Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/n0CvIl2b7UvfyIc1gxoJi-Oz2eI.roa
File:                     n0CvIl2b7UvfyIc1gxoJi-Oz2eI.roa (raw, json)
Hash identifier:          fg0PunZ6PRKyz+ZV/xf3hq1m9oiossSZ2ksPqTT3k4U=
Subject key identifier:   9F:40:AF:22:5D:9B:ED:4B:DF:C8:87:35:83:1A:09:8B:E3:B3:D9:E2
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4939043020872E0857877AB3B90EA58
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/n0CvIl2b7UvfyIc1gxoJi-Oz2eI.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        82.150.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:90:43:02:08:72:e0:85:78:77:ab:3b:90:ea:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f40af225d9bed4bdfc88735831a098be3b3d9e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b4:82:47:7a:9d:f2:fb:9d:be:3e:6f:20:56:
                    66:ca:a5:06:1c:02:82:67:81:58:9f:0b:10:87:93:
                    f9:f7:37:3d:24:40:26:93:71:85:ca:61:2c:b8:d6:
                    9d:3b:ba:cc:8a:10:8b:83:a3:66:97:97:10:b6:26:
                    32:57:29:e2:47:cb:f4:97:3c:e5:15:9d:b1:2b:db:
                    d3:2d:fc:93:12:ad:71:41:d3:00:4b:fb:58:33:79:
                    05:42:44:62:d4:dd:17:d4:d1:d3:e8:04:3d:87:2d:
                    d7:8e:c3:19:82:4a:0a:b5:70:cd:e9:24:81:d1:12:
                    a7:d9:8a:f2:a5:22:2f:8b:a7:7b:f9:20:cb:f1:dc:
                    20:df:f1:6a:15:6e:84:d4:eb:45:1b:79:09:73:56:
                    3a:f2:e5:30:6c:3f:fd:07:63:4c:17:49:ff:89:93:
                    10:37:4d:c7:e6:ad:71:71:ed:c2:af:b9:59:cb:2d:
                    21:79:24:36:ed:8f:4a:0d:18:1e:00:94:ac:c3:a3:
                    de:ea:51:d6:8a:ad:da:41:ec:32:e9:a1:9c:00:8f:
                    d2:3e:38:f6:68:3c:46:d0:32:0e:7b:55:71:06:c1:
                    b5:e5:73:6f:08:2a:8b:81:9a:9c:8a:c4:b5:68:47:
                    a6:b8:09:0f:70:8e:ff:23:11:85:20:c9:f1:5a:8d:
                    9b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:40:AF:22:5D:9B:ED:4B:DF:C8:87:35:83:1A:09:8B:E3:B3:D9:E2
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/n0CvIl2b7UvfyIc1gxoJi-Oz2eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.150.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:c6:7b:69:54:6f:e9:0b:17:23:47:51:6a:a6:ae:4c:77:96:
         05:00:34:06:0d:61:b0:db:f7:ac:be:3b:e5:38:7c:e5:29:b8:
         90:26:ef:e9:c7:81:a5:2e:26:e3:91:60:e8:ba:18:c6:c4:09:
         34:fd:fc:8f:33:a9:43:05:58:08:f8:91:2c:3e:e5:70:43:0e:
         15:a5:74:c2:73:31:db:01:b6:71:df:ba:27:d3:77:fa:cc:7e:
         f6:7d:cd:ea:ac:53:b8:84:88:3e:84:0e:79:96:31:99:5c:e3:
         31:db:89:60:37:98:06:0d:18:da:9e:c8:e1:08:ea:b9:f0:01:
         5e:7c:51:4e:d9:d3:e5:9c:d0:e0:85:83:fe:07:c1:cc:ca:96:
         6d:67:5a:bc:22:c2:6e:52:0d:f8:64:66:cd:2a:e3:d3:f1:e1:
         09:ce:47:30:7a:b9:27:74:7c:d5:c3:1b:84:3b:0c:44:de:bc:
         da:06:17:08:f0:d9:5b:13:f9:b2:0f:ab:48:9b:55:d6:51:4a:
         4c:63:fc:f3:a5:97:b0:4c:df:05:0e:91:a9:89:c3:43:14:1f:
         2e:d5:51:df:d7:0d:72:08:5d:d0:c6:7b:94:0e:91:01:3d:fd:
         31:12:41:97:62:d2:eb:f4:c9:a5:a6:5a:50:ae:da:da:85:b4:
         3c:b8:4b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5BDAghy4IV4d6s7kOpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQwYWYyMjVkOWJlZDRiZGZjODg3MzU4MzFhMDk4YmUzYjNkOWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLSCR3qd8vudvj5vIFZmyqUGHAKC
Z4FYnwsQh5P59zc9JEAmk3GFymEsuNadO7rMihCLg6Nml5cQtiYyVyniR8v0lzzl
FZ2xK9vTLfyTEq1xQdMAS/tYM3kFQkRi1N0X1NHT6AQ9hy3XjsMZgkoKtXDN6SSB
0RKn2YrypSIvi6d7+SDL8dwg3/FqFW6E1OtFG3kJc1Y68uUwbD/9B2NMF0n/iZMQ
N03H5q1xce3Cr7lZyy0heSQ27Y9KDRgeAJSsw6Pe6lHWiq3aQewy6aGcAI/SPjj2
aDxG0DIOe1VxBsG15XNvCCqLgZqcisS1aEemuAkPcI7/IxGFIMnxWo2bzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9AryJdm+1L38iHNYMaCYvjs9niMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvbjBDdklsMmI3VXZmeUljMWd4b0ppLU96MmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpaYMA0G
CSqGSIb3DQEBCwUAA4IBAQAxxntpVG/pCxcjR1Fqpq5Md5YFADQGDWGw2/esvjvl
OHzlKbiQJu/px4GlLibjkWDouhjGxAk0/fyPM6lDBVgI+JEsPuVwQw4VpXTCczHb
AbZx37on03f6zH72fc3qrFO4hIg+hA55ljGZXOMx24lgN5gGDRjansjhCOq58AFe
fFFO2dPlnNDghYP+B8HMypZtZ1q8IsJuUg34ZGbNKuPT8eEJzkcwerkndHzVwxuE
OwxE3rzaBhcI8NlbE/myD6tIm1XWUUpMY/zzpZewTN8FDpGpicNDFB8u1VHf1w1y
CF3QxnuUDpEBPf0xEkGXYtLr9MmlplpQrtrahbQ8uEtF
-----END CERTIFICATE-----