Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/5GiMuJ4bjtKxgwYgcT6ezOjq2xs.roa
File:                     5GiMuJ4bjtKxgwYgcT6ezOjq2xs.roa (raw, json)
Hash identifier:          t7e2ylpQDeTRRtiry6devONjSedo7eSjgqEG/WKrWOU=
Subject key identifier:   E4:68:8C:B8:9E:1B:8E:D2:B1:83:06:20:71:3E:9E:CC:E8:EA:DB:1B
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019A2F1874A67571C26068B5445C924EE1E7
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/5GiMuJ4bjtKxgwYgcT6ezOjq2xs.roa
Signing time:             Wed 29 Oct 2025 08:32:03 +0000
ROA not before:           Wed 29 Oct 2025 08:32:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196609
IP address blocks:        5.83.156.0/24 maxlen: 24
                          195.110.14.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:18:74:a6:75:71:c2:60:68:b5:44:5c:92:4e:e1:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct 29 08:32:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4688cb89e1b8ed2b1830620713e9ecce8eadb1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:73:aa:22:1e:90:26:81:c6:53:52:5a:f6:c7:
                    84:0b:9d:8a:92:7c:e2:d7:9b:39:ec:10:ec:f3:ea:
                    e1:d6:3e:94:de:f8:d4:34:fd:ec:f5:57:6d:ee:8c:
                    f2:73:98:67:dc:98:ed:2b:cd:21:cf:bb:59:f6:8e:
                    72:b4:20:e1:69:47:d5:5b:82:dd:7b:65:be:9b:67:
                    35:2b:6b:20:38:bf:a4:e0:51:a6:39:b4:33:26:d4:
                    54:01:59:47:dd:4c:e7:d8:a6:74:40:55:a4:09:2b:
                    6c:bb:a8:b3:6a:05:27:51:99:a8:a3:9a:f6:5f:66:
                    b6:2a:75:84:19:37:38:4e:08:c8:f0:b5:2b:87:11:
                    e8:c5:46:52:19:0e:d4:14:41:09:78:44:0e:1c:f8:
                    ee:91:9d:53:08:77:be:be:27:d2:7c:82:e9:28:d6:
                    96:d0:7e:77:a8:5d:3c:f5:7e:3d:40:eb:c4:79:d0:
                    4d:34:00:ca:b4:4f:09:e7:5b:9d:08:4a:06:4b:6a:
                    83:ec:78:aa:92:90:71:f2:b1:51:de:3d:42:32:f0:
                    48:e2:2d:f6:c0:52:4b:76:36:e5:ce:e2:d6:97:b0:
                    57:80:28:ea:72:39:15:44:64:ee:27:4a:ca:8f:c4:
                    9f:67:60:fc:33:cb:cc:93:f7:38:2a:1a:f7:c5:41:
                    95:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:68:8C:B8:9E:1B:8E:D2:B1:83:06:20:71:3E:9E:CC:E8:EA:DB:1B
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/5GiMuJ4bjtKxgwYgcT6ezOjq2xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.156.0/24
                  195.110.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:48:eb:98:c9:8d:e9:c7:3d:0c:51:5f:21:dd:bb:ac:1c:30:
         40:12:96:5c:55:2d:6b:fa:8e:3c:11:c7:f4:8d:b2:62:d9:c1:
         b9:37:ca:a9:56:7a:8a:4e:bc:62:e8:a2:ec:52:06:95:24:6d:
         8a:07:54:f0:7a:6e:94:4a:19:87:93:dd:79:33:7d:8b:e1:2e:
         01:4f:bf:8a:b8:a2:9e:d4:b9:d2:08:1e:2b:f9:cd:f4:da:fd:
         5f:29:f2:cf:61:f5:8a:3b:07:30:a3:43:3b:23:56:6a:1c:e8:
         79:1b:8a:af:60:92:5e:e7:48:b7:c8:ca:f0:2e:2a:c2:df:6a:
         61:39:46:96:e5:22:09:41:37:fb:fb:ac:b5:7c:04:d3:a5:53:
         86:39:47:c9:52:e0:ea:78:8b:1d:08:1c:e0:7d:e2:d6:d3:31:
         39:1e:bb:98:75:84:03:c6:19:d8:2c:ea:b2:23:f2:66:36:f2:
         b4:e1:0a:7e:57:32:80:1b:e0:a9:84:fa:e3:f0:dc:3e:cb:cd:
         02:2c:77:42:61:57:27:79:21:3b:f6:7e:44:be:60:a2:9d:c1:
         e6:89:6d:0f:57:6b:1d:6c:39:11:73:1d:56:ca:41:fc:d6:d3:
         e2:9e:5c:d5:2b:8b:5b:31:7d:84:af:87:cf:dd:e3:44:66:5e:
         b8:5e:76:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZovGHSmdXHCYGi1RFySTuHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDI5MDgzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY4OGNiODllMWI4ZWQyYjE4MzA2MjA3MTNlOWVjY2U4ZWFkYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHOqIh6QJoHGU1Ja9seEC52Kknzi
15s57BDs8+rh1j6U3vjUNP3s9Vdt7ozyc5hn3JjtK80hz7tZ9o5ytCDhaUfVW4Ld
e2W+m2c1K2sgOL+k4FGmObQzJtRUAVlH3Uzn2KZ0QFWkCStsu6izagUnUZmoo5r2
X2a2KnWEGTc4TgjI8LUrhxHoxUZSGQ7UFEEJeEQOHPjukZ1TCHe+vifSfILpKNaW
0H53qF089X49QOvEedBNNADKtE8J51udCEoGS2qD7HiqkpBx8rFR3j1CMvBI4i32
wFJLdjblzuLWl7BXgCjqcjkVRGTuJ0rKj8SfZ2D8M8vMk/c4Khr3xUGVNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFORojLieG47SsYMGIHE+nszo6tsbMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvNUdpTXVKNGJqdEt4Z3dZZ2NUNmV6T2pxMnhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABVOcAwQB
w24OMA0GCSqGSIb3DQEBCwUAA4IBAQBsSOuYyY3pxz0MUV8h3busHDBAEpZcVS1r
+o48Ecf0jbJi2cG5N8qpVnqKTrxi6KLsUgaVJG2KB1Twem6UShmHk915M32L4S4B
T7+KuKKe1LnSCB4r+c302v1fKfLPYfWKOwcwo0M7I1ZqHOh5G4qvYJJe50i3yMrw
LirC32phOUaW5SIJQTf7+6y1fATTpVOGOUfJUuDqeIsdCBzgfeLW0zE5HruYdYQD
xhnYLOqyI/JmNvK04Qp+VzKAG+CphPrj8Nw+y80CLHdCYVcneSE79n5EvmCincHm
iW0PV2sdbDkRcx1WykH81tPinlzVK4tbMX2Er4fP3eNEZl64XnYk
-----END CERTIFICATE-----