Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/FKU101mf93kVmPfPFb21ojWdwmk.roa
File:                     FKU101mf93kVmPfPFb21ojWdwmk.roa (raw, json)
Hash identifier:          oZXePCsBbf4EicuMJCMZneVZ8yo7BKPndMqgAtR6y/I=
Subject key identifier:   14:A5:35:D3:59:9F:F7:79:15:98:F7:CF:15:BD:B5:A2:35:9D:C2:69
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC16CFA0E1E38482C74AEBFF8FF2B3
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/FKU101mf93kVmPfPFb21ojWdwmk.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203950
IP address blocks:        45.128.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:16:cf:a0:e1:e3:84:82:c7:4a:eb:ff:8f:f2:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14a535d3599ff7791598f7cf15bdb5a2359dc269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e4:74:ba:7b:0c:de:4b:54:7e:95:cb:93:46:
                    88:28:e6:9e:60:c0:0c:f3:60:5c:b9:9a:a7:97:6f:
                    b7:63:91:1c:d1:b5:24:4a:87:c4:6a:40:19:8c:55:
                    91:50:a8:13:00:72:24:4d:3a:e2:07:52:92:f0:52:
                    c4:a5:dd:49:d7:8c:4d:23:f3:b7:33:c4:cf:fa:3d:
                    10:ec:e0:ef:f5:1d:a7:5b:6e:b6:f7:3f:99:ce:14:
                    63:7c:c0:72:7d:a8:9f:8f:1b:e4:e9:5a:e3:24:25:
                    85:ca:ea:21:d3:6d:ee:b9:45:7d:09:3d:0d:22:71:
                    80:0b:5d:20:04:03:f4:06:61:bd:b2:1f:3d:1e:2d:
                    e0:e0:c9:90:0b:2f:60:38:cc:47:0d:32:90:68:99:
                    b5:93:82:b9:9f:41:72:1d:0a:68:8a:05:5d:57:04:
                    b5:07:4e:69:3f:46:a5:7a:36:f9:d8:8f:7c:60:1d:
                    47:27:b9:f3:57:74:95:eb:55:e8:c4:cd:6b:13:d4:
                    c3:b7:5a:6e:aa:3f:be:e8:b3:30:40:28:5c:37:45:
                    86:cb:91:e9:4e:82:02:bd:62:c7:46:cc:5d:92:fa:
                    d9:41:bc:3d:38:4c:19:6e:d0:c6:78:7d:24:ae:6b:
                    1b:5a:67:c9:e4:10:cd:bb:24:eb:3e:d3:d0:eb:32:
                    77:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:A5:35:D3:59:9F:F7:79:15:98:F7:CF:15:BD:B5:A2:35:9D:C2:69
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/FKU101mf93kVmPfPFb21ojWdwmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:f1:ea:9f:6d:65:61:2e:5d:f6:9b:ed:94:7c:42:8c:ca:1e:
         70:7a:75:78:5b:22:c2:47:b4:3e:78:ff:3e:12:c3:83:a5:50:
         8f:b6:0c:64:41:62:0f:d4:94:a8:c4:7e:26:88:f4:3e:6a:24:
         4a:c0:38:c7:28:54:5a:6d:7f:fe:94:fb:a6:84:6a:fd:5f:42:
         b6:1a:c9:9e:34:46:3e:ba:0a:e3:37:77:70:f7:16:99:7b:86:
         c7:b9:f0:f5:30:5d:01:0e:32:71:a4:e9:be:a4:74:29:b4:b2:
         3c:f8:1f:c6:a4:a4:c0:83:f7:99:7e:10:de:ca:4e:c2:87:83:
         be:3e:73:8e:52:e5:fa:2f:8a:39:4f:f2:c5:e9:4e:08:06:e8:
         7e:6d:6e:1a:8d:1b:f7:6e:12:9b:61:f8:e8:b6:02:96:fc:43:
         92:3b:e3:86:bd:1f:73:9d:2e:ff:48:d7:10:1f:75:de:89:b5:
         d0:fc:d4:8f:2a:be:49:39:e1:6f:23:39:b1:02:20:07:81:fb:
         d9:e2:3f:0c:0c:b3:7f:9b:65:de:40:28:3b:ff:fe:db:69:03:
         cc:f5:9b:46:db:fb:4a:b5:f4:9c:e2:8c:c1:ed:7b:69:ba:fa:
         e0:12:81:70:c5:a3:77:d3:2b:07:1e:0d:cc:10:35:23:23:bd:
         eb:50:1f:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/BbPoOHjhILHSuv/j/KzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGE1MzVkMzU5OWZmNzc5MTU5OGY3Y2YxNWJkYjVhMjM1OWRjMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruR0unsM3ktUfpXLk0aIKOaeYMAM
82BcuZqnl2+3Y5Ec0bUkSofEakAZjFWRUKgTAHIkTTriB1KS8FLEpd1J14xNI/O3
M8TP+j0Q7ODv9R2nW2629z+ZzhRjfMByfaifjxvk6VrjJCWFyuoh023uuUV9CT0N
InGAC10gBAP0BmG9sh89Hi3g4MmQCy9gOMxHDTKQaJm1k4K5n0FyHQpoigVdVwS1
B05pP0alejb52I98YB1HJ7nzV3SV61XoxM1rE9TDt1puqj++6LMwQChcN0WGy5Hp
ToICvWLHRsxdkvrZQbw9OEwZbtDGeH0krmsbWmfJ5BDNuyTrPtPQ6zJ3OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSlNdNZn/d5FZj3zxW9taI1ncJpMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvRktVMTAxbWY5M2tWbVBmUEZiMjFvaldkd21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYAUMA0G
CSqGSIb3DQEBCwUAA4IBAQCS8eqfbWVhLl32m+2UfEKMyh5wenV4WyLCR7Q+eP8+
EsODpVCPtgxkQWIP1JSoxH4miPQ+aiRKwDjHKFRabX/+lPumhGr9X0K2GsmeNEY+
ugrjN3dw9xaZe4bHufD1MF0BDjJxpOm+pHQptLI8+B/GpKTAg/eZfhDeyk7Ch4O+
PnOOUuX6L4o5T/LF6U4IBuh+bW4ajRv3bhKbYfjotgKW/EOSO+OGvR9znS7/SNcQ
H3XeibXQ/NSPKr5JOeFvIzmxAiAHgfvZ4j8MDLN/m2XeQCg7//7baQPM9ZtG2/tK
tfSc4ozB7XtpuvrgEoFwxaN30ysHHg3MEDUjI73rUB/c
-----END CERTIFICATE-----