Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/nV7mlnbdHRJvctXd94RgznFcitk.roa
File:                     nV7mlnbdHRJvctXd94RgznFcitk.roa (raw, json)
Hash identifier:          ZYPeOfYJasFTw4cZxSAmqK3hWy+FeXGOP8KYHdoMKs8=
Subject key identifier:   9D:5E:E6:96:76:DD:1D:12:6F:72:D5:DD:F7:84:60:CE:71:5C:8A:D9
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB335F79B7D44CFD4F10AD698E2813
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/nV7mlnbdHRJvctXd94RgznFcitk.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203950
IP address blocks:        45.128.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:33:5f:79:b7:d4:4c:fd:4f:10:ad:69:8e:28:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d5ee69676dd1d126f72d5ddf78460ce715c8ad9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:73:3a:18:36:5f:aa:0c:78:1e:2a:32:08:b8:
                    f5:0e:7a:75:c1:70:ee:86:a3:49:ea:6f:97:6d:bc:
                    e1:34:d7:af:85:2e:5f:a1:f2:3e:dd:9c:92:d6:ca:
                    e4:e5:50:f0:c7:09:fb:e2:3d:4a:4a:dd:b6:28:5b:
                    26:dc:07:57:3c:10:d0:37:82:5c:04:f5:7a:ce:15:
                    4c:aa:92:23:15:1e:f7:40:f1:4c:e4:bc:13:c7:e4:
                    03:40:f3:42:1f:29:9f:d9:02:d7:7c:c2:76:1d:53:
                    4a:7d:9c:13:3e:43:3d:33:2d:f7:9d:67:8d:a1:98:
                    6a:43:55:b9:5d:62:b4:7a:03:59:6b:cd:92:57:fc:
                    d7:59:be:da:a9:3a:ab:9a:7f:33:32:b1:c2:df:82:
                    4d:14:ee:48:03:ca:97:a1:b8:4f:13:b3:22:c3:f1:
                    c7:00:73:fc:4a:aa:78:c9:e9:92:f0:ad:72:52:bc:
                    16:71:44:96:7f:f8:99:20:a7:57:1e:38:87:32:92:
                    d7:67:02:4d:dd:79:8e:b6:1f:fd:7d:e3:7a:fd:38:
                    b0:c5:6e:47:7f:36:e8:b4:fc:f8:74:d0:c6:8e:60:
                    b2:ce:3a:4d:1b:74:cf:a0:ea:66:1b:ce:bb:f8:0c:
                    d7:47:44:66:00:83:01:73:81:10:d6:a4:dd:cf:70:
                    db:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:5E:E6:96:76:DD:1D:12:6F:72:D5:DD:F7:84:60:CE:71:5C:8A:D9
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/nV7mlnbdHRJvctXd94RgznFcitk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:8a:d6:28:6e:3f:d6:59:d5:ea:fd:ac:0b:8e:7d:98:71:6a:
         08:c7:62:66:63:80:b1:18:b2:ca:04:44:4b:59:b6:8a:9c:24:
         e6:6e:2f:f3:8e:bf:ed:f8:e1:77:1f:ae:20:eb:61:56:b9:81:
         6f:f0:7a:5a:c6:9f:1b:65:af:92:1e:f3:c1:5f:76:6d:f4:a3:
         23:0c:c7:af:13:76:90:09:3d:02:ec:7a:6b:00:13:e1:7a:9f:
         59:91:bf:62:96:f4:ad:48:8f:65:ef:ba:54:d7:e6:9d:11:4c:
         31:25:a4:5e:a9:8d:56:ef:ff:ff:4b:79:dc:40:d5:0a:47:9a:
         1e:26:c8:3e:22:2d:07:b3:47:63:57:e0:94:7c:78:04:2f:11:
         46:b0:a8:c7:04:e7:3b:36:28:6e:b3:4c:ff:8e:7d:90:19:fe:
         51:90:40:6b:13:eb:b0:76:8f:21:de:12:29:28:b2:0b:c1:0a:
         18:21:29:1b:0b:e3:77:7b:2d:53:d3:00:71:79:ff:a4:56:0b:
         e1:44:9e:8f:48:43:a2:e8:60:2a:1b:67:bc:d4:a3:9e:9d:b7:
         6a:59:9d:7e:99:26:69:75:21:36:85:59:a7:35:c4:1e:a6:3b:
         fe:ed:d8:4a:5f:f6:0b:60:0a:1d:c3:20:32:eb:c2:09:90:ce:
         db:cc:59:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zNfebfUTP1PEK1pjigTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDVlZTY5Njc2ZGQxZDEyNmY3MmQ1ZGRmNzg0NjBjZTcxNWM4YWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3M6GDZfqgx4HioyCLj1Dnp1wXDu
hqNJ6m+XbbzhNNevhS5fofI+3ZyS1srk5VDwxwn74j1KSt22KFsm3AdXPBDQN4Jc
BPV6zhVMqpIjFR73QPFM5LwTx+QDQPNCHymf2QLXfMJ2HVNKfZwTPkM9My33nWeN
oZhqQ1W5XWK0egNZa82SV/zXWb7aqTqrmn8zMrHC34JNFO5IA8qXobhPE7Miw/HH
AHP8Sqp4yemS8K1yUrwWcUSWf/iZIKdXHjiHMpLXZwJN3XmOth/9feN6/TiwxW5H
fzbotPz4dNDGjmCyzjpNG3TPoOpmG867+AzXR0RmAIMBc4EQ1qTdz3DbyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1e5pZ23R0Sb3LV3feEYM5xXIrZMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvblY3bWxuYmRIUkp2Y3RYZDk0Umd6bkZjaXRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYAUMA0G
CSqGSIb3DQEBCwUAA4IBAQA8itYobj/WWdXq/awLjn2YcWoIx2JmY4CxGLLKBERL
WbaKnCTmbi/zjr/t+OF3H64g62FWuYFv8Hpaxp8bZa+SHvPBX3Zt9KMjDMevE3aQ
CT0C7HprABPhep9Zkb9ilvStSI9l77pU1+adEUwxJaReqY1W7///S3ncQNUKR5oe
Jsg+Ii0Hs0djV+CUfHgELxFGsKjHBOc7Nihus0z/jn2QGf5RkEBrE+uwdo8h3hIp
KLILwQoYISkbC+N3ey1T0wBxef+kVgvhRJ6PSEOi6GAqG2e81KOenbdqWZ1+mSZp
dSE2hVmnNcQepjv+7dhKX/YLYAodwyAy68IJkM7bzFnw
-----END CERTIFICATE-----