a:0e:b4:1a:7e:27:08:03:07:53:0a:c3:6f:17:44:
         99:8a:e6:63:b7:06:ee:be:75:63:97:2b:13:6a:0e:f3:b5:ee:
         41:51:92:a4:d2:9b:10:93:cc:60:0a:ba:82:e3:45:d9:2b:45:
         d1:e9:0a:27:86:5e:5d:9f:dc:44:f7:b5:ba:cc:ec:4d:b4:51:
         9b:c5:06:01:15:9f:8f:ba:f5:5a:1c:c4:5f:3d:ad:fe:55:e2:
         1b:4f:80:6e:c7:5d:b4:c5:d6:e0:83:a8:87:df:48:4a:47:a3:
         2c:2d:1a:03:c7:c9:bb:24:89:97:71:96:fc:3d:3c:cd:b8:c9:
         c8:b0:60:ef:d9:49:12:ad:07:f9:7a:67:a1:24:62:4f:d0:c4:
         a8:2e:4a:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZc/rzwxajN2bIbVl8si+0o5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNjA1MTA0MjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODdkNWY5NzA2ZDM4OTJhYWEyZDZmZWRiNGQ2YzgxOTI1MzFlNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5WxaGDS+Xg5cc5dmfYI9y6feFII
okWZGR/3Horwknkm3oHx2o2UnFcfd3V8QDM2hrD1PfcBoRRpIspndEUv8vMOSjSt
sfQBBznKJbSRC0Vk+67lt/45VMnVe8YjiHVjZ3zkslUe/t80h820VZ4SbD8wo7aq
CxI0C1RkIRDFeWOWdkUx+t6LFJ4CXrY4F2n9+/CMxl1wq62eXPLIy26R0/pMQ3FC
vdxkP2Ym/VyvNpAni/bYvoY5z5E24dgBcgt0FgSYDarO2Zfj8FOsgowwkshctuBZ
J1J0tXNqvmpgVYdpDKuiRunc4kYKobS3Mh2H9lOLimyA8b35c+hM8Q2PCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOh9X5cG04kqqi1v7bTWyBklMeUjMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvNkgxZmx3YlRpU3FxTFdfdHROYklHU1V4NVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBbwwAwQB
Bbw8MA0GCSqGSIb3DQEBCwUAA4IBAQCzlcB5LdNY2bkEcayW7hVyzsVBRIUjoCGy
WPyQ4RDFgI1SRu3KiAC9MQZCrG/nuORpANVAXhXOhAwcEMyYLMULvA5Jfvp9omQe
KXFoBO7qgVH6px3pluHwgDiJbElx87SonPR0/OS3gm0XJhYhppEqDrQaficIAwdT
CsNvF0SZiuZjtwbuvnVjlysTag7zte5BUZKk0psQk8xgCrqC40XZK0XR6Qonhl5d
n9xE97W6zOxNtFGbxQYBFZ+PuvVaHMRfPa3+VeIbT4Bux120xdbgg6iH30hKR6Ms
LRoDx8m7JImXcZb8PTzNuMnIsGDv2UkSrQf5emehJGJP0MSoLkoN
-----END CERTIFICATE-----