Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/AxSa7Qw8b5mr8sP_goNUomTIx3c.roa
File:                     AxSa7Qw8b5mr8sP_goNUomTIx3c.roa (raw, json)
Hash identifier:          jc/KwKM0/1cRLN9uaK94SYLTPM/GMrMJSmpOYylRDRA=
Subject key identifier:   03:14:9A:ED:0C:3C:6F:99:AB:F2:C3:FF:82:83:54:A2:64:C8:C7:77
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       019A0B35233178CFF800C9A32F960C6E5FC4
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/AxSa7Qw8b5mr8sP_goNUomTIx3c.roa
Signing time:             Wed 22 Oct 2025 09:17:03 +0000
ROA not before:           Wed 22 Oct 2025 09:17:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42586
IP address blocks:        5.160.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:35:23:31:78:cf:f8:00:c9:a3:2f:96:0c:6e:5f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Oct 22 09:17:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03149aed0c3c6f99abf2c3ff828354a264c8c777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:13:9b:5a:e6:61:42:75:ff:57:b5:3e:3d:a1:
                    f4:6c:dd:c8:81:45:b0:8f:44:bb:2f:32:bb:03:5e:
                    05:75:e1:fb:26:7b:9e:bc:b0:0a:9e:22:6e:54:b4:
                    f4:27:03:0b:27:e6:4d:7e:33:b5:ac:dc:51:b5:bc:
                    ad:d4:db:52:1c:71:0d:48:1c:25:a7:50:d3:3b:b4:
                    87:5a:90:e9:73:de:f9:ff:18:7d:15:05:30:c0:87:
                    65:32:ae:09:7e:bc:d8:e3:9a:7d:87:a6:f8:bf:87:
                    22:e0:5a:aa:d3:46:5f:02:e3:05:59:a9:f1:99:ee:
                    af:d2:dc:27:ee:75:f9:4f:a9:2f:22:55:f3:df:4e:
                    85:a1:dd:96:7a:8b:49:ff:33:a7:5d:4a:1b:2f:10:
                    7d:f7:fe:e1:83:b2:8d:a0:33:9d:b4:d7:75:da:95:
                    e2:70:65:3c:6b:14:f4:4f:a8:1b:8e:35:ac:c3:91:
                    93:d1:9f:3f:46:5b:e7:c0:1e:4e:94:de:da:a4:06:
                    ba:6c:1c:ed:41:09:ce:62:30:e6:a0:3e:28:36:5b:
                    b8:8a:eb:03:23:94:3a:7d:30:c0:4a:bc:3a:3e:b3:
                    0e:e8:71:8f:bf:69:57:88:35:35:79:37:8c:1f:78:
                    c4:8f:47:d4:85:ae:37:b0:86:b8:27:1f:e4:6f:49:
                    f3:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:14:9A:ED:0C:3C:6F:99:AB:F2:C3:FF:82:83:54:A2:64:C8:C7:77
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/AxSa7Qw8b5mr8sP_goNUomTIx3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:10:ab:b5:50:df:a1:ee:25:67:14:b8:32:98:61:34:70:46:
         7b:ec:23:31:e2:9c:9d:5f:7d:f7:d1:ab:88:d3:ff:55:30:48:
         b4:b7:0c:3d:e9:dc:84:c9:20:23:0d:38:60:fb:76:d7:62:19:
         25:aa:d9:eb:8d:81:b6:0d:53:0b:30:70:98:9a:0a:d3:56:06:
         bd:02:5d:e2:56:39:ae:86:4d:01:07:2d:4e:8e:b6:10:b6:a6:
         50:49:49:61:51:5a:76:94:7a:bf:3c:1c:1a:03:ee:7e:82:b3:
         5d:c4:0e:02:78:cc:3c:90:6e:f2:a1:50:71:f9:2b:66:96:1d:
         82:73:a3:d9:5b:5a:62:45:4e:72:0c:c8:1f:c4:d7:89:f6:8e:
         b3:2c:e0:3e:bf:45:36:b8:90:b7:ef:8c:cb:f8:9f:46:53:a5:
         76:84:a7:18:2e:da:90:c0:0b:54:01:12:8d:b3:71:be:59:05:
         c8:8c:96:40:b7:4b:92:79:35:d6:7d:ab:15:cd:2f:98:c8:6a:
         cc:35:ec:78:36:ef:25:3d:1e:e7:5d:9c:7e:b0:8a:45:57:ee:
         02:06:48:b0:f3:29:4e:29:8f:e4:f2:47:1c:6b:80:44:13:79:
         8c:da:49:48:d4:57:16:01:0a:2e:1d:79:6e:85:ce:3f:b2:71:
         fc:ee:8d:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoLNSMxeM/4AMmjL5YMbl/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjUxMDIyMDkxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzE0OWFlZDBjM2M2Zjk5YWJmMmMzZmY4MjgzNTRhMjY0YzhjNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhObWuZhQnX/V7U+PaH0bN3IgUWw
j0S7LzK7A14FdeH7JnuevLAKniJuVLT0JwMLJ+ZNfjO1rNxRtbyt1NtSHHENSBwl
p1DTO7SHWpDpc975/xh9FQUwwIdlMq4JfrzY45p9h6b4v4ci4Fqq00ZfAuMFWanx
me6v0twn7nX5T6kvIlXz306Fod2WeotJ/zOnXUobLxB99/7hg7KNoDOdtNd12pXi
cGU8axT0T6gbjjWsw5GT0Z8/RlvnwB5OlN7apAa6bBztQQnOYjDmoD4oNlu4iusD
I5Q6fTDASrw6PrMO6HGPv2lXiDU1eTeMH3jEj0fUha43sIa4Jx/kb0nzTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMUmu0MPG+Zq/LD/4KDVKJkyMd3MB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvQXhTYTdRdzhiNW1yOHNQX2dvTlVvbVRJeDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaC8MA0G
CSqGSIb3DQEBCwUAA4IBAQAxEKu1UN+h7iVnFLgymGE0cEZ77CMx4pydX3330auI
0/9VMEi0tww96dyEySAjDThg+3bXYhklqtnrjYG2DVMLMHCYmgrTVga9Al3iVjmu
hk0BBy1OjrYQtqZQSUlhUVp2lHq/PBwaA+5+grNdxA4CeMw8kG7yoVBx+Stmlh2C
c6PZW1piRU5yDMgfxNeJ9o6zLOA+v0U2uJC374zL+J9GU6V2hKcYLtqQwAtUARKN
s3G+WQXIjJZAt0uSeTXWfasVzS+YyGrMNex4Nu8lPR7nXZx+sIpFV+4CBkiw8ylO
KY/k8kcca4BEE3mM2klI1FcWAQouHXluhc4/snH87o0/
-----END CERTIFICATE-----