Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/iBswy_b2YM3CON98eT0iEYnnP4w.roa
File:                     iBswy_b2YM3CON98eT0iEYnnP4w.roa (raw, json)
Hash identifier:          nXV9M7Tl2uCB1UY+7DTJyMGouwtT7kyudxdPJq5TmtY=
Subject key identifier:   88:1B:30:CB:F6:F6:60:CD:C2:38:DF:7C:79:3D:22:11:89:E7:3F:8C
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC6E7B42614B8E50C8CC75A4807EC5
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/iBswy_b2YM3CON98eT0iEYnnP4w.roa
Signing time:             Tue 02 Jan 2024 10:33:38 +0000
ROA not before:           Tue 02 Jan 2024 10:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199982
IP address blocks:        195.5.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6e:7b:42:61:4b:8e:50:c8:cc:75:a4:80:7e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=881b30cbf6f660cdc238df7c793d221189e73f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:1e:11:ba:3b:f2:33:50:36:85:b4:4a:b8:eb:
                    7a:70:68:e7:0c:d7:d7:5f:45:92:35:76:52:c6:fe:
                    92:fd:a0:11:00:97:52:11:c3:b7:9b:15:9a:4e:a5:
                    0c:55:94:59:2a:aa:95:a4:db:bb:1b:d0:19:02:01:
                    e2:99:7a:5b:40:b1:0a:55:5d:66:37:e5:61:65:28:
                    fa:06:d4:04:47:5e:d3:de:28:8f:2b:06:ed:ed:92:
                    6a:4b:32:19:46:44:ff:a3:3e:a0:8e:19:e5:21:43:
                    83:99:d1:61:55:55:93:9a:18:13:a9:98:1f:13:e3:
                    46:2d:dd:83:20:54:6d:09:d9:ce:cd:48:f3:b3:0f:
                    ae:3d:3f:e7:ef:06:53:7b:de:2f:28:34:ba:e2:d4:
                    23:ff:e2:86:05:a6:8e:06:54:e2:a6:c5:79:8f:3d:
                    30:f9:05:2b:99:4e:32:4d:93:d6:75:8f:ac:02:d7:
                    10:d0:1f:64:d0:a6:a4:8b:26:d6:cc:49:7b:90:29:
                    78:9d:26:6f:f8:1f:1d:46:bf:5d:49:98:23:6e:72:
                    8c:dc:78:ec:61:cb:96:f1:f7:da:9e:91:01:e1:ca:
                    66:bb:19:aa:05:74:f0:0e:e3:f3:58:7b:3e:47:37:
                    87:b8:c6:2d:69:0d:99:2f:e0:05:31:0f:6d:16:3c:
                    02:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:1B:30:CB:F6:F6:60:CD:C2:38:DF:7C:79:3D:22:11:89:E7:3F:8C
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/iBswy_b2YM3CON98eT0iEYnnP4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:7b:e4:1d:1f:5e:67:53:4f:bc:5d:a3:dd:cb:7d:74:3e:af:
         1f:af:1d:e8:0d:64:07:1f:95:5c:c6:a5:2e:7e:8d:52:25:f1:
         84:fd:88:cc:f4:a4:d9:0c:97:71:bb:5f:47:0f:5f:59:90:58:
         e9:11:2e:de:91:7d:c6:68:4c:a1:f5:a0:2b:ed:97:8f:67:c1:
         2d:ab:55:30:a9:3f:03:85:e5:c5:5e:a2:88:0d:37:83:a0:eb:
         6e:d4:68:d9:db:05:16:35:d3:21:04:1f:f2:c1:05:a3:fd:c5:
         e2:cc:9f:cf:59:b7:dc:0c:51:d3:4f:22:f4:ba:1a:0b:93:f6:
         bb:88:06:30:a4:6d:a8:d3:a3:a7:62:15:bb:0e:6c:5c:76:7b:
         12:18:ce:d5:ff:37:f6:6a:80:99:00:d0:23:51:ed:c6:41:fc:
         45:1e:eb:f1:72:a9:95:5c:f6:93:da:40:ca:3b:c3:48:13:63:
         09:e3:85:14:fc:0e:4d:2c:ed:e2:c4:20:13:32:81:15:14:91:
         96:2f:1b:a0:7c:43:ea:d7:3c:3e:32:4f:b2:0d:5f:32:82:6a:
         3b:58:03:f5:d2:5b:d4:3a:39:fd:7d:2e:45:ad:e7:2a:a2:e0:
         0d:a9:22:4e:b1:97:3d:84:08:8a:e5:b3:fb:1d:2c:88:39:6e:
         29:e5:81:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvG57QmFLjlDIzHWkgH7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODFiMzBjYmY2ZjY2MGNkYzIzOGRmN2M3OTNkMjIxMTg5ZTczZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0R4RujvyM1A2hbRKuOt6cGjnDNfX
X0WSNXZSxv6S/aARAJdSEcO3mxWaTqUMVZRZKqqVpNu7G9AZAgHimXpbQLEKVV1m
N+VhZSj6BtQER17T3iiPKwbt7ZJqSzIZRkT/oz6gjhnlIUODmdFhVVWTmhgTqZgf
E+NGLd2DIFRtCdnOzUjzsw+uPT/n7wZTe94vKDS64tQj/+KGBaaOBlTipsV5jz0w
+QUrmU4yTZPWdY+sAtcQ0B9k0KakiybWzEl7kCl4nSZv+B8dRr9dSZgjbnKM3Hjs
YcuW8ffanpEB4cpmuxmqBXTwDuPzWHs+RzeHuMYtaQ2ZL+AFMQ9tFjwCCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgbMMv29mDNwjjffHk9IhGJ5z+MMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvaUJzd3lfYjJZTTNDT045OGVUMGlFWW5uUDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwVyMA0G
CSqGSIb3DQEBCwUAA4IBAQBde+QdH15nU0+8XaPdy310Pq8frx3oDWQHH5VcxqUu
fo1SJfGE/YjM9KTZDJdxu19HD19ZkFjpES7ekX3GaEyh9aAr7ZePZ8Etq1UwqT8D
heXFXqKIDTeDoOtu1GjZ2wUWNdMhBB/ywQWj/cXizJ/PWbfcDFHTTyL0uhoLk/a7
iAYwpG2o06OnYhW7DmxcdnsSGM7V/zf2aoCZANAjUe3GQfxFHuvxcqmVXPaT2kDK
O8NIE2MJ44UU/A5NLO3ixCATMoEVFJGWLxugfEPq1zw+Mk+yDV8ygmo7WAP10lvU
Ojn9fS5FrecqouANqSJOsZc9hAiK5bP7HSyIOW4p5YGH
-----END CERTIFICATE-----