Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CgsCSbc5bcUsHB4vSJqXLM5O3p8.roa
File:                     CgsCSbc5bcUsHB4vSJqXLM5O3p8.roa (raw, json)
Hash identifier:          m+YgMnxL7PoVjPXw8OzY0hHPsI3QCa3oqNzdlRLeMIc=
Subject key identifier:   0A:0B:02:49:B7:39:6D:C5:2C:1C:1E:2F:48:9A:97:2C:CE:4E:DE:9F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E6259F0D13769D48F7FABA9D55D126657
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CgsCSbc5bcUsHB4vSJqXLM5O3p8.roa
Signing time:             Thu 21 Mar 2024 18:50:45 +0000
ROA not before:           Thu 21 Mar 2024 18:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        82.153.0.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:62:59:f0:d1:37:69:d4:8f:7f:ab:a9:d5:5d:12:66:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 21 18:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a0b0249b7396dc52c1c1e2f489a972cce4ede9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:83:b4:fd:85:8d:13:23:7f:f9:5b:dd:54:ac:
                    16:ac:6c:eb:3f:c8:fc:e8:78:f8:8f:a7:1c:53:ea:
                    b6:c9:be:c4:61:15:6f:d7:9b:0c:76:d5:e5:da:78:
                    0e:59:6e:96:03:0b:1f:4f:55:cb:45:4f:42:73:a4:
                    8d:dd:a5:68:5d:54:84:9d:bd:c9:73:e0:e9:8b:09:
                    5b:89:2d:6b:a7:c6:eb:ae:f5:99:81:5e:f9:88:57:
                    f3:64:81:47:30:33:82:ef:88:40:7f:da:3e:58:67:
                    64:0d:45:5a:bb:96:6b:c0:8b:71:a9:d1:5d:0e:5c:
                    c9:76:05:34:83:1a:7d:0f:b7:03:49:3f:bb:12:1e:
                    6c:a0:34:4b:46:77:83:fb:50:87:6d:15:b8:a5:d7:
                    34:7d:15:f0:f1:83:f6:98:96:4d:38:36:54:c6:eb:
                    08:b5:a2:c1:ba:d4:ce:56:9c:c2:89:0e:65:e2:cc:
                    3c:02:41:e6:f7:3c:e5:fe:01:05:de:23:7b:32:c7:
                    c2:b3:05:f9:c0:7d:81:9c:e6:7f:90:06:db:3a:2f:
                    68:e9:71:d4:0a:84:c3:4d:8a:ff:7f:ca:eb:2c:25:
                    3e:b1:10:03:c6:f2:a5:a6:8a:4f:87:f4:03:95:55:
                    ba:e4:66:48:d7:9e:6b:ce:2b:32:a2:c3:4a:4e:7f:
                    21:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:0B:02:49:B7:39:6D:C5:2C:1C:1E:2F:48:9A:97:2C:CE:4E:DE:9F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CgsCSbc5bcUsHB4vSJqXLM5O3p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.0.0/24
                  89.213.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:67:a6:bd:46:1e:a6:3f:25:64:37:ad:73:cf:81:2f:e8:c1:
         5b:82:70:74:0b:25:13:ba:fb:51:dd:50:5e:75:a3:b3:ff:ba:
         1e:89:18:9e:63:99:94:59:d6:c5:be:25:1f:72:71:c8:56:17:
         ed:5a:0a:80:d7:64:46:66:26:2b:32:69:c8:fa:63:8c:e3:11:
         03:0d:b7:ee:06:40:ed:1a:34:e5:b9:45:80:a8:ef:29:80:47:
         6d:b0:a4:47:1b:69:eb:fd:6c:31:fd:b4:99:7e:72:29:57:08:
         b6:c2:38:96:17:0b:fb:b1:98:b6:01:2c:66:0b:1f:48:db:34:
         5f:ee:09:10:56:b7:60:91:f2:f7:fc:1a:58:0e:6d:69:53:1f:
         25:74:17:e6:c9:68:ca:fd:4d:ad:c4:e8:09:e7:25:99:3f:fc:
         b4:b9:01:de:59:da:b9:47:5a:81:2b:8f:8c:e6:19:c3:4e:ca:
         c2:3e:f3:dc:e7:95:bc:31:a0:06:8f:65:58:5c:c0:92:01:7d:
         d3:6f:d1:78:ff:9c:b2:2d:95:ee:2f:ad:cc:3e:9f:aa:da:88:
         6a:34:fb:82:03:51:44:cb:15:6c:77:a9:ee:59:78:ae:21:ff:
         99:61:90:8c:da:74:0d:f7:38:1a:71:41:73:da:a0:10:05:f9:
         6d:12:ac:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5iWfDRN2nUj3+rqdVdEmZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzIxMTg1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTBiMDI0OWI3Mzk2ZGM1MmMxYzFlMmY0ODlhOTcyY2NlNGVkZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioO0/YWNEyN/+VvdVKwWrGzrP8j8
6Hj4j6ccU+q2yb7EYRVv15sMdtXl2ngOWW6WAwsfT1XLRU9Cc6SN3aVoXVSEnb3J
c+DpiwlbiS1rp8brrvWZgV75iFfzZIFHMDOC74hAf9o+WGdkDUVau5ZrwItxqdFd
DlzJdgU0gxp9D7cDST+7Eh5soDRLRneD+1CHbRW4pdc0fRXw8YP2mJZNODZUxusI
taLButTOVpzCiQ5l4sw8AkHm9zzl/gEF3iN7MsfCswX5wH2BnOZ/kAbbOi9o6XHU
CoTDTYr/f8rrLCU+sRADxvKlpopPh/QDlVW65GZI155rzisyosNKTn8hHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAoLAkm3OW3FLBweL0ialyzOTt6fMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ2dzQ1NiYzViY1VzSEI0dlNKcVhMTTVPM3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpkAAwQA
WdWkMA0GCSqGSIb3DQEBCwUAA4IBAQBbZ6a9Rh6mPyVkN61zz4Ev6MFbgnB0CyUT
uvtR3VBedaOz/7oeiRieY5mUWdbFviUfcnHIVhftWgqA12RGZiYrMmnI+mOM4xED
DbfuBkDtGjTluUWAqO8pgEdtsKRHG2nr/Wwx/bSZfnIpVwi2wjiWFwv7sZi2ASxm
Cx9I2zRf7gkQVrdgkfL3/BpYDm1pUx8ldBfmyWjK/U2txOgJ5yWZP/y0uQHeWdq5
R1qBK4+M5hnDTsrCPvPc55W8MaAGj2VYXMCSAX3Tb9F4/5yyLZXuL63MPp+q2ohq
NPuCA1FEyxVsd6nuWXiuIf+ZYZCM2nQN9zgacUFz2qAQBfltEqw/
-----END CERTIFICATE-----