Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/O_cWPiU3raQrqDxs4zatO4idy0Y.roa
File:                     O_cWPiU3raQrqDxs4zatO4idy0Y.roa (raw, json)
Hash identifier:          sin5+5s1ipugsNF7arCak0i8IZeeAJKoxPpxgh2gldY=
Subject key identifier:   3B:F7:16:3E:25:37:AD:A4:2B:A8:3C:6C:E3:36:AD:3B:88:9D:CB:46
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       018CC56EB3C1252773F0E49A0006BD367F81
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/O_cWPiU3raQrqDxs4zatO4idy0Y.roa
Signing time:             Mon 01 Jan 2024 14:30:15 +0000
ROA not before:           Mon 01 Jan 2024 14:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        5.249.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b3:c1:25:27:73:f0:e4:9a:00:06:bd:36:7f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 14:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bf7163e2537ada42ba83c6ce336ad3b889dcb46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:84:97:8e:62:76:43:8f:89:63:89:ab:ea:a3:
                    61:bc:c1:82:02:16:44:04:17:1f:75:2f:bf:a6:4f:
                    23:15:80:e0:52:07:08:2f:82:c1:ce:f0:ba:d9:65:
                    3d:ec:cd:9a:25:63:44:a9:1e:da:32:03:ca:1b:6d:
                    15:83:63:e0:93:85:47:89:84:ea:77:89:c7:bc:4b:
                    6c:77:a0:b1:27:8a:19:da:4c:b8:a8:ca:98:3c:1c:
                    61:a2:45:fa:d1:5f:ea:cf:d8:2c:10:d6:c5:69:d7:
                    c7:51:bd:3d:5e:e0:56:0e:22:36:5f:11:3a:b9:93:
                    e6:cd:e2:c7:c8:7a:e1:55:a9:e9:57:e7:38:80:fb:
                    0d:fd:87:b3:b2:4c:e9:c3:66:66:86:58:71:4a:d9:
                    ff:d8:4f:03:88:19:fd:b7:71:6a:17:b7:50:94:d2:
                    d7:18:84:77:68:d6:50:f2:be:d7:70:82:46:d8:bd:
                    89:19:25:0c:d9:3f:11:1b:42:27:60:52:28:a6:f5:
                    9c:2a:16:91:11:0d:40:7c:21:11:41:0c:1e:ec:73:
                    bd:85:79:32:eb:47:e6:38:1f:33:55:a7:9c:76:96:
                    b6:1f:bc:f3:ee:82:0b:62:2c:73:b0:b5:3f:e7:a8:
                    ec:74:b7:7b:f6:73:40:86:7a:91:1c:e5:b9:68:52:
                    1d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:F7:16:3E:25:37:AD:A4:2B:A8:3C:6C:E3:36:AD:3B:88:9D:CB:46
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/O_cWPiU3raQrqDxs4zatO4idy0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:1a:07:2e:1e:6a:e5:83:0e:e7:ff:d9:8a:24:ac:dc:b1:75:
         bb:57:ff:49:01:ae:55:1a:3e:f1:11:e5:7c:98:f7:8e:87:54:
         51:8d:59:a1:a5:c1:7a:bc:d8:75:e7:92:22:7e:99:42:91:0c:
         fe:e4:58:9a:6e:7d:c0:a6:7d:79:46:49:be:3d:15:b4:3e:44:
         90:d0:25:f7:43:d2:dc:3c:1e:8d:f7:29:8a:9b:85:2c:a6:e0:
         8b:3e:b5:b8:f8:cc:08:fa:6c:14:e9:ad:8b:b1:71:15:99:29:
         be:8e:60:d0:6e:38:70:0d:1d:fe:33:2c:6b:54:10:f2:e7:03:
         34:ec:d5:b3:05:45:d6:25:f7:67:28:13:e5:0d:ae:eb:6d:f9:
         e4:ec:0c:c7:aa:7e:05:e7:95:11:3f:99:f1:33:98:1a:ec:40:
         c8:78:24:b1:17:e9:d8:3e:cc:c5:7a:eb:a5:e5:2c:02:ab:32:
         ea:69:3e:01:63:fb:ba:ea:a7:26:95:11:a7:c8:b3:c6:c6:82:
         13:3a:20:55:44:2f:e1:3a:c5:d7:b8:59:81:b7:d5:e6:d1:0f:
         53:e8:52:42:a5:9d:d6:bd:ba:16:6c:34:36:d1:75:28:23:a6:
         95:7a:3d:d8:bc:31:0e:5b:bd:8e:60:75:f1:c2:2f:7f:e2:78:
         1b:a3:96:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrPBJSdz8OSaAAa9Nn+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjQwMTAxMTQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmY3MTYzZTI1MzdhZGE0MmJhODNjNmNlMzM2YWQzYjg4OWRjYjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYSXjmJ2Q4+JY4mr6qNhvMGCAhZE
BBcfdS+/pk8jFYDgUgcIL4LBzvC62WU97M2aJWNEqR7aMgPKG20Vg2Pgk4VHiYTq
d4nHvEtsd6CxJ4oZ2ky4qMqYPBxhokX60V/qz9gsENbFadfHUb09XuBWDiI2XxE6
uZPmzeLHyHrhVanpV+c4gPsN/Yezskzpw2ZmhlhxStn/2E8DiBn9t3FqF7dQlNLX
GIR3aNZQ8r7XcIJG2L2JGSUM2T8RG0InYFIopvWcKhaREQ1AfCERQQwe7HO9hXky
60fmOB8zVaecdpa2H7zz7oILYixzsLU/56jsdLd79nNAhnqRHOW5aFIdpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDv3Fj4lN62kK6g8bOM2rTuInctGMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvT19jV1BpVTNyYVFycUR4czR6YXRPNGlkeTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfm8MA0G
CSqGSIb3DQEBCwUAA4IBAQBcGgcuHmrlgw7n/9mKJKzcsXW7V/9JAa5VGj7xEeV8
mPeOh1RRjVmhpcF6vNh155IifplCkQz+5Fiabn3Apn15Rkm+PRW0PkSQ0CX3Q9Lc
PB6N9ymKm4UspuCLPrW4+MwI+mwU6a2LsXEVmSm+jmDQbjhwDR3+MyxrVBDy5wM0
7NWzBUXWJfdnKBPlDa7rbfnk7AzHqn4F55URP5nxM5ga7EDIeCSxF+nYPszFeuul
5SwCqzLqaT4BY/u66qcmlRGnyLPGxoITOiBVRC/hOsXXuFmBt9Xm0Q9T6FJCpZ3W
vboWbDQ20XUoI6aVej3YvDEOW72OYHXxwi9/4ngbo5Yg
-----END CERTIFICATE-----