Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8BLtlJzK1D0EkdBn5t0DT3JW9hE.roa
File:                     8BLtlJzK1D0EkdBn5t0DT3JW9hE.roa (raw, json)
Hash identifier:          c8OJoLLggxI6ntHfnDNPg4Vhq+KddejUOf7IL2KYjns=
Subject key identifier:   F0:12:ED:94:9C:CA:D4:3D:04:91:D0:67:E6:DD:03:4F:72:56:F6:11
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D419E54AA284E7D75DADE353A93808F43
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8BLtlJzK1D0EkdBn5t0DT3JW9hE.roa
Signing time:             Thu 25 Jan 2024 17:15:11 +0000
ROA not before:           Thu 25 Jan 2024 17:15:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215931
IP address blocks:        82.153.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:41:9e:54:aa:28:4e:7d:75:da:de:35:3a:93:80:8f:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 25 17:15:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f012ed949ccad43d0491d067e6dd034f7256f611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ae:96:1b:60:91:5f:b5:d2:a1:a1:8d:31:cc:
                    65:67:91:fb:96:bd:96:72:65:7c:0a:8b:7b:85:14:
                    32:f5:9c:0d:3a:c6:b4:da:6e:a0:e8:0c:f1:3e:50:
                    73:dc:c1:6d:cf:fc:96:62:3c:7e:8e:b0:63:fd:04:
                    91:f2:b3:19:2c:38:a6:ea:da:b0:9c:4e:80:e1:16:
                    6a:7d:01:bf:cc:01:93:59:07:f7:5e:72:f3:57:20:
                    be:c0:5d:43:9a:0e:31:70:98:7b:53:59:5e:ae:17:
                    1c:d5:20:1a:4c:c2:82:1c:57:d6:84:d1:2f:22:73:
                    05:c7:f4:13:30:4e:98:6b:21:8c:27:8c:74:c5:82:
                    fe:c1:ce:6b:6a:17:bf:50:15:2e:0a:c2:4b:20:ff:
                    58:33:79:f0:12:7b:0b:b4:b4:51:71:bd:0b:d7:5c:
                    5e:72:d9:72:70:e5:2f:71:7e:b9:66:70:25:06:c0:
                    7e:88:f2:43:a4:a3:39:ad:ae:dd:ec:f0:cc:54:37:
                    73:3e:69:e3:41:77:44:1e:3f:78:1d:d1:dc:43:19:
                    47:a2:37:04:1e:5e:09:64:27:8b:c0:b1:a8:f4:69:
                    38:0f:2b:fe:d4:32:72:d7:1e:2a:ea:6a:9a:f8:f4:
                    83:b1:9c:b7:f0:b1:4b:fb:f8:23:78:34:95:8a:b7:
                    f0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:12:ED:94:9C:CA:D4:3D:04:91:D0:67:E6:DD:03:4F:72:56:F6:11
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8BLtlJzK1D0EkdBn5t0DT3JW9hE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ed:17:25:ff:e2:f0:c2:30:63:33:ec:4a:c0:dd:c4:a9:5b:
         c8:b4:26:c2:14:6c:c6:b8:3d:ed:7d:ee:fb:1e:78:c9:53:a0:
         28:da:05:2a:08:07:04:0a:93:c4:3c:34:c4:3f:02:01:d6:e0:
         db:34:f0:63:8d:46:4c:1d:d0:40:86:d6:ae:56:11:ec:f0:fa:
         1e:7e:fe:08:16:22:25:83:db:a3:f3:ed:55:c2:ce:df:30:1b:
         d9:d8:4a:08:76:00:e4:db:5b:14:21:1a:b0:9a:e4:dc:b9:78:
         0f:0e:4f:9f:a8:af:fd:4b:84:fd:c3:a8:8b:76:0f:ed:56:3d:
         7a:97:44:88:53:e9:92:23:e7:67:bc:d3:56:7b:5e:44:ed:cc:
         ef:62:1d:51:2b:dd:09:69:4f:d8:75:22:9a:99:5d:3f:ea:e4:
         16:06:5e:cb:17:65:c8:7d:e4:6e:3b:8e:09:1e:80:ac:ca:95:
         6e:2e:cd:26:d6:d8:bc:64:8a:22:f8:a5:1a:c6:45:85:61:d6:
         a8:30:af:4b:48:a0:f5:05:cb:30:63:cb:cc:a6:97:5c:74:00:
         63:08:d2:3a:bc:d5:49:b6:0d:93:10:ff:81:6e:9d:ff:1d:80:
         94:07:4b:19:b5:a4:60:fd:5e:b6:76:c0:08:5e:4a:eb:12:eb:
         48:97:07:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1BnlSqKE59ddreNTqTgI9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTI1MTcxNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDEyZWQ5NDljY2FkNDNkMDQ5MWQwNjdlNmRkMDM0ZjcyNTZmNjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkq6WG2CRX7XSoaGNMcxlZ5H7lr2W
cmV8Cot7hRQy9ZwNOsa02m6g6AzxPlBz3MFtz/yWYjx+jrBj/QSR8rMZLDim6tqw
nE6A4RZqfQG/zAGTWQf3XnLzVyC+wF1Dmg4xcJh7U1lerhcc1SAaTMKCHFfWhNEv
InMFx/QTME6YayGMJ4x0xYL+wc5rahe/UBUuCsJLIP9YM3nwEnsLtLRRcb0L11xe
ctlycOUvcX65ZnAlBsB+iPJDpKM5ra7d7PDMVDdzPmnjQXdEHj94HdHcQxlHojcE
Hl4JZCeLwLGo9Gk4Dyv+1DJy1x4q6mqa+PSDsZy38LFL+/gjeDSVirfwvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAS7ZScytQ9BJHQZ+bdA09yVvYRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOEJMdGxKeksxRDBFa2RCbjV0MERUM0pXOWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpkEMA0G
CSqGSIb3DQEBCwUAA4IBAQBx7Rcl/+LwwjBjM+xKwN3EqVvItCbCFGzGuD3tfe77
HnjJU6Ao2gUqCAcECpPEPDTEPwIB1uDbNPBjjUZMHdBAhtauVhHs8Poefv4IFiIl
g9uj8+1Vws7fMBvZ2EoIdgDk21sUIRqwmuTcuXgPDk+fqK/9S4T9w6iLdg/tVj16
l0SIU+mSI+dnvNNWe15E7czvYh1RK90JaU/YdSKamV0/6uQWBl7LF2XIfeRuO44J
HoCsypVuLs0m1ti8ZIoi+KUaxkWFYdaoMK9LSKD1BcswY8vMppdcdABjCNI6vNVJ
tg2TEP+Bbp3/HYCUB0sZtaRg/V62dsAIXkrrEutIlwed
-----END CERTIFICATE-----