Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/RovjuxiKGfwHw2_fwtGcSifzO4s.roa
File:                     RovjuxiKGfwHw2_fwtGcSifzO4s.roa (raw, json)
Hash identifier:          tIXxG91aBMX3Z5uvVO9d6bJnj+cwOoTerADNDKWyVcg=
Subject key identifier:   46:8B:E3:BB:18:8A:19:FC:07:C3:6F:DF:C2:D1:9C:4A:27:F3:3B:8B
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019D80ED1B015C20346B4B5556B2CA73BD31
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/RovjuxiKGfwHw2_fwtGcSifzO4s.roa
Signing time:             Sun 12 Apr 2026 09:01:55 +0000
ROA not before:           Sun 12 Apr 2026 09:01:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        5.249.184.0/22 maxlen: 24
                          185.145.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:80:ed:1b:01:5c:20:34:6b:4b:55:56:b2:ca:73:bd:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Apr 12 09:01:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=468be3bb188a19fc07c36fdfc2d19c4a27f33b8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:49:2b:f9:9d:f3:a5:e9:d4:cb:2b:c2:b0:ee:
                    5a:c5:39:c6:56:74:90:d1:79:57:e3:ff:01:fb:7f:
                    74:2f:37:da:fa:9c:4f:3a:48:df:82:22:c5:72:02:
                    bb:ef:7d:5b:d4:8f:85:46:92:be:a3:e9:d8:24:9e:
                    f4:bf:7e:cf:c0:c8:19:ae:98:ef:7d:03:39:0b:b0:
                    27:dc:bb:1c:1f:a7:35:14:82:a1:7d:8c:52:f2:97:
                    d5:4f:1b:d6:9c:e9:e5:4e:27:0a:83:1f:6d:6b:dd:
                    d7:f7:6f:55:e1:2e:f7:17:48:9b:80:fc:f5:5f:ad:
                    0d:58:34:de:06:15:8b:48:e6:38:42:01:9f:d0:6b:
                    b3:4a:b7:db:00:ad:be:94:2b:d6:bd:d3:12:a3:88:
                    fd:66:94:f1:cf:51:ac:7f:24:1b:04:4e:4f:f2:59:
                    2d:82:f1:4e:ce:d3:5d:86:1f:ed:b6:58:39:b1:df:
                    51:b4:d6:5f:1d:5f:5f:d9:5a:21:e2:5a:32:6f:0a:
                    e8:56:cb:d1:25:2f:7f:a6:3c:81:38:ac:9f:1a:02:
                    3a:70:49:2d:d3:2f:40:c2:8e:4e:c5:58:46:cf:7f:
                    e2:c9:01:06:6c:0a:7e:8a:5d:d0:89:48:dc:d7:32:
                    8b:59:85:bd:bd:41:3a:00:ac:9d:a5:11:b1:80:0e:
                    a2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8B:E3:BB:18:8A:19:FC:07:C3:6F:DF:C2:D1:9C:4A:27:F3:3B:8B
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/RovjuxiKGfwHw2_fwtGcSifzO4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.184.0/22
                  185.145.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:97:94:ac:c9:68:17:4c:d6:7d:e8:43:33:a7:51:71:41:a2:
         fd:66:39:a0:2b:fe:6f:c5:5f:d7:65:a9:d1:57:39:d9:0b:9c:
         a4:ea:a1:e8:e3:47:51:59:a3:9c:f6:4a:0e:4a:60:da:98:e3:
         6a:38:07:35:e4:d2:f6:93:a4:f4:63:d9:70:e9:c2:5d:cd:92:
         e8:db:9f:e0:3b:21:85:c1:4c:ee:41:4d:86:af:59:07:ad:a2:
         38:e0:49:fb:c5:bf:75:c3:9e:e5:3f:6a:67:1d:a5:49:e4:9e:
         95:83:e6:f8:6a:ee:74:aa:6c:3c:34:1d:c3:48:15:a8:3b:be:
         38:45:f6:d2:78:2f:6b:ac:80:ce:0a:63:a7:03:99:19:dd:47:
         ea:e9:27:6c:ee:9b:2b:e4:9a:5a:f6:2c:90:14:50:d3:d1:58:
         01:e0:94:a7:19:83:2b:97:ff:02:d8:bf:73:b2:92:06:be:f3:
         34:84:49:6b:2e:16:cb:9f:f1:a8:60:a1:07:ae:c6:a6:5c:b3:
         97:41:d7:c1:41:f7:ad:30:1f:34:dd:ca:06:f6:d4:f0:66:48:
         8b:f4:da:6a:4e:55:66:20:3f:fb:d7:f9:3b:3e:39:53:88:ef:
         02:26:96:d3:0a:8a:28:76:03:51:dd:8e:2e:f5:d5:e7:dd:18:
         55:60:c5:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2A7RsBXCA0a0tVVrLKc70xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjYwNDEyMDkwMTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhiZTNiYjE4OGExOWZjMDdjMzZmZGZjMmQxOWM0YTI3ZjMzYjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0kr+Z3zpenUyyvCsO5axTnGVnSQ
0XlX4/8B+390Lzfa+pxPOkjfgiLFcgK7731b1I+FRpK+o+nYJJ70v37PwMgZrpjv
fQM5C7An3LscH6c1FIKhfYxS8pfVTxvWnOnlTicKgx9ta93X929V4S73F0ibgPz1
X60NWDTeBhWLSOY4QgGf0GuzSrfbAK2+lCvWvdMSo4j9ZpTxz1GsfyQbBE5P8lkt
gvFOztNdhh/ttlg5sd9RtNZfHV9f2Voh4loybwroVsvRJS9/pjyBOKyfGgI6cEkt
0y9Awo5OxVhGz3/iyQEGbAp+il3QiUjc1zKLWYW9vUE6AKydpRGxgA6igwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEaL47sYihn8B8Nv38LRnEon8zuLMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvUm92anV4aUtHZndIdzJfZnd0R2NTaWZ6TzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBfm4AwQA
uZE0MA0GCSqGSIb3DQEBCwUAA4IBAQB1l5SsyWgXTNZ96EMzp1FxQaL9ZjmgK/5v
xV/XZanRVznZC5yk6qHo40dRWaOc9koOSmDamONqOAc15NL2k6T0Y9lw6cJdzZLo
25/gOyGFwUzuQU2Gr1kHraI44En7xb91w57lP2pnHaVJ5J6Vg+b4au50qmw8NB3D
SBWoO744RfbSeC9rrIDOCmOnA5kZ3Ufq6Sds7psr5Jpa9iyQFFDT0VgB4JSnGYMr
l/8C2L9zspIGvvM0hElrLhbLn/GoYKEHrsamXLOXQdfBQfetMB803coG9tTwZkiL
9NpqTlVmID/71/k7PjlTiO8CJpbTCooodgNR3Y4u9dXn3RhVYMXn
-----END CERTIFICATE-----