Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/FE_S4W2tO92nb8O_O-hOesCLUm8.roa
File:                     FE_S4W2tO92nb8O_O-hOesCLUm8.roa (raw, json)
Hash identifier:          GDvu1c61oibSFyqoFZ8ntITmbpcdKoP+42kQduFji50=
Subject key identifier:   14:4F:D2:E1:6D:AD:3B:DD:A7:6F:C3:BF:3B:E8:4E:7A:C0:8B:52:6F
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019D80ED1BEAE1C5C9BDAD39D91716489A8A
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/FE_S4W2tO92nb8O_O-hOesCLUm8.roa
Signing time:             Sun 12 Apr 2026 09:01:55 +0000
ROA not before:           Sun 12 Apr 2026 09:01:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        5.249.176.0/22 maxlen: 24
                          5.249.184.0/22 maxlen: 24
                          37.19.64.0/22 maxlen: 24
                          37.19.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:80:ed:1b:ea:e1:c5:c9:bd:ad:39:d9:17:16:48:9a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Apr 12 09:01:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=144fd2e16dad3bdda76fc3bf3be84e7ac08b526f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a3:4d:14:a8:f1:8d:1b:51:23:34:12:d9:26:
                    92:9a:ad:d8:47:ee:a7:e3:ad:90:cc:ab:c9:8c:50:
                    ae:80:14:eb:75:e9:e7:24:7e:fb:e7:dc:ad:e3:f0:
                    50:a2:b5:6e:6e:14:47:97:4f:aa:98:08:07:84:a8:
                    ce:a5:1c:61:3c:22:df:95:bc:54:37:07:c7:09:0f:
                    95:3a:74:6f:69:b8:2f:09:82:86:89:6a:a8:88:19:
                    b8:bb:7f:a9:1c:cc:d4:57:a8:2d:02:2e:6d:2a:87:
                    16:9c:bf:8c:95:3c:94:b9:68:46:a6:3b:19:50:37:
                    f6:92:a3:11:6d:ad:a2:06:a9:b3:e2:d8:38:4c:a6:
                    57:41:b8:1b:c9:d8:e3:09:5b:b4:d8:54:eb:96:6a:
                    54:23:d1:90:12:22:c3:51:d0:78:b7:55:f8:73:86:
                    67:c4:8c:6d:4e:82:ed:a3:9e:01:60:1a:24:99:7e:
                    8c:45:3e:e9:b3:3a:55:a7:ca:56:5b:19:20:f8:f1:
                    94:72:f5:1b:e9:6a:5c:91:b5:28:50:aa:64:87:c3:
                    2b:0f:50:fd:94:5f:9d:af:2a:19:00:67:d7:2d:9c:
                    6f:a2:f0:1a:27:21:21:c0:2e:ac:69:92:b1:e9:37:
                    ee:0e:b8:65:59:3f:a8:a7:87:2e:26:45:f8:0a:5b:
                    da:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:4F:D2:E1:6D:AD:3B:DD:A7:6F:C3:BF:3B:E8:4E:7A:C0:8B:52:6F
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/FE_S4W2tO92nb8O_O-hOesCLUm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.176.0/22
                  5.249.184.0/22
                  37.19.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4f:cf:f8:60:81:56:4a:f6:4a:3b:65:eb:ed:17:78:8f:b1:69:
         ee:34:0c:b3:13:67:f6:26:cc:14:67:f4:56:ed:c6:f5:e1:d7:
         52:18:62:cc:57:35:41:11:73:a8:64:67:cc:1f:ef:fa:97:c0:
         75:49:03:ea:21:01:f2:e1:8d:ce:0f:af:c0:9a:88:1d:15:18:
         f5:b0:c8:2b:d9:a9:b9:ed:16:f3:60:b4:0c:4b:0a:90:ee:dc:
         6c:68:04:c2:db:89:06:79:d5:7d:11:93:e8:34:39:b1:7c:20:
         81:43:65:d9:85:8d:86:3e:db:d0:9b:1c:14:13:b8:8d:12:d1:
         f2:6d:c0:19:f2:8b:fc:ee:62:b3:0e:17:56:c8:0c:ca:32:ba:
         cb:2b:8d:c7:6f:b3:b1:1a:f5:a1:1d:da:4f:57:32:cf:30:55:
         ee:e1:41:26:a5:60:65:d5:f2:72:43:7d:cd:9f:40:a2:c5:51:
         e8:3b:d3:b1:ae:10:f6:81:9a:e1:40:aa:4c:28:65:0c:8c:81:
         bc:3f:9d:ba:9b:6d:0c:2a:24:b8:c5:b8:88:31:71:e2:27:ee:
         7f:da:05:29:6f:15:ff:9c:55:91:2b:71:37:5c:59:56:f0:d9:
         34:ff:9f:32:ed:98:49:c4:10:8a:32:9f:c4:bd:29:86:8d:b2:
         fa:a2:10:60
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2A7Rvq4cXJva052RcWSJqKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjYwNDEyMDkwMTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDRmZDJlMTZkYWQzYmRkYTc2ZmMzYmYzYmU4NGU3YWMwOGI1MjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaNNFKjxjRtRIzQS2SaSmq3YR+6n
462QzKvJjFCugBTrdennJH7759yt4/BQorVubhRHl0+qmAgHhKjOpRxhPCLflbxU
NwfHCQ+VOnRvabgvCYKGiWqoiBm4u3+pHMzUV6gtAi5tKocWnL+MlTyUuWhGpjsZ
UDf2kqMRba2iBqmz4tg4TKZXQbgbydjjCVu02FTrlmpUI9GQEiLDUdB4t1X4c4Zn
xIxtToLto54BYBokmX6MRT7pszpVp8pWWxkg+PGUcvUb6WpckbUoUKpkh8MrD1D9
lF+dryoZAGfXLZxvovAaJyEhwC6saZKx6TfuDrhlWT+op4cuJkX4ClvacQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBRP0uFtrTvdp2/DvzvoTnrAi1JvMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvRkVfUzRXMnRPOTJuYjhPX08taE9lc0NMVW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBfmwAwQC
Bfm4AwQDJRNAMA0GCSqGSIb3DQEBCwUAA4IBAQBPz/hggVZK9ko7ZevtF3iPsWnu
NAyzE2f2JswUZ/RW7cb14ddSGGLMVzVBEXOoZGfMH+/6l8B1SQPqIQHy4Y3OD6/A
mogdFRj1sMgr2am57RbzYLQMSwqQ7txsaATC24kGedV9EZPoNDmxfCCBQ2XZhY2G
PtvQmxwUE7iNEtHybcAZ8ov87mKzDhdWyAzKMrrLK43Hb7OxGvWhHdpPVzLPMFXu
4UEmpWBl1fJyQ33Nn0CixVHoO9OxrhD2gZrhQKpMKGUMjIG8P526m20MKiS4xbiI
MXHiJ+5/2gUpbxX/nFWRK3E3XFlW8Nk0/58y7ZhJxBCKMp/EvSmGjbL6ohBg
-----END CERTIFICATE-----