Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/ZHR6Evs2t_5MsAWITZbO0_S2MQc.roa
File:                     ZHR6Evs2t_5MsAWITZbO0_S2MQc.roa (raw, json)
Hash identifier:          TTSbz7ZJFR5Cfc5bWCmHmNZ+Klnd0Mt+hNshpgdxShs=
Subject key identifier:   64:74:7A:12:FB:36:B7:FE:4C:B0:05:88:4D:96:CE:D3:F4:B6:31:07
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019421B210F6D0AB9F18DDC8B6231ADEC75F
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/ZHR6Evs2t_5MsAWITZbO0_S2MQc.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        5.249.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:10:f6:d0:ab:9f:18:dd:c8:b6:23:1a:de:c7:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64747a12fb36b7fe4cb005884d96ced3f4b63107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:95:22:66:c5:e1:6c:ad:2f:23:72:9d:ec:a2:
                    f2:e6:52:7f:2e:d5:8c:92:f1:fc:bc:37:f7:3f:2a:
                    af:bf:c0:7a:56:a7:f9:52:33:08:b5:c7:e8:0e:47:
                    6d:e0:c2:3c:30:fa:5d:6d:b3:a6:7c:84:de:15:c3:
                    b8:98:5a:fd:c0:a9:36:56:4d:30:6c:56:27:c5:67:
                    02:61:c8:8f:bd:72:b7:6d:5d:4b:b4:82:35:9d:ab:
                    f3:b2:dc:35:b7:f6:78:fc:a2:68:62:b9:40:00:95:
                    32:5c:86:a4:61:d0:63:6f:f9:bb:c2:f9:7d:e2:14:
                    c1:f3:10:5e:ae:5d:57:f5:e9:da:d5:61:95:5d:e2:
                    7d:e0:33:69:57:c7:a0:4a:b8:02:0b:38:ce:d0:85:
                    2a:a2:aa:5d:aa:c4:68:2a:94:d5:e5:07:bc:ff:dc:
                    14:15:8e:42:fc:92:4a:fe:af:27:9e:83:6f:d8:57:
                    ce:bc:11:23:b9:79:dc:e0:0f:7d:bd:1a:4d:f4:6d:
                    ad:da:51:cf:29:43:81:cf:47:c5:b1:d0:3b:c7:97:
                    00:bc:c3:b9:d8:51:19:0a:41:94:0c:02:07:23:06:
                    71:ad:78:76:36:5d:42:6c:91:a3:86:a1:33:43:b5:
                    e2:30:aa:fe:cc:38:10:e5:07:77:e3:ff:66:12:48:
                    08:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:74:7A:12:FB:36:B7:FE:4C:B0:05:88:4D:96:CE:D3:F4:B6:31:07
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/ZHR6Evs2t_5MsAWITZbO0_S2MQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:cd:61:bd:89:14:e2:aa:22:77:96:5c:45:88:5f:28:de:3c:
         e1:18:48:51:a3:31:0a:e8:ac:52:27:c5:61:b0:bd:07:e9:45:
         06:3a:4a:b3:98:d2:84:1b:6c:41:9c:96:ed:41:94:ec:1c:bc:
         b9:be:61:4c:e2:6e:3e:93:fa:6e:fb:90:4d:15:c8:aa:4c:9a:
         71:9e:2d:8c:a4:01:78:e3:05:4f:32:2c:2c:b3:42:0a:72:ca:
         4e:d0:81:2b:10:46:00:01:ca:6f:5d:3b:88:80:b8:8a:83:86:
         13:35:a9:f0:48:46:ce:a6:13:3c:77:a5:e6:17:e0:e1:65:60:
         30:3d:94:95:08:06:a8:56:60:fc:a3:39:21:93:1c:2e:9c:69:
         ff:be:70:53:22:14:f5:39:6e:1a:db:17:9b:79:5a:7d:26:a1:
         2a:79:d8:0c:0b:c5:6d:b5:88:ac:93:b2:dc:c8:4a:a8:a4:3d:
         3c:e2:3b:fa:17:89:db:03:a0:94:8c:a0:d0:5c:f4:13:ab:8a:
         a5:ab:53:a2:f4:70:88:9f:1b:07:21:a8:03:63:bf:2d:ca:c3:
         5b:09:e3:f8:0f:92:21:34:a7:93:ce:85:67:33:d2:28:9d:f4:
         39:5a:27:b3:6c:c1:54:70:59:80:aa:98:7d:c9:ee:62:07:96:
         05:92:5c:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshD20KufGN3ItiMa3sdfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDc0N2ExMmZiMzZiN2ZlNGNiMDA1ODg0ZDk2Y2VkM2Y0YjYzMTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZUiZsXhbK0vI3Kd7KLy5lJ/LtWM
kvH8vDf3Pyqvv8B6Vqf5UjMItcfoDkdt4MI8MPpdbbOmfITeFcO4mFr9wKk2Vk0w
bFYnxWcCYciPvXK3bV1LtII1navzstw1t/Z4/KJoYrlAAJUyXIakYdBjb/m7wvl9
4hTB8xBerl1X9ena1WGVXeJ94DNpV8egSrgCCzjO0IUqoqpdqsRoKpTV5Qe8/9wU
FY5C/JJK/q8nnoNv2FfOvBEjuXnc4A99vRpN9G2t2lHPKUOBz0fFsdA7x5cAvMO5
2FEZCkGUDAIHIwZxrXh2Nl1CbJGjhqEzQ7XiMKr+zDgQ5Qd34/9mEkgI8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGR0ehL7Nrf+TLAFiE2WztP0tjEHMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvWkhSNkV2czJ0XzVNc0FXSVRaYk8wX1MyTVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfm4MA0G
CSqGSIb3DQEBCwUAA4IBAQAozWG9iRTiqiJ3llxFiF8o3jzhGEhRozEK6KxSJ8Vh
sL0H6UUGOkqzmNKEG2xBnJbtQZTsHLy5vmFM4m4+k/pu+5BNFciqTJpxni2MpAF4
4wVPMiwss0IKcspO0IErEEYAAcpvXTuIgLiKg4YTNanwSEbOphM8d6XmF+DhZWAw
PZSVCAaoVmD8ozkhkxwunGn/vnBTIhT1OW4a2xebeVp9JqEqedgMC8VttYisk7Lc
yEqopD084jv6F4nbA6CUjKDQXPQTq4qlq1Oi9HCInxsHIagDY78tysNbCeP4D5Ih
NKeTzoVnM9IonfQ5WiezbMFUcFmAqph9ye5iB5YFklyK
-----END CERTIFICATE-----