Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/WciI7ArpdgcvglULiniBxnMrwpk.roa
File:                     WciI7ArpdgcvglULiniBxnMrwpk.roa (raw, json)
Hash identifier:          UNTJOdTewZGtB/fzMSHoxNrs8iS5S83h+DKa5XZTtwI=
Subject key identifier:   59:C8:88:EC:0A:E9:76:07:2F:82:55:0B:8A:78:81:C6:73:2B:C2:99
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       01929939C230355E4F0CBA23AC0725F4E3BC
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/WciI7ArpdgcvglULiniBxnMrwpk.roa
Signing time:             Thu 17 Oct 2024 06:45:52 +0000
ROA not before:           Thu 17 Oct 2024 06:45:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        5.249.184.0/22 maxlen: 24
                          195.95.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:99:39:c2:30:35:5e:4f:0c:ba:23:ac:07:25:f4:e3:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Oct 17 06:45:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59c888ec0ae976072f82550b8a7881c6732bc299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e4:de:26:bd:1b:f3:80:19:c7:25:b5:36:b3:
                    e0:a4:60:4d:37:9c:57:52:8b:14:f2:d3:9f:f1:ac:
                    c8:b6:d8:aa:45:62:c2:3b:5a:b7:52:5a:42:da:fe:
                    ac:89:64:99:e1:a7:29:4a:fe:ab:f3:3d:f2:2f:ee:
                    88:b1:27:07:72:ba:13:fe:1c:2d:d4:47:4e:dd:c9:
                    2f:5f:97:2f:35:c9:43:d3:ae:b4:40:aa:e9:f0:3b:
                    b2:70:69:c4:ca:be:a4:ad:f1:92:b4:c8:2e:bd:f9:
                    93:f7:46:6b:26:c8:b8:a9:9a:62:f2:04:65:24:71:
                    1d:22:c2:a2:9f:97:8e:70:a3:e3:a7:13:f6:05:67:
                    80:1c:40:92:64:96:6c:f9:95:84:4e:35:ee:a2:f8:
                    8a:a5:c9:71:94:6c:cd:6c:89:b9:c2:94:04:56:d2:
                    82:49:2b:45:b6:39:20:cc:e2:6a:37:0e:8b:38:33:
                    1b:df:cf:8a:92:3c:5a:08:c7:f9:a3:21:97:eb:9c:
                    96:b6:dd:a2:a1:a8:e2:83:4e:d9:0e:82:1d:be:4e:
                    29:d3:c5:be:54:40:0f:2d:95:d1:7d:ce:94:b0:20:
                    2e:bc:45:28:ed:18:e0:dd:15:37:d2:15:6b:24:5c:
                    02:2d:a9:09:57:d1:ba:7b:dc:7d:32:f3:f8:70:ce:
                    d2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C8:88:EC:0A:E9:76:07:2F:82:55:0B:8A:78:81:C6:73:2B:C2:99
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/WciI7ArpdgcvglULiniBxnMrwpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.184.0/22
                  195.95.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:3e:0d:fa:bc:38:2b:e8:3f:00:d6:9b:59:a8:d5:00:36:23:
         e5:4f:7b:3f:2b:f3:7c:27:ae:82:26:ff:8c:04:11:53:7d:bd:
         83:d8:b9:88:6c:5c:27:f5:74:5e:6e:a7:ea:f2:2a:5d:21:b5:
         d4:a1:c1:ef:a2:0c:d1:e2:0a:92:ae:06:87:76:14:f1:27:e9:
         90:73:fd:ee:48:f3:0e:3f:de:19:0f:21:60:7c:44:7a:de:2e:
         4b:0b:ca:e5:eb:02:58:af:54:45:2f:ae:56:70:1d:33:18:39:
         3f:c1:24:7b:6b:4b:c1:95:86:8c:7d:02:89:29:39:61:db:c9:
         a4:64:ca:06:b5:bc:49:d8:e5:c2:8b:a1:f2:c3:d1:73:a1:3e:
         bb:67:34:46:82:28:23:c2:40:c5:6e:ae:ef:11:ba:78:a1:18:
         c1:42:8e:5a:8d:fd:80:1f:bd:d8:a6:a5:51:af:f5:d2:22:10:
         20:69:1b:b9:c9:70:04:76:37:e6:18:d7:44:de:96:87:0f:3e:
         0f:c9:a9:b7:9c:49:65:2c:10:25:db:29:30:36:4f:cc:05:4d:
         bf:4d:02:ae:c4:83:32:7a:5e:b0:a2:52:14:4f:01:26:22:38:
         da:1d:00:d1:59:77:8f:cf:f2:32:d6:ed:9f:a4:81:93:4c:c5:
         ac:71:50:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKZOcIwNV5PDLojrAcl9OO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjQxMDE3MDY0NTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWM4ODhlYzBhZTk3NjA3MmY4MjU1MGI4YTc4ODFjNjczMmJjMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeTeJr0b84AZxyW1NrPgpGBNN5xX
UosU8tOf8azIttiqRWLCO1q3UlpC2v6siWSZ4acpSv6r8z3yL+6IsScHcroT/hwt
1EdO3ckvX5cvNclD0660QKrp8DuycGnEyr6krfGStMguvfmT90ZrJsi4qZpi8gRl
JHEdIsKin5eOcKPjpxP2BWeAHECSZJZs+ZWETjXuoviKpclxlGzNbIm5wpQEVtKC
SStFtjkgzOJqNw6LODMb38+KkjxaCMf5oyGX65yWtt2ioajig07ZDoIdvk4p08W+
VEAPLZXRfc6UsCAuvEUo7Rjg3RU30hVrJFwCLakJV9G6e9x9MvP4cM7S0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFnIiOwK6XYHL4JVC4p4gcZzK8KZMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvV2NpSTdBcnBkZ2N2Z2xVTGluaUJ4bk1yd3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBfm4AwQA
w1/IMA0GCSqGSIb3DQEBCwUAA4IBAQA1Pg36vDgr6D8A1ptZqNUANiPlT3s/K/N8
J66CJv+MBBFTfb2D2LmIbFwn9XRebqfq8ipdIbXUocHvogzR4gqSrgaHdhTxJ+mQ
c/3uSPMOP94ZDyFgfER63i5LC8rl6wJYr1RFL65WcB0zGDk/wSR7a0vBlYaMfQKJ
KTlh28mkZMoGtbxJ2OXCi6Hyw9FzoT67ZzRGgigjwkDFbq7vEbp4oRjBQo5ajf2A
H73YpqVRr/XSIhAgaRu5yXAEdjfmGNdE3paHDz4Pyam3nEllLBAl2ykwNk/MBU2/
TQKuxIMyel6wolIUTwEmIjjaHQDRWXePz/Iy1u2fpIGTTMWscVBh
-----END CERTIFICATE-----