Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/wC0sOJE7Wv-NDnjnHyFLfG4GZzQ.roa
File:                     wC0sOJE7Wv-NDnjnHyFLfG4GZzQ.roa (raw, json)
Hash identifier:          eBDWtuxEoge7xWpb5CncoOSy1UIXobW2890cjPYuR1s=
Subject key identifier:   C0:2D:2C:38:91:3B:5A:FF:8D:0E:78:E7:1F:21:4B:7C:6E:06:67:34
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019421B213309996D4F3240F1CB239BD0F5C
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/wC0sOJE7Wv-NDnjnHyFLfG4GZzQ.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        5.249.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:13:30:99:96:d4:f3:24:0f:1c:b2:39:bd:0f:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c02d2c38913b5aff8d0e78e71f214b7c6e066734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:cb:8f:b0:8f:96:9c:8d:3e:b9:63:94:34:f5:
                    0e:44:65:6d:c3:eb:a7:29:0e:e9:3d:e5:c5:7e:bb:
                    40:3b:5f:d2:8f:3c:40:fc:b7:e6:89:f2:5b:01:af:
                    af:b4:36:33:62:66:9d:cb:fe:8b:5c:90:bd:a2:65:
                    8c:76:30:a1:72:e4:5b:b3:5a:78:44:86:6f:44:d1:
                    82:15:04:29:95:3a:37:75:74:72:7b:14:69:74:34:
                    c8:78:26:85:f7:83:2d:55:77:67:cb:b2:1a:96:49:
                    40:6c:a6:b1:fe:f6:2f:d4:1e:a7:d0:fc:b4:88:a8:
                    ec:2d:8c:58:01:6d:5b:62:b5:ee:68:29:00:42:18:
                    13:1c:20:46:e3:84:7f:ed:22:d2:c2:c3:22:99:d8:
                    20:85:03:bf:50:1c:ab:fe:be:c3:63:43:a7:2c:a6:
                    5c:c6:78:a0:d5:05:4b:df:99:ef:b2:8c:e9:44:d3:
                    40:61:9c:71:d3:ff:ad:90:d7:c9:97:28:14:a7:d5:
                    99:f7:a9:b8:7b:b2:30:6f:10:e8:32:4c:1e:22:e7:
                    3f:ef:f5:fa:e5:40:da:b1:53:0c:f4:14:df:49:62:
                    58:61:9e:7c:54:04:ac:d8:51:56:6b:d8:e2:56:4d:
                    ff:a4:ae:d4:28:81:23:47:09:d1:92:90:c4:2e:43:
                    13:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:2D:2C:38:91:3B:5A:FF:8D:0E:78:E7:1F:21:4B:7C:6E:06:67:34
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/wC0sOJE7Wv-NDnjnHyFLfG4GZzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:8a:6c:79:fb:95:8e:61:da:37:0f:02:f6:2e:74:fa:47:bd:
         4c:06:0c:3e:1e:df:ed:fe:7f:bb:a0:b4:3c:b0:b9:d5:b4:36:
         7b:4b:16:1f:c7:e3:be:94:90:0d:29:f5:ef:39:8e:04:73:e0:
         fc:56:fc:fc:49:32:bd:f0:cd:82:42:e9:da:51:41:0b:93:c7:
         e9:d5:1b:74:3e:68:46:93:64:d4:d5:90:54:f8:86:99:02:1b:
         de:92:d3:20:a0:73:d4:8e:fe:d3:5c:29:ab:40:80:50:aa:b5:
         9f:b8:4b:19:fe:b3:65:52:2e:10:73:f9:3b:60:e8:c5:7e:43:
         80:e4:6b:08:27:9b:6b:95:0a:ea:34:c0:3b:87:66:55:8d:0c:
         1e:a0:25:44:76:5c:db:57:0e:1d:b3:5c:9b:33:99:cf:d4:5e:
         ed:f0:5b:48:72:af:8d:af:66:9e:67:ad:d6:47:46:6b:21:78:
         65:6a:97:95:e0:38:8e:9a:6e:0c:f3:e4:91:71:e1:88:3c:87:
         84:c6:df:bc:54:7c:86:9d:6a:94:85:3f:69:bd:df:61:41:a0:
         e2:48:ca:17:c6:38:66:78:06:ec:34:21:e0:b6:cc:51:e0:39:
         29:89:7f:41:db:43:11:d4:4f:fe:75:e3:02:b9:c0:7b:0a:85:
         ab:a8:58:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshMwmZbU8yQPHLI5vQ9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDJkMmMzODkxM2I1YWZmOGQwZTc4ZTcxZjIxNGI3YzZlMDY2NzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsuPsI+WnI0+uWOUNPUORGVtw+un
KQ7pPeXFfrtAO1/SjzxA/LfmifJbAa+vtDYzYmady/6LXJC9omWMdjChcuRbs1p4
RIZvRNGCFQQplTo3dXRyexRpdDTIeCaF94MtVXdny7IalklAbKax/vYv1B6n0Py0
iKjsLYxYAW1bYrXuaCkAQhgTHCBG44R/7SLSwsMimdgghQO/UByr/r7DY0OnLKZc
xnig1QVL35nvsozpRNNAYZxx0/+tkNfJlygUp9WZ96m4e7IwbxDoMkweIuc/7/X6
5UDasVMM9BTfSWJYYZ58VASs2FFWa9jiVk3/pK7UKIEjRwnRkpDELkMTGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAtLDiRO1r/jQ545x8hS3xuBmc0MB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvd0Mwc09KRTdXdi1ORG5qbkh5RkxmRzRHWnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfm8MA0G
CSqGSIb3DQEBCwUAA4IBAQAdimx5+5WOYdo3DwL2LnT6R71MBgw+Ht/t/n+7oLQ8
sLnVtDZ7SxYfx+O+lJANKfXvOY4Ec+D8Vvz8STK98M2CQunaUUELk8fp1Rt0PmhG
k2TU1ZBU+IaZAhvektMgoHPUjv7TXCmrQIBQqrWfuEsZ/rNlUi4Qc/k7YOjFfkOA
5GsIJ5trlQrqNMA7h2ZVjQweoCVEdlzbVw4ds1ybM5nP1F7t8FtIcq+Nr2aeZ63W
R0ZrIXhlapeV4DiOmm4M8+SRceGIPIeExt+8VHyGnWqUhT9pvd9hQaDiSMoXxjhm
eAbsNCHgtsxR4DkpiX9B20MR1E/+deMCucB7CoWrqFiQ
-----END CERTIFICATE-----