Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/1IKKl5D129PR13tfH9EnAc5gTB8.roa
File:                     1IKKl5D129PR13tfH9EnAc5gTB8.roa (raw, json)
Hash identifier:          iA0vJ5ZLHSEXsbjJNTdpZXCajP0Jec7WUNXBiOI06g8=
Subject key identifier:   D4:82:8A:97:90:F5:DB:D3:D1:D7:7B:5F:1F:D1:27:01:CE:60:4C:1F
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4938E5E7DEB1EE7770FF5B3000C3C18
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/1IKKl5D129PR13tfH9EnAc5gTB8.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31477
IP address blocks:        82.150.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8e:5e:7d:eb:1e:e7:77:0f:f5:b3:00:0c:3c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4828a9790f5dbd3d1d77b5f1fd12701ce604c1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bb:eb:8f:a7:96:b7:0f:73:1d:d1:78:8f:76:
                    83:57:6a:78:73:7c:a6:77:86:4f:26:b4:55:1c:06:
                    19:36:b7:2f:d3:ae:96:73:11:5e:b8:2c:77:c0:3c:
                    c8:df:09:80:d5:d0:c9:51:d4:01:2d:23:b3:7f:cb:
                    0c:a1:1c:3d:13:d9:27:c5:36:1f:8d:0e:a0:d6:96:
                    c7:16:1d:6a:a8:11:2e:8b:cd:c3:c0:ab:cb:0c:c1:
                    5f:64:a4:2b:dc:b4:ff:0c:71:13:4b:68:92:23:a4:
                    62:88:f7:bf:2a:6d:9f:94:6b:9c:03:bc:a7:c0:d3:
                    df:20:da:87:52:07:2f:34:28:ec:0c:6b:45:b1:c8:
                    7c:87:8f:35:cd:6a:29:1c:46:bf:42:c8:3d:13:e0:
                    9f:b1:10:3e:6e:aa:19:17:63:84:fa:ce:ae:83:cb:
                    bf:ca:ef:51:8d:d1:a0:e2:34:7b:52:e1:e8:c2:a3:
                    58:9b:12:e7:40:5a:be:31:cf:c7:fe:9d:c2:be:81:
                    39:67:c2:46:f6:42:fa:45:26:a9:35:b3:d2:48:7d:
                    0a:b4:f0:fb:46:70:9f:ea:89:b4:6a:df:3f:02:e3:
                    27:37:c8:05:db:bd:ed:ad:e6:74:1c:e8:d6:66:90:
                    60:25:fb:44:50:61:58:a2:ac:1e:1d:78:21:2e:d8:
                    0b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:82:8A:97:90:F5:DB:D3:D1:D7:7B:5F:1F:D1:27:01:CE:60:4C:1F
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/1IKKl5D129PR13tfH9EnAc5gTB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.150.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:ba:cd:a9:27:b6:99:a7:0f:89:89:29:1c:3c:ac:fe:f7:24:
         81:e2:29:d8:ae:a6:71:5a:c8:6d:fb:c6:7e:6b:fb:58:15:80:
         3a:2b:4e:b1:9b:69:84:73:20:2f:16:48:14:b0:28:87:8f:cf:
         ef:19:01:15:4d:41:47:6c:d3:a1:db:2b:98:6c:11:5e:54:b6:
         7b:64:fa:4b:0c:0e:70:cb:8a:17:68:b4:77:e9:cb:0e:01:56:
         06:0d:45:96:b2:e4:13:9d:3c:37:4a:93:0e:30:41:8f:7d:5d:
         4b:5c:38:64:44:52:82:4a:4a:25:94:cc:c3:71:0a:ba:7b:6c:
         33:58:6d:42:30:7b:dd:48:09:52:e1:e4:e4:77:c5:b4:40:b1:
         ff:b6:0b:21:38:0f:90:40:ce:a4:a3:42:92:2b:52:18:01:e0:
         36:f9:cb:2d:e9:df:0c:64:6f:e0:8c:a3:40:11:4d:3c:06:1a:
         aa:c7:63:c4:6a:21:cd:66:53:1a:81:29:fb:fb:23:22:2e:59:
         fb:06:7d:01:be:15:4b:19:80:d8:44:90:b6:66:f3:b7:67:6e:
         7e:73:a8:16:b4:fe:e0:8d:4b:18:07:c7:1a:b0:94:25:d2:e8:
         c6:96:88:d4:eb:26:3e:fd:92:bb:2a:c7:58:10:a0:2c:63:e6:
         81:41:b3:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk45efese53cP9bMADDwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDgyOGE5NzkwZjVkYmQzZDFkNzdiNWYxZmQxMjcwMWNlNjA0YzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7vrj6eWtw9zHdF4j3aDV2p4c3ym
d4ZPJrRVHAYZNrcv066WcxFeuCx3wDzI3wmA1dDJUdQBLSOzf8sMoRw9E9knxTYf
jQ6g1pbHFh1qqBEui83DwKvLDMFfZKQr3LT/DHETS2iSI6RiiPe/Km2flGucA7yn
wNPfINqHUgcvNCjsDGtFsch8h481zWopHEa/Qsg9E+CfsRA+bqoZF2OE+s6ug8u/
yu9RjdGg4jR7UuHowqNYmxLnQFq+Mc/H/p3CvoE5Z8JG9kL6RSapNbPSSH0KtPD7
RnCf6om0at8/AuMnN8gF273treZ0HOjWZpBgJftEUGFYoqweHXghLtgL1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSCipeQ9dvT0dd7Xx/RJwHOYEwfMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvMUlLS2w1RDEyOVBSMTN0Zkg5RW5BYzVnVEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpaLMA0G
CSqGSIb3DQEBCwUAA4IBAQBeus2pJ7aZpw+JiSkcPKz+9ySB4inYrqZxWsht+8Z+
a/tYFYA6K06xm2mEcyAvFkgUsCiHj8/vGQEVTUFHbNOh2yuYbBFeVLZ7ZPpLDA5w
y4oXaLR36csOAVYGDUWWsuQTnTw3SpMOMEGPfV1LXDhkRFKCSkollMzDcQq6e2wz
WG1CMHvdSAlS4eTkd8W0QLH/tgshOA+QQM6ko0KSK1IYAeA2+cst6d8MZG/gjKNA
EU08Bhqqx2PEaiHNZlMagSn7+yMiLln7Bn0BvhVLGYDYRJC2ZvO3Z25+c6gWtP7g
jUsYB8casJQl0ujGlojU6yY+/ZK7KsdYEKAsY+aBQbO9
-----END CERTIFICATE-----