Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/zF2MV26QdQWRwXiicXiudK6n1Xw.roa
File:                     zF2MV26QdQWRwXiicXiudK6n1Xw.roa (raw, json)
Hash identifier:          4aHxt6tPwu63K1PTNxL4On+nj5XwjJaZnAxdGrgtlxw=
Subject key identifier:   CC:5D:8C:57:6E:90:75:05:91:C1:78:A2:71:78:AE:74:AE:A7:D5:7C
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019421B211B00A35C3E15602F48AAEA32E1C
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/zF2MV26QdQWRwXiicXiudK6n1Xw.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     996
IP address blocks:        37.19.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:11:b0:0a:35:c3:e1:56:02:f4:8a:ae:a3:2e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc5d8c576e90750591c178a27178ae74aea7d57c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:62:cc:0b:38:fa:51:e8:03:cd:ce:fa:d4:fd:
                    3e:b8:41:10:57:aa:a0:b1:f8:cb:80:d8:1d:85:d2:
                    81:c9:24:8f:a0:9e:6c:9e:b1:26:f2:a5:c6:45:cc:
                    ad:20:92:12:7e:25:af:0a:83:62:37:9c:74:40:e8:
                    ea:18:ab:72:9d:23:bd:28:97:ff:aa:21:6d:ff:5a:
                    d5:98:9e:ec:8d:5a:cf:76:9a:a8:53:6a:37:5c:59:
                    ad:00:98:ce:49:fa:56:cf:35:08:4a:19:21:32:2e:
                    34:e1:2f:8b:b1:45:3c:8c:83:09:24:c9:aa:37:81:
                    e1:15:33:63:18:1a:ef:94:e1:b0:4a:48:38:75:f4:
                    ca:dd:e8:14:df:5c:11:8f:e0:c6:48:52:64:27:bc:
                    6a:d8:66:6d:bf:47:5f:3f:4f:54:91:26:45:cb:8d:
                    9a:e0:9a:f2:86:c9:67:37:af:59:a9:9a:46:ce:b2:
                    b0:48:80:06:10:ad:ce:da:f0:c5:f5:91:8c:50:8c:
                    37:1a:ae:ac:fa:35:68:b6:1c:3c:09:ea:40:07:07:
                    f6:f4:07:66:d7:3d:6c:0c:a6:ce:0b:ff:52:1e:66:
                    e6:4a:5b:1f:bd:cb:c4:15:ea:46:22:b5:6a:7d:21:
                    1a:29:e6:7c:92:77:d0:1e:e9:09:63:a6:10:73:c5:
                    c3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:5D:8C:57:6E:90:75:05:91:C1:78:A2:71:78:AE:74:AE:A7:D5:7C
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/zF2MV26QdQWRwXiicXiudK6n1Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.19.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:84:1f:ba:bf:8a:36:1f:d9:b1:b7:9b:ef:bc:de:f9:9d:82:
         67:1a:38:ed:48:49:62:ca:b5:bb:f6:ea:51:59:95:2e:11:47:
         e7:24:65:d6:92:d4:fe:23:3f:73:2c:46:80:3a:87:e7:ba:94:
         16:0a:16:8e:d9:1f:8c:3e:4e:a6:c3:50:84:d8:4d:03:89:6d:
         28:1f:f5:6f:bf:05:3f:3e:2c:26:30:7e:af:ad:62:b1:57:09:
         14:8c:9a:70:d3:4d:a0:2c:a0:83:59:34:f1:99:5b:d7:8b:f3:
         de:fa:30:ee:c0:b3:56:68:a9:6c:15:fd:6c:a8:56:c4:77:d1:
         1e:5d:5c:f0:18:82:59:d0:bf:d9:ba:79:dd:e5:02:e2:32:c0:
         ad:01:e2:24:47:41:2c:48:73:13:96:bc:45:9a:50:ae:c1:d0:
         d5:43:bd:e9:af:fa:17:a6:a2:3a:ec:fa:38:d6:1a:f0:ff:08:
         5a:bc:fc:9a:6b:35:09:52:01:e1:43:67:83:29:c7:14:45:b4:
         ed:71:c1:ab:81:5f:41:bf:34:c3:21:83:97:a9:ca:e1:a0:22:
         9a:1d:dc:e8:0c:cb:85:49:4d:d4:24:34:e0:5c:d0:0c:78:37:
         e5:bc:2b:7b:1e:91:ba:14:3e:98:bb:ee:16:be:d9:f0:34:a7:
         39:70:66:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshGwCjXD4VYC9Iquoy4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzVkOGM1NzZlOTA3NTA1OTFjMTc4YTI3MTc4YWU3NGFlYTdkNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGLMCzj6UegDzc761P0+uEEQV6qg
sfjLgNgdhdKBySSPoJ5snrEm8qXGRcytIJISfiWvCoNiN5x0QOjqGKtynSO9KJf/
qiFt/1rVmJ7sjVrPdpqoU2o3XFmtAJjOSfpWzzUIShkhMi404S+LsUU8jIMJJMmq
N4HhFTNjGBrvlOGwSkg4dfTK3egU31wRj+DGSFJkJ7xq2GZtv0dfP09UkSZFy42a
4JryhslnN69ZqZpGzrKwSIAGEK3O2vDF9ZGMUIw3Gq6s+jVothw8CepABwf29Adm
1z1sDKbOC/9SHmbmSlsfvcvEFepGIrVqfSEaKeZ8knfQHukJY6YQc8XD/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxdjFdukHUFkcF4onF4rnSup9V8MB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvekYyTVYyNlFkUVdSd1hpaWNYaXVkSzZuMVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJRNAMA0G
CSqGSIb3DQEBCwUAA4IBAQAUhB+6v4o2H9mxt5vvvN75nYJnGjjtSEliyrW79upR
WZUuEUfnJGXWktT+Iz9zLEaAOofnupQWChaO2R+MPk6mw1CE2E0DiW0oH/VvvwU/
PiwmMH6vrWKxVwkUjJpw002gLKCDWTTxmVvXi/Pe+jDuwLNWaKlsFf1sqFbEd9Ee
XVzwGIJZ0L/Zunnd5QLiMsCtAeIkR0EsSHMTlrxFmlCuwdDVQ73pr/oXpqI67Po4
1hrw/whavPyaazUJUgHhQ2eDKccURbTtccGrgV9BvzTDIYOXqcrhoCKaHdzoDMuF
SU3UJDTgXNAMeDflvCt7HpG6FD6Yu+4WvtnwNKc5cGYS
-----END CERTIFICATE-----