Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/IBKSwAfdB1CRmAqPMYR_E78o1fM.roa
File:                     IBKSwAfdB1CRmAqPMYR_E78o1fM.roa (raw, json)
Hash identifier:          Z6GWy2o3tfX23UVJVZafwXvRRlhiG2zPMXkhjvuuIRg=
Subject key identifier:   20:12:92:C0:07:DD:07:50:91:98:0A:8F:31:84:7F:13:BF:28:D5:F3
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A7703A756014C83A2DD8D2E065493
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/IBKSwAfdB1CRmAqPMYR_E78o1fM.roa
Signing time:             Mon 01 Jan 2024 18:30:18 +0000
ROA not before:           Mon 01 Jan 2024 18:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48275
IP address blocks:        37.18.11.0/24 maxlen: 24
                          37.18.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:77:03:a7:56:01:4c:83:a2:dd:8d:2e:06:54:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=201292c007dd075091980a8f31847f13bf28d5f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:33:7b:d6:a6:5a:5e:53:27:f2:de:5b:32:30:
                    7d:6e:3a:0c:19:46:4b:bb:e8:17:fc:4f:51:12:70:
                    9c:4c:15:02:16:6b:22:5c:54:5f:f0:ff:fa:ef:5f:
                    98:3c:a1:bb:44:49:e9:d4:e2:ba:70:07:bc:ee:b4:
                    17:d2:b9:72:d3:c4:ed:b5:e9:04:d5:8a:3d:db:6d:
                    df:77:af:4f:f3:31:2d:3f:fa:81:cb:79:cf:d4:e4:
                    54:45:ec:5e:c6:53:78:4c:ec:66:83:c3:e3:a3:a6:
                    da:28:a5:71:ca:2f:c4:30:36:a1:b2:55:a0:6a:67:
                    ef:dd:d4:b8:ee:6f:2a:38:a7:8f:24:71:66:9e:da:
                    5e:fe:29:ed:da:76:2e:3a:1f:5a:c2:74:49:ec:e6:
                    2b:73:de:21:96:f5:05:e7:2a:fe:80:15:b7:41:5b:
                    5b:bf:f4:45:30:49:83:5a:53:d9:eb:81:3c:7f:91:
                    20:fc:a4:c1:83:28:f2:5d:33:99:d8:7e:73:b4:a2:
                    82:5e:18:a1:c0:31:34:ac:b0:71:a1:e7:9a:b8:13:
                    8a:28:74:1e:d2:cc:bd:ed:46:29:e4:d8:a3:0b:d3:
                    6c:4b:62:2a:76:32:fd:49:c1:2b:8b:c3:c6:bf:b7:
                    1c:57:1a:39:a7:8a:33:a3:6e:86:94:61:11:58:f7:
                    75:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:12:92:C0:07:DD:07:50:91:98:0A:8F:31:84:7F:13:BF:28:D5:F3
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/IBKSwAfdB1CRmAqPMYR_E78o1fM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.11.0-37.18.12.255

    Signature Algorithm: sha256WithRSAEncryption
         62:85:e8:8e:ad:80:cf:ba:1e:f1:b8:72:7d:a1:a1:2f:4e:9e:
         c7:96:70:36:ec:01:a0:7f:c4:aa:7f:d3:68:28:2d:65:c0:e5:
         9f:5e:f4:21:04:38:42:ec:7d:0a:d5:ef:28:9f:bc:9a:ca:15:
         a5:83:e5:51:b4:13:65:ad:e1:68:58:0c:ea:f2:d3:03:69:30:
         78:b2:5c:a7:cd:11:13:9d:74:41:e0:3f:ef:ca:d9:e4:bf:74:
         17:6c:b9:f0:9c:67:fb:8d:84:4d:d0:b1:4c:11:30:13:ca:22:
         0d:30:d8:65:71:cc:95:95:34:fc:73:3a:38:9c:33:1f:96:2c:
         2b:8a:10:2a:a2:1f:75:77:5a:39:c6:f2:6c:ea:84:65:e0:23:
         1b:c9:26:3f:95:49:e1:d9:5c:9a:0b:3f:d2:7b:32:46:61:4b:
         af:6d:8f:3f:a9:43:07:f2:93:d0:3d:06:63:5f:7e:93:71:55:
         c4:c9:92:62:1f:6d:18:27:14:dd:e4:a1:30:a7:55:4b:8a:a1:
         d2:24:14:7f:03:10:dc:50:33:69:18:4c:1e:ba:6e:c3:ca:d7:
         76:6d:30:f7:15:2c:0d:b9:9d:93:88:43:31:7c:13:3f:73:7d:
         9f:ea:fb:fe:ff:e7:5e:ba:67:a8:8a:73:5b:f1:a0:d2:ea:a2:
         38:33:54:a0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSncDp1YBTIOi3Y0uBlSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDEyOTJjMDA3ZGQwNzUwOTE5ODBhOGYzMTg0N2YxM2JmMjhkNWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjN71qZaXlMn8t5bMjB9bjoMGUZL
u+gX/E9REnCcTBUCFmsiXFRf8P/671+YPKG7REnp1OK6cAe87rQX0rly08TttekE
1Yo9223fd69P8zEtP/qBy3nP1ORURexexlN4TOxmg8Pjo6baKKVxyi/EMDahslWg
amfv3dS47m8qOKePJHFmntpe/int2nYuOh9awnRJ7OYrc94hlvUF5yr+gBW3QVtb
v/RFMEmDWlPZ64E8f5Eg/KTBgyjyXTOZ2H5ztKKCXhihwDE0rLBxoeeauBOKKHQe
0sy97UYp5NijC9NsS2IqdjL9ScEri8PGv7ccVxo5p4ozo26GlGERWPd1lwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCASksAH3QdQkZgKjzGEfxO/KNXzMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvSUJLU3dBZmRCMUNSbUFxUE1ZUl9FNzhvMWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAlEgsD
BAAlEgwwDQYJKoZIhvcNAQELBQADggEBAGKF6I6tgM+6HvG4cn2hoS9OnseWcDbs
AaB/xKp/02goLWXA5Z9e9CEEOELsfQrV7yifvJrKFaWD5VG0E2Wt4WhYDOry0wNp
MHiyXKfNEROddEHgP+/K2eS/dBdsufCcZ/uNhE3QsUwRMBPKIg0w2GVxzJWVNPxz
OjicMx+WLCuKECqiH3V3WjnG8mzqhGXgIxvJJj+VSeHZXJoLP9J7MkZhS69tjz+p
Qwfyk9A9BmNffpNxVcTJkmIfbRgnFN3koTCnVUuKodIkFH8DENxQM2kYTB66bsPK
13ZtMPcVLA25nZOIQzF8Ez9zfZ/q+/7/5166Z6iKc1vxoNLqojgzVKA=
-----END CERTIFICATE-----