Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IbbPmYQuDnSuuisN1AxJEQGNQ7E.roa
File:                     IbbPmYQuDnSuuisN1AxJEQGNQ7E.roa (raw, json)
Hash identifier:          oAfOVF8QAsk6kA+LEZCqlVsshg4G1mnrtdQu2jba1bg=
Subject key identifier:   21:B6:CF:99:84:2E:0E:74:AE:BA:2B:0D:D4:0C:49:11:01:8D:43:B1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018E792DBFC0743FF2DC2179F9C3459D4D59
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IbbPmYQuDnSuuisN1AxJEQGNQ7E.roa
Signing time:             Tue 26 Mar 2024 05:13:45 +0000
ROA not before:           Tue 26 Mar 2024 05:13:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204902
IP address blocks:        195.133.77.0/24 maxlen: 24
                          195.133.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:2d:bf:c0:74:3f:f2:dc:21:79:f9:c3:45:9d:4d:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 26 05:13:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21b6cf99842e0e74aeba2b0dd40c4911018d43b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2b:c3:e1:c9:09:fc:dc:1b:19:0b:2e:31:ad:
                    b9:30:ed:c6:c7:08:f1:10:cc:1c:28:90:ed:e1:21:
                    73:47:a2:8d:13:b6:ba:18:92:35:07:1c:46:ba:a0:
                    7c:10:b6:33:19:aa:90:c8:9c:1b:ad:e5:76:5f:b4:
                    29:57:43:24:86:ad:26:a1:66:e9:0e:52:69:b9:61:
                    83:96:57:c2:f1:b0:92:43:2f:2d:44:e2:54:64:06:
                    4a:ed:0a:64:40:0d:29:1f:c3:ea:dc:5f:1a:ca:03:
                    ef:40:3a:93:b0:f6:49:51:13:8e:69:ea:ba:7c:17:
                    64:83:81:e3:ae:7d:2d:6f:0a:15:d7:0f:b6:ca:7a:
                    1f:2e:69:07:94:31:12:83:f7:2a:58:28:35:91:f2:
                    09:a3:20:a2:c3:64:1e:4b:d5:9b:72:3e:35:f1:c8:
                    60:1e:2f:46:f6:ca:fb:ab:77:d5:7b:fd:40:8e:c7:
                    de:53:17:95:be:81:2b:2b:7c:ad:bb:2f:26:47:33:
                    84:fd:f8:fb:34:ac:1c:93:58:d0:c7:66:09:f3:94:
                    08:bf:08:61:f8:3b:05:71:15:cd:6d:c5:e5:91:3d:
                    d5:78:3b:fe:ee:0e:60:f8:f4:28:b1:38:2b:54:3e:
                    fa:b2:16:84:c2:f0:56:85:30:f9:1b:cc:f2:18:60:
                    41:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B6:CF:99:84:2E:0E:74:AE:BA:2B:0D:D4:0C:49:11:01:8D:43:B1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IbbPmYQuDnSuuisN1AxJEQGNQ7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.77.0/24
                  195.133.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:8f:1a:26:70:23:cc:7f:91:58:51:29:46:9f:2b:e1:30:32:
         ec:1b:62:51:ac:70:b4:02:bd:84:ec:ce:79:8d:96:95:a3:48:
         ac:f7:59:44:90:64:33:e5:08:30:9e:13:45:ed:1a:8f:50:b8:
         a9:77:0b:62:44:25:5a:a8:23:08:6b:40:25:fe:01:c9:17:79:
         a9:62:69:ff:23:d7:00:f2:b4:08:c5:cf:56:bc:51:8f:48:3e:
         af:47:0d:27:87:6b:33:dd:55:9e:25:3d:25:5b:dd:e7:db:bc:
         07:3c:47:de:33:49:61:7e:c2:a5:30:17:88:07:16:d4:5e:f9:
         26:15:12:a7:0a:1e:2e:c1:95:9b:3b:ef:c7:3c:c5:63:f2:b4:
         14:67:05:30:a7:a1:00:15:c9:b0:f2:56:4a:a7:0a:fb:16:a6:
         2a:db:ea:8a:a8:86:31:99:7c:3c:44:0b:fb:18:97:78:9d:c1:
         89:06:79:88:93:35:66:e0:a2:02:37:fd:58:26:8d:c0:28:96:
         3c:1c:d5:ab:54:89:aa:c1:81:99:53:47:15:35:db:d7:84:e8:
         e9:64:1a:62:73:ce:3a:55:97:9a:44:db:81:08:29:67:27:a1:
         77:1e:1a:3a:b1:43:76:79:08:e0:52:a2:bb:08:ce:0a:36:3d:
         33:83:5e:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY55Lb/AdD/y3CF5+cNFnU1ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMzI2MDUxMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWI2Y2Y5OTg0MmUwZTc0YWViYTJiMGRkNDBjNDkxMTAxOGQ0M2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApivD4ckJ/NwbGQsuMa25MO3Gxwjx
EMwcKJDt4SFzR6KNE7a6GJI1BxxGuqB8ELYzGaqQyJwbreV2X7QpV0Mkhq0moWbp
DlJpuWGDllfC8bCSQy8tROJUZAZK7QpkQA0pH8Pq3F8aygPvQDqTsPZJUROOaeq6
fBdkg4Hjrn0tbwoV1w+2ynofLmkHlDESg/cqWCg1kfIJoyCiw2QeS9Wbcj418chg
Hi9G9sr7q3fVe/1AjsfeUxeVvoErK3ytuy8mRzOE/fj7NKwck1jQx2YJ85QIvwhh
+DsFcRXNbcXlkT3VeDv+7g5g+PQosTgrVD76shaEwvBWhTD5G8zyGGBBNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCG2z5mELg50rrorDdQMSREBjUOxMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSWJiUG1ZUXVEblN1dWlzTjFBeEpFUUdOUTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4VNAwQA
w4VWMA0GCSqGSIb3DQEBCwUAA4IBAQADjxomcCPMf5FYUSlGnyvhMDLsG2JRrHC0
Ar2E7M55jZaVo0is91lEkGQz5QgwnhNF7RqPULipdwtiRCVaqCMIa0Al/gHJF3mp
Ymn/I9cA8rQIxc9WvFGPSD6vRw0nh2sz3VWeJT0lW93n27wHPEfeM0lhfsKlMBeI
BxbUXvkmFRKnCh4uwZWbO+/HPMVj8rQUZwUwp6EAFcmw8lZKpwr7FqYq2+qKqIYx
mXw8RAv7GJd4ncGJBnmIkzVm4KICN/1YJo3AKJY8HNWrVImqwYGZU0cVNdvXhOjp
ZBpic846VZeaRNuBCClnJ6F3Hho6sUN2eQjgUqK7CM4KNj0zg16C
-----END CERTIFICATE-----