Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/fcdNzEinFrEqEiz-1FKcYEwl9zc.roa
File:                     fcdNzEinFrEqEiz-1FKcYEwl9zc.roa (raw, json)
Hash identifier:          KoedLQT6PsDzdh75u20EFOThztPuThrFjlxHuXGWcYA=
Subject key identifier:   7D:C7:4D:CC:48:A7:16:B1:2A:12:2C:FE:D4:52:9C:60:4C:25:F7:37
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       018F0C3E6D3241FA12C13C56439337305408
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/fcdNzEinFrEqEiz-1FKcYEwl9zc.roa
Signing time:             Tue 23 Apr 2024 18:36:08 +0000
ROA not before:           Tue 23 Apr 2024 18:36:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        5.249.184.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:3e:6d:32:41:fa:12:c1:3c:56:43:93:37:30:54:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Apr 23 18:36:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dc74dcc48a716b12a122cfed4529c604c25f737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ee:41:2c:dd:8b:31:63:01:c3:38:28:13:ee:
                    a1:4e:67:45:f3:cc:6a:51:df:55:8d:ac:a6:54:fb:
                    6a:03:19:fe:f8:c2:83:50:b8:c4:63:62:64:37:54:
                    6e:3a:3d:0a:64:e9:90:ad:fb:a1:7f:13:30:c9:3b:
                    21:4e:ba:dd:a0:a6:1d:b1:5b:17:69:31:dc:98:74:
                    b6:6a:c7:4c:80:da:66:bf:45:cb:71:83:e9:0d:5d:
                    0f:ea:68:6d:eb:c9:b5:c4:43:17:fe:dd:41:69:f1:
                    df:ce:05:c7:e9:fe:5d:dd:6a:87:43:d6:94:c2:27:
                    5e:ee:a5:fc:6f:d9:a8:e6:df:a8:1b:af:99:f4:9c:
                    04:1f:f2:fe:60:25:11:d1:d4:40:06:03:06:b4:ea:
                    42:3d:31:dc:c3:03:72:d5:4a:82:f5:ee:60:31:87:
                    65:2d:bb:a3:07:5a:1d:24:cd:2a:0f:4e:0b:8c:17:
                    23:f6:94:4a:02:54:c0:a1:fd:39:78:23:ff:28:eb:
                    31:bc:eb:c3:e1:3c:f9:c2:63:d7:5b:dc:d6:45:24:
                    3c:d9:91:49:d8:86:0f:c1:e7:b8:f8:b0:96:60:ae:
                    3d:7e:b9:9d:fd:14:f0:41:1d:28:f4:68:a8:a7:de:
                    50:d5:41:12:80:2c:1d:5a:22:d0:4a:5b:f7:35:4d:
                    b2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C7:4D:CC:48:A7:16:B1:2A:12:2C:FE:D4:52:9C:60:4C:25:F7:37
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/fcdNzEinFrEqEiz-1FKcYEwl9zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:2b:65:d4:2e:e3:81:b7:6d:29:db:4c:72:a8:dc:1e:da:bc:
         92:a9:b1:52:1e:21:b7:d4:fe:e4:9f:05:1d:f6:e2:96:5b:d3:
         5b:ea:2a:5e:71:2b:b6:bd:c3:db:bc:7b:33:d7:85:46:69:a3:
         a3:2c:c8:9f:e2:44:f3:fc:13:2d:ee:48:7e:80:aa:ec:40:1e:
         d1:1f:f2:8b:a5:f9:f9:91:2a:83:8c:eb:cd:55:39:0a:13:85:
         f4:6e:b0:39:ad:b5:f8:3f:53:40:d3:97:e0:59:9a:cb:f6:33:
         e6:05:f0:a5:ec:71:cd:f4:3e:b9:f6:b4:81:57:da:82:3b:19:
         40:f2:34:e2:1d:1b:3c:56:c4:8c:48:cd:31:ec:2d:2e:3a:48:
         ee:d3:28:9f:32:2b:59:23:e5:8b:3c:41:70:f9:62:9f:cb:5a:
         db:fc:58:03:c5:eb:91:8c:5d:67:7e:7e:5b:60:2a:01:c0:eb:
         eb:d1:0d:6e:29:e1:e6:57:fa:4a:93:ab:a8:70:73:df:66:15:
         35:31:f0:51:ff:24:78:7b:13:c2:69:55:26:8a:bb:cd:42:56:
         54:97:b1:00:59:3c:31:4f:bb:70:eb:63:38:bb:63:6d:ab:9c:
         b4:19:41:a5:49:c7:f4:ea:cd:f6:4d:8c:fc:bf:82:d4:a6:83:
         79:b9:b5:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8MPm0yQfoSwTxWQ5M3MFQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjQwNDIzMTgzNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGM3NGRjYzQ4YTcxNmIxMmExMjJjZmVkNDUyOWM2MDRjMjVmNzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+5BLN2LMWMBwzgoE+6hTmdF88xq
Ud9VjaymVPtqAxn++MKDULjEY2JkN1RuOj0KZOmQrfuhfxMwyTshTrrdoKYdsVsX
aTHcmHS2asdMgNpmv0XLcYPpDV0P6mht68m1xEMX/t1BafHfzgXH6f5d3WqHQ9aU
wide7qX8b9mo5t+oG6+Z9JwEH/L+YCUR0dRABgMGtOpCPTHcwwNy1UqC9e5gMYdl
LbujB1odJM0qD04LjBcj9pRKAlTAof05eCP/KOsxvOvD4Tz5wmPXW9zWRSQ82ZFJ
2IYPwee4+LCWYK49frmd/RTwQR0o9Giop95Q1UESgCwdWiLQSlv3NU2yPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3HTcxIpxaxKhIs/tRSnGBMJfc3MB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvZmNkTnpFaW5GckVxRWl6LTFGS2NZRXdsOXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfm4MA0G
CSqGSIb3DQEBCwUAA4IBAQCOK2XULuOBt20p20xyqNwe2rySqbFSHiG31P7knwUd
9uKWW9Nb6ipecSu2vcPbvHsz14VGaaOjLMif4kTz/BMt7kh+gKrsQB7RH/KLpfn5
kSqDjOvNVTkKE4X0brA5rbX4P1NA05fgWZrL9jPmBfCl7HHN9D659rSBV9qCOxlA
8jTiHRs8VsSMSM0x7C0uOkju0yifMitZI+WLPEFw+WKfy1rb/FgDxeuRjF1nfn5b
YCoBwOvr0Q1uKeHmV/pKk6uocHPfZhU1MfBR/yR4exPCaVUmirvNQlZUl7EAWTwx
T7tw62M4u2Ntq5y0GUGlScf06s32TYz8v4LUpoN5ubVI
-----END CERTIFICATE-----