Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/Fwkn-erxqVJGCICr5bQF1GUB_bA.roa
File:                     Fwkn-erxqVJGCICr5bQF1GUB_bA.roa (raw, json)
Hash identifier:          ePgJDihP1/Ez/90nsTWFdItvP2OyGIqDLFpAtXpE1Pg=
Subject key identifier:   17:09:27:F9:EA:F1:A9:52:46:08:80:AB:E5:B4:05:D4:65:01:FD:B0
Certificate issuer:       /CN=b62fccda29be666deef8ec62d6bc1e6cd067c35f
Certificate serial:       0195CD5EB0B15469A347F0667F4458621789
Authority key identifier: B6:2F:CC:DA:29:BE:66:6D:EE:F8:EC:62:D6:BC:1E:6C:D0:67:C3:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti_M2im-Zm3u-Oxi1rwebNBnw18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/Fwkn-erxqVJGCICr5bQF1GUB_bA.roa
Signing time:             Tue 25 Mar 2025 12:54:49 +0000
ROA not before:           Tue 25 Mar 2025 12:54:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208343
IP address blocks:        45.144.32.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/ti_M2im-Zm3u-Oxi1rwebNBnw18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/ti_M2im-Zm3u-Oxi1rwebNBnw18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ti_M2im-Zm3u-Oxi1rwebNBnw18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cd:5e:b0:b1:54:69:a3:47:f0:66:7f:44:58:62:17:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62fccda29be666deef8ec62d6bc1e6cd067c35f
        Validity
            Not Before: Mar 25 12:54:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=170927f9eaf1a952460880abe5b405d46501fdb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ec:4a:6c:ee:6b:03:d6:3d:c7:23:1b:36:ad:
                    51:7e:43:62:4c:5d:02:6b:a8:c3:c7:24:fe:b6:68:
                    9e:5a:96:3c:d3:a9:92:3d:50:86:e8:0c:d3:c4:d4:
                    2a:48:68:ec:07:81:c2:97:b9:9e:16:39:d7:3a:1f:
                    e5:6d:65:d2:78:e3:46:68:3a:cf:db:fc:25:48:89:
                    d3:2d:12:6c:37:55:48:4d:e5:a3:f0:be:a9:0e:61:
                    6c:34:b6:41:39:03:44:68:10:e3:fb:9e:f1:4b:9b:
                    a4:48:2e:30:8f:9e:6e:e4:5e:67:f2:f3:09:bd:bb:
                    7d:1b:67:60:ae:96:71:92:dd:b6:90:20:82:28:8a:
                    aa:96:f4:7c:2e:00:e5:0b:80:5c:69:76:44:e5:48:
                    b1:d8:c8:81:e2:2c:fc:f3:c6:c4:5f:62:32:1b:e9:
                    73:03:90:ea:e0:18:06:f4:a4:a8:f1:44:6a:af:ab:
                    bb:e1:be:3a:7b:f4:c2:d2:fe:f2:13:ed:0a:66:87:
                    b1:a0:a1:00:b5:cb:44:5b:12:5a:51:e9:e7:66:59:
                    b3:67:2c:1b:04:28:08:ab:c0:54:f0:37:a8:c5:42:
                    d9:39:81:ce:f0:a5:81:a8:6a:d2:1f:35:6d:1f:21:
                    bb:a9:a5:10:03:c8:fa:91:5e:6d:c1:d7:32:6c:5a:
                    9b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:09:27:F9:EA:F1:A9:52:46:08:80:AB:E5:B4:05:D4:65:01:FD:B0
            X509v3 Authority Key Identifier:
                keyid:B6:2F:CC:DA:29:BE:66:6D:EE:F8:EC:62:D6:BC:1E:6C:D0:67:C3:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti_M2im-Zm3u-Oxi1rwebNBnw18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/Fwkn-erxqVJGCICr5bQF1GUB_bA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9ff645-e0f1-4b18-980f-eda59bc9ca2c/1/ti_M2im-Zm3u-Oxi1rwebNBnw18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:de:7f:f0:59:c2:43:2d:47:93:90:f2:dc:39:e9:c8:3a:ac:
         07:78:cc:0f:c0:f5:15:36:fd:bf:85:d5:ee:9f:62:57:7a:67:
         90:f4:db:cd:e2:c1:df:92:30:68:8c:56:72:e2:79:09:ce:84:
         d7:ab:70:f4:ad:71:2a:34:f9:41:27:3c:60:38:ea:90:57:8a:
         e2:6c:25:98:2f:12:8a:ef:61:d0:a4:e3:29:f7:95:0f:23:88:
         6f:11:35:71:15:b7:2d:aa:c1:46:61:4e:30:56:0b:71:ea:c1:
         3d:bb:85:8d:a9:f4:69:84:92:a4:95:26:11:37:bb:88:e3:e6:
         10:4b:2e:57:71:65:c3:f4:7c:a4:46:bc:a3:bf:9d:62:bb:8a:
         67:d9:31:a4:46:5a:45:e0:33:90:cf:f0:9e:d6:61:75:dd:e4:
         94:0a:41:0d:71:9b:1d:10:03:4a:0b:66:2b:f8:b3:89:4b:84:
         5e:9c:8a:02:7f:02:fa:de:27:44:d5:48:a9:46:3a:07:86:ea:
         a8:bf:f7:6e:d7:60:4a:3d:ea:fc:27:3f:00:69:c0:77:38:0d:
         b5:30:a0:23:9f:07:76:1a:ec:d6:94:79:fc:59:d4:95:8f:53:
         a3:26:da:3a:9d:08:37:83:bd:66:2c:b9:d7:f1:99:76:e8:ea:
         69:3f:48:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXNXrCxVGmjR/Bmf0RYYheJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmZjY2RhMjliZTY2NmRlZWY4ZWM2MmQ2YmMxZTZjZDA2
N2MzNWYwHhcNMjUwMzI1MTI1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzA5MjdmOWVhZjFhOTUyNDYwODgwYWJlNWI0MDVkNDY1MDFmZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOxKbO5rA9Y9xyMbNq1RfkNiTF0C
a6jDxyT+tmieWpY806mSPVCG6AzTxNQqSGjsB4HCl7meFjnXOh/lbWXSeONGaDrP
2/wlSInTLRJsN1VITeWj8L6pDmFsNLZBOQNEaBDj+57xS5ukSC4wj55u5F5n8vMJ
vbt9G2dgrpZxkt22kCCCKIqqlvR8LgDlC4BcaXZE5Uix2MiB4iz888bEX2IyG+lz
A5Dq4BgG9KSo8URqr6u74b46e/TC0v7yE+0KZoexoKEAtctEWxJaUennZlmzZywb
BCgIq8BU8DeoxULZOYHO8KWBqGrSHzVtHyG7qaUQA8j6kV5twdcybFqbhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcJJ/nq8alSRgiAq+W0BdRlAf2wMB8GA1UdIwQY
MBaAFLYvzNopvmZt7vjsYta8HmzQZ8NfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGlfTTJpbS1abTN1LU94aTFyd2ViTkJudzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZmY2NDUtZTBmMS00YjE4LTk4MGYt
ZWRhNTliYzljYTJjLzEvRndrbi1lcnhxVkpHQ0lDcjViUUYxR1VCX2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZmY2NDUtZTBmMS00YjE4LTk4MGYtZWRhNTliYzljYTJj
LzEvdGlfTTJpbS1abTN1LU94aTFyd2ViTkJudzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZAgMA0G
CSqGSIb3DQEBCwUAA4IBAQBz3n/wWcJDLUeTkPLcOenIOqwHeMwPwPUVNv2/hdXu
n2JXemeQ9NvN4sHfkjBojFZy4nkJzoTXq3D0rXEqNPlBJzxgOOqQV4ribCWYLxKK
72HQpOMp95UPI4hvETVxFbctqsFGYU4wVgtx6sE9u4WNqfRphJKklSYRN7uI4+YQ
Sy5XcWXD9HykRryjv51iu4pn2TGkRlpF4DOQz/Ce1mF13eSUCkENcZsdEANKC2Yr
+LOJS4RenIoCfwL63idE1UipRjoHhuqov/du12BKPer8Jz8AacB3OA21MKAjnwd2
GuzWlHn8WdSVj1OjJto6nQg3g71mLLnX8Zl26OppP0iO
-----END CERTIFICATE-----