Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/IBMTKga3vIUOvsY8HAQpuyucivc.roa
File:                     IBMTKga3vIUOvsY8HAQpuyucivc.roa (raw, json)
Hash identifier:          N7Y2tUplFoJWf+i2Ye6i8a2Fj3yzy3ptfgZ/q9h8JIg=
Subject key identifier:   20:13:13:2A:06:B7:BC:85:0E:BE:C6:3C:1C:04:29:BB:2B:9C:8A:F7
Certificate issuer:       /CN=659c356633388e9bd897d000a3f38bc1e546ef4a
Certificate serial:       018CC501351B0A97BDA4D8113D745A8F59EC
Authority key identifier: 65:9C:35:66:33:38:8E:9B:D8:97:D0:00:A3:F3:8B:C1:E5:46:EF:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/IBMTKga3vIUOvsY8HAQpuyucivc.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51964
IP address blocks:        193.38.190.0/24 maxlen: 24
                          193.38.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 12:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:35:1b:0a:97:bd:a4:d8:11:3d:74:5a:8f:59:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=659c356633388e9bd897d000a3f38bc1e546ef4a
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2013132a06b7bc850ebec63c1c0429bb2b9c8af7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f2:61:92:53:f6:76:da:f8:e3:d9:c4:24:43:
                    8c:18:9a:01:8a:38:7a:0b:27:e8:2d:18:bb:45:d7:
                    b1:32:01:5c:b4:16:44:1f:7d:6f:81:f5:60:13:9a:
                    c6:bc:bb:12:8b:10:e6:6d:eb:24:d6:20:d8:3e:42:
                    5b:32:8b:e6:3a:4a:e4:ac:39:17:51:c8:de:ac:f8:
                    d5:36:fc:b4:ac:93:c0:30:e9:a0:c6:d2:77:16:bf:
                    ea:87:51:53:51:18:7b:9a:ec:69:d7:ee:2b:17:56:
                    63:c2:64:d3:4c:b8:1b:a5:95:59:62:1e:35:dd:f2:
                    eb:6d:06:f0:b2:83:cb:bd:04:74:86:90:af:3e:bb:
                    1c:76:c3:f2:01:1e:30:dd:ff:68:67:ba:c6:a1:1c:
                    56:d5:4c:91:47:dc:6f:de:60:a3:24:f8:12:61:09:
                    f3:cc:6c:64:b2:aa:33:85:39:33:8c:10:bb:0d:54:
                    ef:b7:ad:1b:4b:c1:ab:71:d0:31:1f:17:f9:b2:76:
                    f3:da:9c:bb:67:ba:71:a7:7a:e7:cd:9e:32:1c:3f:
                    5a:5b:cf:24:87:a3:77:87:bc:9d:66:b0:79:c5:3d:
                    01:3b:99:40:0b:ae:ab:17:a3:65:5a:7c:e3:0c:09:
                    61:0f:9a:9a:b2:2f:fc:62:22:ea:57:52:af:b1:92:
                    bb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:13:13:2A:06:B7:BC:85:0E:BE:C6:3C:1C:04:29:BB:2B:9C:8A:F7
            X509v3 Authority Key Identifier:
                keyid:65:9C:35:66:33:38:8E:9B:D8:97:D0:00:A3:F3:8B:C1:E5:46:EF:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/IBMTKga3vIUOvsY8HAQpuyucivc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:af:78:ed:a7:30:0b:ac:61:08:12:67:3b:66:b1:55:fe:36:
         6b:d2:9c:be:eb:ee:05:5f:73:d5:aa:d6:47:50:0b:22:6e:01:
         1e:38:ed:34:48:41:ab:71:bb:4f:30:7a:66:ea:c6:c4:19:fd:
         17:18:2e:04:c7:44:f2:07:d3:cc:ab:7a:e1:61:0b:79:ab:af:
         8d:6d:01:68:12:71:71:00:de:11:09:55:98:ee:a1:9c:a6:b1:
         36:d9:ad:20:f3:d0:6e:40:bb:a9:46:c7:a3:79:51:e7:a3:b7:
         1f:64:e9:6a:48:a7:c1:45:0f:64:31:04:b7:9b:98:8d:8e:d5:
         a9:a5:58:3b:22:0a:f4:8f:65:e9:8c:b4:b8:b9:fb:56:9c:e3:
         5f:84:ac:69:1f:4d:df:49:6d:68:29:e8:76:d5:97:f3:56:80:
         4b:61:19:bf:7b:55:43:d1:02:d9:06:ee:76:6e:9d:26:36:4e:
         9a:b5:6e:91:64:93:15:6b:cb:63:2b:9d:42:97:ba:d1:0e:a9:
         dd:4a:6d:8c:95:e8:40:39:f7:6b:3c:a9:93:42:54:c4:99:4a:
         b9:d8:75:7d:33:a8:e5:b3:92:3d:67:b7:64:8e:3a:21:74:89:
         1c:99:ab:fd:44:73:9c:34:73:22:17:63:43:ae:29:da:51:82:
         8f:21:2e:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATUbCpe9pNgRPXRaj1nsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OWMzNTY2MzMzODhlOWJkODk3ZDAwMGEzZjM4YmMxZTU0
NmVmNGEwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDEzMTMyYTA2YjdiYzg1MGViZWM2M2MxYzA0MjliYjJiOWM4YWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPJhklP2dtr449nEJEOMGJoBijh6
CyfoLRi7RdexMgFctBZEH31vgfVgE5rGvLsSixDmbesk1iDYPkJbMovmOkrkrDkX
UcjerPjVNvy0rJPAMOmgxtJ3Fr/qh1FTURh7muxp1+4rF1ZjwmTTTLgbpZVZYh41
3fLrbQbwsoPLvQR0hpCvPrscdsPyAR4w3f9oZ7rGoRxW1UyRR9xv3mCjJPgSYQnz
zGxksqozhTkzjBC7DVTvt60bS8GrcdAxHxf5snbz2py7Z7pxp3rnzZ4yHD9aW88k
h6N3h7ydZrB5xT0BO5lAC66rF6NlWnzjDAlhD5qasi/8YiLqV1KvsZK72QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCATEyoGt7yFDr7GPBwEKbsrnIr3MB8GA1UdIwQY
MBaAFGWcNWYzOI6b2JfQAKPzi8HlRu9KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlp3MVpqTTRqcHZZbDlBQW9fT0x3ZVZHNzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC83Yzc4NTEtNTg1Yi00OWYxLThiZTkt
M2M3ZTRmOTNlNDJiLzEvSUJNVEtnYTN2SVVPdnNZOEhBUXB1eXVjaXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC83Yzc4NTEtNTg1Yi00OWYxLThiZTktM2M3ZTRmOTNlNDJi
LzEvWlp3MVpqTTRqcHZZbDlBQW9fT0x3ZVZHNzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSa+MA0G
CSqGSIb3DQEBCwUAA4IBAQARr3jtpzALrGEIEmc7ZrFV/jZr0py+6+4FX3PVqtZH
UAsibgEeOO00SEGrcbtPMHpm6sbEGf0XGC4Ex0TyB9PMq3rhYQt5q6+NbQFoEnFx
AN4RCVWY7qGcprE22a0g89BuQLupRsejeVHno7cfZOlqSKfBRQ9kMQS3m5iNjtWp
pVg7Igr0j2XpjLS4uftWnONfhKxpH03fSW1oKeh21ZfzVoBLYRm/e1VD0QLZBu52
bp0mNk6atW6RZJMVa8tjK51Cl7rRDqndSm2MlehAOfdrPKmTQlTEmUq52HV9M6jl
s5I9Z7dkjjohdIkcmav9RHOcNHMiF2NDrinaUYKPIS41
-----END CERTIFICATE-----