Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/IKI6gFFKmr75YLwH4wgg0qOr9nI.roa
File:                     IKI6gFFKmr75YLwH4wgg0qOr9nI.roa (raw, json)
Hash identifier:          3L381XS1KJ56r9+hF6bta6jpb9nST+MZgS1lq2/2GUY=
Subject key identifier:   20:A2:3A:80:51:4A:9A:BE:F9:60:BC:07:E3:08:20:D2:A3:AB:F6:72
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B9368842E433FA4D74EBC0339F3FA3
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/IKI6gFFKmr75YLwH4wgg0qOr9nI.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58203
IP address blocks:        195.87.18.0/24 maxlen: 24
                          195.87.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 02:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:36:88:42:e4:33:fa:4d:74:eb:c0:33:9f:3f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20a23a80514a9abef960bc07e30820d2a3abf672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bc:38:47:f3:06:7c:88:20:93:91:43:68:49:
                    fa:3e:da:58:03:2a:7f:06:bc:35:0b:97:56:f5:35:
                    c9:72:55:a2:95:fd:69:c5:bc:11:ef:79:d4:68:d6:
                    63:1b:97:a0:6a:c3:79:3b:a1:40:aa:8d:59:b6:c4:
                    91:7b:db:cc:a5:0e:f0:2d:af:99:bf:ed:10:be:a4:
                    30:74:2b:06:46:e0:26:05:fc:57:f4:2a:33:42:28:
                    1a:9d:bf:d7:a7:28:cf:2d:88:85:6b:c3:e8:93:2f:
                    7b:e2:47:b6:95:66:ee:b9:3f:85:0a:0d:c4:85:fe:
                    73:bd:79:ec:38:ae:b9:73:c7:1f:cf:9b:95:1e:6b:
                    27:96:05:a6:f0:72:6e:61:d9:6f:2d:37:80:83:47:
                    c6:35:b7:b0:c9:2e:ec:82:f5:54:6f:7e:e7:19:bd:
                    d0:d9:6e:b3:a1:af:0d:d1:c5:86:96:38:cc:25:75:
                    c5:c2:3e:26:a4:ec:84:7a:4f:48:cb:60:ae:83:35:
                    dc:6f:6c:e1:c5:bb:0d:31:61:31:23:26:02:ff:a0:
                    48:1b:fb:20:fc:eb:f3:c9:04:d9:2a:69:99:22:89:
                    18:be:36:7e:16:d6:c5:5a:ce:24:da:a5:af:81:87:
                    94:38:c5:41:e8:e8:7e:74:f8:67:04:f4:e5:78:63:
                    9e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A2:3A:80:51:4A:9A:BE:F9:60:BC:07:E3:08:20:D2:A3:AB:F6:72
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/IKI6gFFKmr75YLwH4wgg0qOr9nI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.87.18.0/24
                  195.87.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:69:f3:85:d5:5e:ae:7d:4c:6a:f3:54:66:25:63:3d:d7:de:
         9b:05:30:9a:a6:e1:94:01:96:8d:fe:49:e7:71:98:bf:d0:87:
         be:b3:4d:d2:ec:41:f0:54:63:b6:50:81:68:7e:98:6d:1e:9b:
         6f:07:3f:80:d3:14:4b:26:af:aa:cc:98:a0:fe:14:f9:1a:c6:
         3f:7b:85:af:ef:3f:4d:ac:02:37:32:bf:34:c0:26:b9:49:fa:
         91:15:75:8b:fb:89:35:91:82:4b:43:6b:57:87:50:04:bb:9d:
         0c:53:9f:41:67:b1:01:97:fd:a8:29:ef:42:85:de:a3:af:17:
         a1:3c:ce:84:34:24:03:33:78:de:f5:4e:66:c3:ce:2e:b5:1f:
         b8:52:4c:2f:98:bb:85:40:44:3e:bc:3d:6f:86:09:7c:90:f4:
         64:ea:d5:05:03:11:db:97:3e:65:f2:f2:1b:cf:0e:6e:4e:32:
         72:e3:8c:e2:9b:0b:18:09:bd:49:97:d4:94:43:45:5a:b7:2a:
         07:52:23:50:e7:96:e6:34:7b:91:cf:be:6e:b6:73:bd:84:4d:
         53:7d:2c:bf:ff:6d:4f:25:54:39:f4:34:2c:5d:f1:c9:06:44:
         5b:7d:9f:a7:2b:9e:fe:00:b8:c3:94:d6:a8:89:d0:79:e9:c9:
         6d:53:56:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuTaIQuQz+k1068Aznz+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGEyM2E4MDUxNGE5YWJlZjk2MGJjMDdlMzA4MjBkMmEzYWJmNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLw4R/MGfIggk5FDaEn6PtpYAyp/
Brw1C5dW9TXJclWilf1pxbwR73nUaNZjG5egasN5O6FAqo1ZtsSRe9vMpQ7wLa+Z
v+0QvqQwdCsGRuAmBfxX9CozQiganb/XpyjPLYiFa8Poky974ke2lWbuuT+FCg3E
hf5zvXnsOK65c8cfz5uVHmsnlgWm8HJuYdlvLTeAg0fGNbewyS7sgvVUb37nGb3Q
2W6zoa8N0cWGljjMJXXFwj4mpOyEek9Iy2CugzXcb2zhxbsNMWExIyYC/6BIG/sg
/OvzyQTZKmmZIokYvjZ+FtbFWs4k2qWvgYeUOMVB6Oh+dPhnBPTleGOeBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCCiOoBRSpq++WC8B+MIINKjq/ZyMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvSUtJNmdGRkttcjc1WUx3SDR3Z2cwcU9yOW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1cSAwQA
w1fvMA0GCSqGSIb3DQEBCwUAA4IBAQAfafOF1V6ufUxq81RmJWM9196bBTCapuGU
AZaN/knncZi/0Ie+s03S7EHwVGO2UIFofphtHptvBz+A0xRLJq+qzJig/hT5GsY/
e4Wv7z9NrAI3Mr80wCa5SfqRFXWL+4k1kYJLQ2tXh1AEu50MU59BZ7EBl/2oKe9C
hd6jrxehPM6ENCQDM3je9U5mw84utR+4UkwvmLuFQEQ+vD1vhgl8kPRk6tUFAxHb
lz5l8vIbzw5uTjJy44zimwsYCb1Jl9SUQ0VatyoHUiNQ55bmNHuRz75utnO9hE1T
fSy//21PJVQ59DQsXfHJBkRbfZ+nK57+ALjDlNaoidB56cltU1YG
-----END CERTIFICATE-----