Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/nGo4H51rOsitJmcNirgmciVehA8.roa
File:                     nGo4H51rOsitJmcNirgmciVehA8.roa (raw, json)
Hash identifier:          qVRKoLl4pUkupVXlRxOrXacHtu3B5FhuftDzW97PDdg=
Subject key identifier:   9C:6A:38:1F:9D:6B:3A:C8:AD:26:67:0D:8A:B8:26:72:25:5E:84:0F
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC493900D30E0FA46BABACFFD86F65451
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/nGo4H51rOsitJmcNirgmciVehA8.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        82.150.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:90:0d:30:e0:fa:46:ba:ba:cf:fd:86:f6:54:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c6a381f9d6b3ac8ad26670d8ab82672255e840f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d5:96:85:f3:cf:5f:5f:6b:0c:9b:5d:1f:e8:
                    9d:fd:20:c6:0e:fa:38:3a:30:e4:cc:6d:16:4a:c8:
                    9a:7b:a2:03:45:17:61:bb:4f:b2:25:b4:c1:9a:46:
                    aa:20:e9:65:20:10:01:50:22:40:48:71:96:08:c2:
                    48:62:6b:df:28:1f:73:a0:be:f7:46:a5:c2:d2:5f:
                    f9:18:c2:ab:44:0d:65:d6:eb:20:e9:9c:c3:80:61:
                    5a:7f:ee:7a:0a:92:d1:3a:bf:d6:ef:fb:8b:84:8a:
                    92:4d:78:60:72:be:37:f0:16:47:8a:7b:da:ab:89:
                    84:e4:15:d7:d7:0c:82:aa:c2:d3:6e:73:29:aa:a7:
                    23:bb:66:57:7e:cb:f5:b5:92:cd:05:35:46:2e:3e:
                    2d:a4:d6:e8:12:3a:d6:d3:e7:ff:57:5f:2f:77:24:
                    71:8b:09:cf:21:91:89:24:3c:e3:ce:53:5d:db:9e:
                    73:10:d1:8b:22:e6:8e:2a:28:bf:3a:b6:44:5a:eb:
                    86:a9:02:0c:c9:f7:d2:6e:f5:3a:d5:5a:d2:44:90:
                    77:5b:d9:a7:4d:32:80:8a:98:fa:f2:b5:dd:8d:01:
                    a9:95:69:bb:74:ff:5e:58:51:fc:f8:e2:36:fc:83:
                    4d:9c:b3:83:0e:34:59:96:eb:d6:cd:7a:8c:59:f6:
                    a2:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:6A:38:1F:9D:6B:3A:C8:AD:26:67:0D:8A:B8:26:72:25:5E:84:0F
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/nGo4H51rOsitJmcNirgmciVehA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.150.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:f9:7f:b2:56:9c:d3:3a:19:2b:9b:e7:c2:e8:52:be:ef:e3:
         2b:c2:d3:8f:95:c4:b0:57:38:5a:94:69:d2:6a:71:bb:f2:09:
         31:49:76:5c:62:7e:80:a0:06:77:8c:60:6d:52:87:86:3f:6f:
         88:48:2e:d0:71:84:9a:ee:56:95:2d:8b:b7:2a:cd:51:2c:a3:
         72:19:f5:84:31:39:8e:58:69:25:64:c9:f5:71:b5:61:49:0d:
         37:08:10:76:e0:2c:e1:14:d7:e4:17:f9:47:c5:be:3f:30:1a:
         49:05:d5:83:75:d9:11:d3:43:f6:e6:04:54:7e:28:ce:88:51:
         01:30:e2:ab:89:c9:3c:bf:cc:b3:4b:52:34:13:00:bd:4b:83:
         ed:1e:91:83:36:97:1c:5e:d2:b0:c7:56:6e:35:ae:02:2d:a9:
         e8:e5:4e:4d:80:96:c0:4a:69:6b:99:20:bd:7e:f4:6e:03:24:
         2a:cb:04:69:ec:7b:b6:70:e9:b1:e3:b1:61:c3:f7:93:ac:5e:
         b9:4d:ce:de:64:22:19:b4:3d:9a:bc:49:bf:b6:25:80:73:20:
         45:dd:12:2a:2a:12:ed:f6:93:9f:fd:34:75:b6:81:d7:5e:f1:
         03:ae:9e:5f:01:c8:4b:32:4d:2a:31:fa:36:1f:51:c5:6e:7d:
         65:0d:3c:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5ANMOD6Rrq6z/2G9lRRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzZhMzgxZjlkNmIzYWM4YWQyNjY3MGQ4YWI4MjY3MjI1NWU4NDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtWWhfPPX19rDJtdH+id/SDGDvo4
OjDkzG0WSsiae6IDRRdhu0+yJbTBmkaqIOllIBABUCJASHGWCMJIYmvfKB9zoL73
RqXC0l/5GMKrRA1l1usg6ZzDgGFaf+56CpLROr/W7/uLhIqSTXhgcr438BZHinva
q4mE5BXX1wyCqsLTbnMpqqcju2ZXfsv1tZLNBTVGLj4tpNboEjrW0+f/V18vdyRx
iwnPIZGJJDzjzlNd255zENGLIuaOKii/OrZEWuuGqQIMyffSbvU61VrSRJB3W9mn
TTKAipj68rXdjQGplWm7dP9eWFH8+OI2/INNnLODDjRZluvWzXqMWfaiPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxqOB+dazrIrSZnDYq4JnIlXoQPMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvbkdvNEg1MXJPc2l0Sm1jTmlyZ21jaVZlaEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpaIMA0G
CSqGSIb3DQEBCwUAA4IBAQB7+X+yVpzTOhkrm+fC6FK+7+MrwtOPlcSwVzhalGnS
anG78gkxSXZcYn6AoAZ3jGBtUoeGP2+ISC7QcYSa7laVLYu3Ks1RLKNyGfWEMTmO
WGklZMn1cbVhSQ03CBB24CzhFNfkF/lHxb4/MBpJBdWDddkR00P25gRUfijOiFEB
MOKrick8v8yzS1I0EwC9S4PtHpGDNpccXtKwx1ZuNa4CLano5U5NgJbASmlrmSC9
fvRuAyQqywRp7Hu2cOmx47Fhw/eTrF65Tc7eZCIZtD2avEm/tiWAcyBF3RIqKhLt
9pOf/TR1toHXXvEDrp5fAchLMk0qMfo2H1HFbn1lDTx7
-----END CERTIFICATE-----