Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/CPsPbTT5USZTRdc9U_lIcSUnlDs.roa
File:                     CPsPbTT5USZTRdc9U_lIcSUnlDs.roa (raw, json)
Hash identifier:          VC9oX8BshooZh2yJzwH5bySY1utm4+lAEJdD7u0wx94=
Subject key identifier:   08:FB:0F:6D:34:F9:51:26:53:45:D7:3D:53:F9:48:71:25:27:94:3B
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018D651DEC9B47381276CD7CB0A5E962DD1B
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/CPsPbTT5USZTRdc9U_lIcSUnlDs.roa
Signing time:             Thu 01 Feb 2024 14:41:16 +0000
ROA not before:           Thu 01 Feb 2024 14:41:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8368
IP address blocks:        82.150.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:1d:ec:9b:47:38:12:76:cd:7c:b0:a5:e9:62:dd:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Feb  1 14:41:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08fb0f6d34f951265345d73d53f948712527943b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b4:b4:9b:dc:e9:4b:99:17:bd:a1:a2:7e:d1:
                    09:2a:ca:26:b5:e2:38:25:7f:43:27:1b:cc:16:46:
                    0e:06:69:ed:41:b4:b9:24:67:2a:11:74:9a:47:ec:
                    2f:ef:e4:b6:15:02:ad:00:02:3c:53:0e:66:23:c9:
                    4d:05:9a:af:5b:d1:56:30:9f:36:0d:dc:e7:5d:8f:
                    5b:17:bb:2b:c0:bc:45:68:b6:3b:7a:9a:da:de:aa:
                    b3:e0:cd:e6:b5:c1:b1:45:47:ce:ae:ee:5d:ce:4b:
                    71:32:6e:ea:ef:e0:a5:ac:6e:7b:cb:4f:50:df:58:
                    e9:2b:60:62:06:66:5c:d4:32:72:cb:e8:81:9d:a1:
                    9f:68:e9:b8:fa:dd:b6:de:70:27:16:a7:f5:e0:89:
                    9e:9c:85:8f:0d:f2:9d:5c:de:ff:0e:ed:a0:a2:aa:
                    7b:ca:7e:83:c6:2e:b0:fd:cb:57:16:22:52:dd:35:
                    46:79:5b:61:6f:62:cd:75:21:7b:d2:15:1c:86:7a:
                    54:62:00:2a:5a:0b:f2:08:06:4f:a1:a6:d3:25:1f:
                    28:b3:f7:fc:c8:4e:24:26:15:2f:03:76:14:fd:44:
                    0f:71:88:c6:d3:eb:20:e4:68:c3:c6:ca:63:ff:55:
                    a7:cb:33:00:2c:69:13:3d:4b:be:9f:6a:ef:24:d9:
                    c0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:FB:0F:6D:34:F9:51:26:53:45:D7:3D:53:F9:48:71:25:27:94:3B
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/CPsPbTT5USZTRdc9U_lIcSUnlDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.150.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:83:bd:71:53:8b:6f:05:f0:a3:79:c8:94:6f:f7:18:65:04:
         11:4c:9d:fb:a7:6f:49:06:db:af:05:4e:dd:3c:40:50:a3:b3:
         b0:ca:58:b3:39:b3:3c:99:85:01:e3:44:74:cb:27:07:df:4b:
         0d:7f:e7:f9:a6:42:fc:f6:2d:d3:b7:eb:95:27:84:68:a8:86:
         b9:ae:63:e3:e7:e2:5f:2e:c9:fb:7c:e8:a4:cb:7a:28:9c:5c:
         d0:d8:2b:9a:bf:6a:5a:c1:73:25:53:38:c9:fe:7d:15:a7:49:
         b6:d0:42:bd:b0:4f:13:cd:48:57:82:e6:4e:b3:b1:60:27:83:
         bb:00:7d:8f:f5:5a:a6:3d:f1:37:6e:6d:c3:40:0f:1c:79:e0:
         c8:b5:fa:23:df:de:24:ff:a1:e8:04:16:1e:82:7c:96:89:3e:
         16:2b:85:2b:ea:cd:28:cd:30:79:23:97:ff:df:c0:43:74:2f:
         02:0e:0b:a0:71:98:a1:a1:88:58:43:e2:65:84:fb:30:f7:3d:
         6d:b7:a3:75:39:5e:46:ab:ba:98:84:79:a3:68:fe:e4:15:07:
         40:eb:fc:c0:ff:80:30:04:32:8a:1d:f5:e9:4f:0c:ea:53:39:
         9c:da:bb:3c:0b:15:36:77:1d:5a:e1:d0:08:de:ca:ce:d8:4f:
         96:5e:5f:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1lHeybRzgSds18sKXpYt0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMjAxMTQ0MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGZiMGY2ZDM0Zjk1MTI2NTM0NWQ3M2Q1M2Y5NDg3MTI1Mjc5NDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLS0m9zpS5kXvaGiftEJKsomteI4
JX9DJxvMFkYOBmntQbS5JGcqEXSaR+wv7+S2FQKtAAI8Uw5mI8lNBZqvW9FWMJ82
DdznXY9bF7srwLxFaLY7epra3qqz4M3mtcGxRUfOru5dzktxMm7q7+ClrG57y09Q
31jpK2BiBmZc1DJyy+iBnaGfaOm4+t223nAnFqf14ImenIWPDfKdXN7/Du2goqp7
yn6Dxi6w/ctXFiJS3TVGeVthb2LNdSF70hUchnpUYgAqWgvyCAZPoabTJR8os/f8
yE4kJhUvA3YU/UQPcYjG0+sg5GjDxspj/1WnyzMALGkTPUu+n2rvJNnAnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAj7D200+VEmU0XXPVP5SHElJ5Q7MB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvQ1BzUGJUVDVVU1pUUmRjOVVfbEljU1VubERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUpaAMA0G
CSqGSIb3DQEBCwUAA4IBAQBrg71xU4tvBfCjeciUb/cYZQQRTJ37p29JBtuvBU7d
PEBQo7OwylizObM8mYUB40R0yycH30sNf+f5pkL89i3Tt+uVJ4RoqIa5rmPj5+Jf
Lsn7fOiky3oonFzQ2Cuav2pawXMlUzjJ/n0Vp0m20EK9sE8TzUhXguZOs7FgJ4O7
AH2P9VqmPfE3bm3DQA8ceeDItfoj394k/6HoBBYegnyWiT4WK4Ur6s0ozTB5I5f/
38BDdC8CDgugcZihoYhYQ+JlhPsw9z1tt6N1OV5Gq7qYhHmjaP7kFQdA6/zA/4Aw
BDKKHfXpTwzqUzmc2rs8CxU2dx1a4dAI3srO2E+WXl9H
-----END CERTIFICATE-----