Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/g6eqrIfadHQCNvxrUPQ7Hredl8c.roa
File:                     g6eqrIfadHQCNvxrUPQ7Hredl8c.roa (raw, json)
Hash identifier:          KzSePhZAtRu+meTZKCOYI8r/ad0eb15/dsNOD2iILt8=
Subject key identifier:   83:A7:AA:AC:87:DA:74:74:02:36:FC:6B:50:F4:3B:1E:B7:9D:97:C7
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019421B21492E8B791423F9FE05C2B123467
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/g6eqrIfadHQCNvxrUPQ7Hredl8c.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        5.249.180.0/22 maxlen: 24
                          5.249.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:14:92:e8:b7:91:42:3f:9f:e0:5c:2b:12:34:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83a7aaac87da74740236fc6b50f43b1eb79d97c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:d9:dc:b0:e8:66:96:e6:06:94:49:ef:3d:76:
                    cd:cf:81:94:04:14:6d:21:ad:d8:4c:4b:30:3c:9f:
                    4d:0b:f1:e7:10:39:cf:9d:15:c2:06:25:ad:3b:bc:
                    50:5a:44:12:d2:4b:9d:6f:e0:8e:c2:20:6d:d5:74:
                    3c:9d:5f:98:27:8f:1c:21:30:de:0d:6f:62:bb:ae:
                    00:6d:40:bc:64:81:89:e3:63:63:65:90:0d:5d:e7:
                    6e:3b:01:4e:e6:ff:b0:c8:09:49:e0:c0:28:f0:69:
                    af:a6:05:c3:bc:2a:60:5d:e8:0b:af:0f:00:9e:08:
                    e5:1d:71:fc:97:1d:12:65:db:63:80:70:59:9d:e7:
                    d7:01:e2:d4:d2:46:2d:38:f1:c5:dd:0c:d8:a8:18:
                    96:cc:3f:4a:8e:a9:0b:46:88:3c:80:0e:a3:37:5c:
                    e9:33:87:bb:9e:5a:94:30:d2:03:78:c9:95:50:b8:
                    65:83:dd:14:76:e5:b7:85:3e:a3:32:db:33:9f:77:
                    09:9a:89:2f:70:37:d5:57:08:74:ba:f2:08:62:bb:
                    f5:a9:91:35:0e:83:a9:53:91:09:b6:a5:16:c0:0f:
                    b4:9f:84:0a:46:2e:65:cc:66:87:6c:a4:dd:c9:52:
                    3d:f3:b9:a1:13:15:02:3a:c2:7d:4e:f5:03:b9:42:
                    46:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:A7:AA:AC:87:DA:74:74:02:36:FC:6B:50:F4:3B:1E:B7:9D:97:C7
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/g6eqrIfadHQCNvxrUPQ7Hredl8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.180.0-5.249.187.255

    Signature Algorithm: sha256WithRSAEncryption
         66:22:f8:34:2a:e7:63:a8:60:e7:a5:49:63:63:92:41:28:1f:
         9c:8b:db:25:a4:47:37:64:83:f5:3d:b1:e1:1e:a6:d0:3a:7d:
         c9:c1:60:f2:f6:34:57:dd:1b:9f:7b:67:04:73:66:c3:6a:d8:
         0e:4c:51:56:41:7f:94:c4:d7:59:e5:c9:99:34:65:28:37:dd:
         fc:c8:bb:0e:3b:78:ee:63:3f:23:81:00:a0:46:b8:90:d6:fa:
         7e:47:e9:ca:43:ac:b7:e4:d7:87:e3:68:01:85:7b:0e:f2:3b:
         f1:da:1d:9f:10:e3:db:8f:26:1a:d3:86:fb:d6:4f:95:4c:b8:
         d0:fc:8d:34:bf:39:db:61:f1:59:60:3c:36:30:17:8f:09:59:
         e6:44:79:36:2b:94:a1:aa:38:94:81:01:94:ee:18:a0:e9:72:
         d7:ca:40:0a:79:6f:9f:26:2c:85:9a:fc:29:83:be:47:78:ad:
         c0:fc:84:c5:14:34:70:b0:70:2c:7e:29:38:dc:fc:c7:e4:10:
         9e:4a:37:9e:a4:a9:f8:af:0c:67:d7:23:89:bc:5c:eb:60:ea:
         ef:91:65:73:f4:45:a9:05:b3:6d:90:da:75:a9:1a:5b:aa:e6:
         d7:02:76:d3:af:be:2f:34:02:25:87:28:be:eb:d7:ea:3f:54:
         24:00:a5:03
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhshSS6LeRQj+f4FwrEjRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2E3YWFhYzg3ZGE3NDc0MDIzNmZjNmI1MGY0M2IxZWI3OWQ5N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7NncsOhmluYGlEnvPXbNz4GUBBRt
Ia3YTEswPJ9NC/HnEDnPnRXCBiWtO7xQWkQS0kudb+COwiBt1XQ8nV+YJ48cITDe
DW9iu64AbUC8ZIGJ42NjZZANXeduOwFO5v+wyAlJ4MAo8GmvpgXDvCpgXegLrw8A
ngjlHXH8lx0SZdtjgHBZnefXAeLU0kYtOPHF3QzYqBiWzD9KjqkLRog8gA6jN1zp
M4e7nlqUMNIDeMmVULhlg90UduW3hT6jMtszn3cJmokvcDfVVwh0uvIIYrv1qZE1
DoOpU5EJtqUWwA+0n4QKRi5lzGaHbKTdyVI987mhExUCOsJ9TvUDuUJGcwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIOnqqyH2nR0Ajb8a1D0Ox63nZfHMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvZzZlcXJJZmFkSFFDTnZ4clVQUTdIcmVkbDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAIF+bQD
BAIF+bgwDQYJKoZIhvcNAQELBQADggEBAGYi+DQq52OoYOelSWNjkkEoH5yL2yWk
Rzdkg/U9seEeptA6fcnBYPL2NFfdG597ZwRzZsNq2A5MUVZBf5TE11nlyZk0ZSg3
3fzIuw47eO5jPyOBAKBGuJDW+n5H6cpDrLfk14fjaAGFew7yO/HaHZ8Q49uPJhrT
hvvWT5VMuND8jTS/Odth8VlgPDYwF48JWeZEeTYrlKGqOJSBAZTuGKDpctfKQAp5
b58mLIWa/CmDvkd4rcD8hMUUNHCwcCx+KTjc/MfkEJ5KN56kqfivDGfXI4m8XOtg
6u+RZXP0RakFs22Q2nWpGluq5tcCdtOvvi80AiWHKL7r1+o/VCQApQM=
-----END CERTIFICATE-----