Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Gi2HX8rP6ku1fr4DOvYGndxWh54.roa
File:                     Gi2HX8rP6ku1fr4DOvYGndxWh54.roa (raw, json)
Hash identifier:          NgpYvVvPVLe/sB366iOlAqPC3Ulp69jjb0ChLmc29TA=
Subject key identifier:   1A:2D:87:5F:CA:CF:EA:4B:B5:7E:BE:03:3A:F6:06:9D:DC:56:87:9E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0191CD04B2D06D0D5C8055F9B757189B1710
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Gi2HX8rP6ku1fr4DOvYGndxWh54.roa
Signing time:             Sat 07 Sep 2024 15:05:22 +0000
ROA not before:           Sat 07 Sep 2024 15:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203950
IP address blocks:        45.128.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:cd:04:b2:d0:6d:0d:5c:80:55:f9:b7:57:18:9b:17:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Sep  7 15:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a2d875fcacfea4bb57ebe033af6069ddc56879e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e5:dc:f2:de:39:a2:ed:b5:1d:4d:7d:ab:07:
                    01:26:b9:03:b7:01:11:ab:81:37:8d:52:35:af:a0:
                    33:6c:15:37:92:4c:a1:23:98:bf:22:26:d6:63:f3:
                    8d:c4:19:c7:b7:d0:a4:d9:83:86:e1:69:90:41:af:
                    79:a0:e6:3b:d0:fb:94:8d:72:26:93:49:de:f8:c7:
                    84:32:d0:6d:b0:1f:3e:0d:c9:28:92:aa:ac:3b:f5:
                    44:c4:0d:f6:44:5d:70:81:cf:3c:05:83:6c:41:4e:
                    1d:a7:ac:67:39:15:d0:bf:12:f8:17:7e:da:a4:3f:
                    18:f3:fd:61:5a:63:52:c2:cd:16:67:83:80:71:32:
                    50:24:81:e8:0f:73:60:5c:81:2c:d3:ce:44:1d:52:
                    9f:4a:5a:a0:45:69:8f:c6:86:32:04:bd:07:d8:7b:
                    10:6d:e5:fc:42:2c:7e:9a:26:5b:a1:cb:bd:1a:07:
                    d2:db:52:7a:ab:ba:3d:d2:01:fb:7c:8a:df:9c:a9:
                    35:02:25:05:8b:43:b5:af:b7:d9:1d:ff:9b:29:43:
                    23:2e:45:25:64:b4:cd:9d:62:03:b3:03:27:68:8f:
                    47:7c:11:89:a5:e7:45:81:02:a7:b8:7e:b0:9d:8a:
                    f6:20:ac:eb:4a:e6:23:05:fc:81:62:36:ba:70:04:
                    b9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:2D:87:5F:CA:CF:EA:4B:B5:7E:BE:03:3A:F6:06:9D:DC:56:87:9E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Gi2HX8rP6ku1fr4DOvYGndxWh54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:4d:2f:4a:d1:d5:33:8e:f0:7a:41:dd:8d:db:48:f7:54:d4:
         d4:bd:5d:09:76:96:e3:e8:ce:1f:c3:27:6f:c9:ee:cc:e8:0d:
         37:01:c3:44:39:ad:3b:5f:f3:31:93:bc:c8:37:82:df:c7:cd:
         ea:ba:df:88:e9:18:5c:c4:d5:f6:3d:ba:02:0e:2c:78:02:be:
         c5:f6:6f:8d:b5:ba:c6:8d:45:a0:94:4a:aa:b9:4d:4c:a7:25:
         ad:95:dd:f1:a4:44:4d:09:46:b3:f2:4a:02:7c:f8:07:97:a0:
         f8:75:57:78:2c:30:a0:24:94:30:eb:47:4a:27:d5:a6:b5:35:
         a9:80:f3:9e:c3:45:76:c4:63:e5:7e:fa:4f:05:4c:52:0a:87:
         a4:e2:d8:c8:27:c5:8a:5d:75:36:bf:bf:19:61:6a:7a:55:18:
         6a:c9:c5:f5:60:24:76:c2:f0:13:59:7f:90:eb:f1:1e:26:23:
         d2:f0:0e:8e:b1:99:12:ae:69:7e:75:04:e5:13:3b:31:6f:8c:
         2b:b3:9d:45:68:33:64:aa:a5:79:f3:a2:99:dc:4d:47:fc:3b:
         ab:68:e5:17:85:d9:19:0f:9a:2c:59:e4:ea:4c:c0:1a:d9:63:
         34:7b:f3:0b:f7:9c:70:34:7d:32:de:47:b3:a3:29:d8:bb:e2:
         ba:b3:c9:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHNBLLQbQ1cgFX5t1cYmxcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwOTA3MTUwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTJkODc1ZmNhY2ZlYTRiYjU3ZWJlMDMzYWY2MDY5ZGRjNTY4NzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuXc8t45ou21HU19qwcBJrkDtwER
q4E3jVI1r6AzbBU3kkyhI5i/IibWY/ONxBnHt9Ck2YOG4WmQQa95oOY70PuUjXIm
k0ne+MeEMtBtsB8+DckokqqsO/VExA32RF1wgc88BYNsQU4dp6xnORXQvxL4F37a
pD8Y8/1hWmNSws0WZ4OAcTJQJIHoD3NgXIEs085EHVKfSlqgRWmPxoYyBL0H2HsQ
beX8Qix+miZbocu9GgfS21J6q7o90gH7fIrfnKk1AiUFi0O1r7fZHf+bKUMjLkUl
ZLTNnWIDswMnaI9HfBGJpedFgQKnuH6wnYr2IKzrSuYjBfyBYja6cAS5DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoth1/Kz+pLtX6+Azr2Bp3cVoeeMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvR2kySFg4clA2a3UxZnI0RE92WUduZHhXaDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYAUMA0G
CSqGSIb3DQEBCwUAA4IBAQCmTS9K0dUzjvB6Qd2N20j3VNTUvV0Jdpbj6M4fwydv
ye7M6A03AcNEOa07X/Mxk7zIN4Lfx83qut+I6RhcxNX2PboCDix4Ar7F9m+NtbrG
jUWglEqquU1MpyWtld3xpERNCUaz8koCfPgHl6D4dVd4LDCgJJQw60dKJ9WmtTWp
gPOew0V2xGPlfvpPBUxSCoek4tjIJ8WKXXU2v78ZYWp6VRhqycX1YCR2wvATWX+Q
6/EeJiPS8A6OsZkSrml+dQTlEzsxb4wrs51FaDNkqqV586KZ3E1H/DuraOUXhdkZ
D5osWeTqTMAa2WM0e/ML95xwNH0y3kezoynYu+K6s8mq
-----END CERTIFICATE-----