Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/E41iAo-YhWo417aVu3UFCXW5I0U.roa
File:                     E41iAo-YhWo417aVu3UFCXW5I0U.roa (raw, json)
Hash identifier:          FPYq7/mqqnQsvVNvJMzlmLszXu5+IG0MN3SMAMVazpQ=
Subject key identifier:   13:8D:62:02:8F:98:85:6A:38:D7:B6:95:BB:75:05:09:75:B9:23:45
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       01981388B2EF0DA7432ED952D0891971BD89
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/E41iAo-YhWo417aVu3UFCXW5I0U.roa
Signing time:             Wed 16 Jul 2025 13:59:42 +0000
ROA not before:           Wed 16 Jul 2025 13:59:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44092
IP address blocks:        188.66.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:13:88:b2:ef:0d:a7:43:2e:d9:52:d0:89:19:71:bd:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jul 16 13:59:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=138d62028f98856a38d7b695bb75050975b92345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4c:28:3f:c5:d2:95:0f:98:36:94:b0:6e:77:
                    c1:bf:02:d3:f1:94:ff:21:fe:35:8c:8c:40:f1:9f:
                    66:0f:49:35:d6:1d:0f:ac:6c:85:91:e3:de:03:f6:
                    46:7a:16:10:fa:83:ea:12:05:1f:e4:5d:f6:f3:5c:
                    68:5c:a7:ee:c1:f1:f0:82:28:a6:9f:86:3f:d7:05:
                    cb:50:98:db:d2:a4:ab:f9:1e:46:ad:b7:d6:77:21:
                    0d:28:cc:64:bb:77:99:13:cf:21:bc:77:25:f8:a1:
                    c6:d0:ca:3b:5b:88:4c:6b:a4:6b:4d:19:71:78:a8:
                    7a:e2:75:28:ff:e4:f9:e4:66:f3:3d:63:60:d9:e6:
                    c3:13:8f:90:4b:9d:b5:ad:08:4b:b1:43:22:b3:5d:
                    82:70:59:01:c1:4b:2b:df:c7:3e:40:75:79:36:c0:
                    ab:78:a5:11:81:13:df:9a:99:10:c1:27:7d:78:02:
                    a7:99:19:e8:1c:63:d8:7b:66:59:33:23:24:25:2d:
                    5f:02:0f:d6:0b:3d:82:3b:62:b7:79:95:06:f6:d0:
                    14:2d:61:44:ae:20:b4:e7:da:3a:4b:ae:64:cd:9b:
                    97:3f:14:3f:1c:b2:48:af:f2:00:2a:5c:90:1f:1a:
                    93:df:20:57:f4:73:d7:bd:25:41:d9:a6:35:e5:de:
                    14:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:8D:62:02:8F:98:85:6A:38:D7:B6:95:BB:75:05:09:75:B9:23:45
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/E41iAo-YhWo417aVu3UFCXW5I0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:fb:a8:26:91:a7:44:f5:6f:ac:4e:3e:9d:5f:8a:70:db:34:
         3a:0a:06:21:06:32:3d:17:ad:a1:61:32:ae:4d:ca:01:19:44:
         a0:28:fe:91:9a:d0:ea:26:fc:8c:b2:04:c1:48:d9:de:0f:1a:
         d8:89:23:50:30:da:6a:7a:ca:3b:62:3b:3d:26:ba:57:c9:ca:
         d2:34:14:96:e1:5a:25:80:df:02:ca:33:a5:25:ac:a3:0b:55:
         50:5a:61:1e:6f:a7:18:22:09:f6:2b:67:e9:7b:f5:01:06:81:
         95:f1:a4:42:95:03:9b:2d:81:ae:9b:ef:64:fe:c2:5a:c2:a2:
         3a:4c:00:b7:19:3a:96:37:f7:19:c6:fb:81:09:db:c9:86:c6:
         eb:58:b4:4b:0e:56:42:dd:89:3c:e3:38:6b:08:0c:23:cb:66:
         71:03:59:80:39:17:31:94:af:97:11:ff:7e:f5:78:57:4a:2a:
         cc:c5:24:86:04:8b:04:00:8f:a1:13:1e:3a:14:d7:b2:2b:22:
         95:e1:c6:dd:92:40:ae:5a:1f:9c:7e:fb:36:0d:7d:8b:c9:5b:
         36:04:a4:0d:34:2e:bd:f2:92:11:fa:17:f4:43:58:1c:d8:4b:
         a2:f4:d6:5e:99:eb:0d:a7:11:c7:91:f5:79:1f:db:16:29:87:
         f1:c4:42:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgTiLLvDadDLtlS0IkZcb2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwNzE2MTM1OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzhkNjIwMjhmOTg4NTZhMzhkN2I2OTViYjc1MDUwOTc1YjkyMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EwoP8XSlQ+YNpSwbnfBvwLT8ZT/
If41jIxA8Z9mD0k11h0PrGyFkePeA/ZGehYQ+oPqEgUf5F3281xoXKfuwfHwgiim
n4Y/1wXLUJjb0qSr+R5GrbfWdyENKMxku3eZE88hvHcl+KHG0Mo7W4hMa6RrTRlx
eKh64nUo/+T55GbzPWNg2ebDE4+QS521rQhLsUMis12CcFkBwUsr38c+QHV5NsCr
eKURgRPfmpkQwSd9eAKnmRnoHGPYe2ZZMyMkJS1fAg/WCz2CO2K3eZUG9tAULWFE
riC059o6S65kzZuXPxQ/HLJIr/IAKlyQHxqT3yBX9HPXvSVB2aY15d4U0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBONYgKPmIVqONe2lbt1BQl1uSNFMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvRTQxaUFvLVloV280MTdhVnUzVUZDWFc1STBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIYMA0G
CSqGSIb3DQEBCwUAA4IBAQCF+6gmkadE9W+sTj6dX4pw2zQ6CgYhBjI9F62hYTKu
TcoBGUSgKP6RmtDqJvyMsgTBSNneDxrYiSNQMNpqeso7Yjs9JrpXycrSNBSW4Vol
gN8CyjOlJayjC1VQWmEeb6cYIgn2K2fpe/UBBoGV8aRClQObLYGum+9k/sJawqI6
TAC3GTqWN/cZxvuBCdvJhsbrWLRLDlZC3Yk84zhrCAwjy2ZxA1mAORcxlK+XEf9+
9XhXSirMxSSGBIsEAI+hEx46FNeyKyKV4cbdkkCuWh+cfvs2DX2LyVs2BKQNNC69
8pIR+hf0Q1gc2Eui9NZemesNpxHHkfV5H9sWKYfxxEIi
-----END CERTIFICATE-----