Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/EhgLyU8HvtDYz7dSasUYheXrZLM.roa
File:                     EhgLyU8HvtDYz7dSasUYheXrZLM.roa (raw, json)
Hash identifier:          M1xbdPb+iwx/tX5zOJU79vyx7DCdsgOEGBkZvr6JmwQ=
Subject key identifier:   12:18:0B:C9:4F:07:BE:D0:D8:CF:B7:52:6A:C5:18:85:E5:EB:64:B3
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018D0971AABEFE6CB974B8F91EAD988B700A
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/EhgLyU8HvtDYz7dSasUYheXrZLM.roa
Signing time:             Sun 14 Jan 2024 19:27:40 +0000
ROA not before:           Sun 14 Jan 2024 19:27:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        188.66.27.0/24 maxlen: 24
                          188.66.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:09:71:aa:be:fe:6c:b9:74:b8:f9:1e:ad:98:8b:70:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan 14 19:27:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12180bc94f07bed0d8cfb7526ac51885e5eb64b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:24:9c:b9:13:17:6c:71:91:50:cd:83:dc:9c:
                    aa:fd:1d:f2:1d:46:74:c4:1e:3d:97:f2:ff:46:dc:
                    6e:b8:63:86:fa:94:a4:81:74:a7:3f:0b:3a:86:96:
                    c2:20:0d:82:c6:40:df:ba:5e:a7:14:24:4d:31:ef:
                    02:55:97:ea:17:f9:e3:54:b1:be:11:54:d5:b3:11:
                    da:9b:f7:f3:03:19:12:d6:f9:23:42:a2:1b:ec:3c:
                    e9:37:d6:bd:57:86:3b:7c:b0:18:27:23:2e:a3:07:
                    bf:7f:f4:c6:b8:e1:1e:b4:af:67:09:02:53:f5:33:
                    eb:91:8a:4f:96:cf:0b:91:db:29:37:13:ff:b4:45:
                    e0:dc:0f:44:48:a8:16:25:a1:b2:4d:e0:c5:94:06:
                    34:96:a4:ce:24:ea:cd:d5:41:9b:92:09:55:19:60:
                    19:54:71:0c:2d:f0:0c:b7:97:0f:79:b0:f2:38:0d:
                    1e:38:86:d0:a0:89:1b:38:dd:92:b5:53:b4:35:07:
                    a4:87:e6:4d:fe:ca:3d:25:06:1d:5d:78:cf:ad:96:
                    6b:f4:33:ba:2b:0c:bc:65:48:d4:89:ad:dd:b0:bc:
                    b9:e2:08:34:1b:96:c5:16:c9:dc:89:a2:b2:47:31:
                    a7:a3:1c:fa:ee:13:37:17:2a:0f:b2:bd:44:91:b4:
                    61:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:18:0B:C9:4F:07:BE:D0:D8:CF:B7:52:6A:C5:18:85:E5:EB:64:B3
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/EhgLyU8HvtDYz7dSasUYheXrZLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.25.0/24
                  188.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:06:06:b2:9d:9d:bb:56:c1:da:d8:4f:35:1a:e7:ae:36:d2:
         b2:05:7c:a8:ca:ed:2d:d3:5d:44:cc:23:7a:cf:2c:2e:be:94:
         39:ae:db:55:d5:67:14:d8:7c:7a:8f:c3:7f:48:4e:95:f7:d8:
         97:a6:54:fc:99:72:f4:e4:9d:d1:fb:2a:2b:c0:19:ad:b9:ba:
         e8:b4:b8:f6:0c:2e:30:d4:dd:af:b2:66:90:8c:89:2c:46:13:
         e7:47:43:1f:42:45:95:10:fe:07:f0:35:a9:84:c1:04:1e:dd:
         9e:32:52:27:81:97:2a:b5:be:7c:59:e2:46:e1:d8:43:d8:c0:
         bb:28:04:90:38:70:f1:1f:ad:f6:60:e6:0b:91:4a:d8:96:59:
         41:24:0e:49:4d:12:18:e1:ac:57:c9:02:9d:f8:89:6d:c5:c0:
         15:80:26:5b:fc:27:4f:1e:dc:cd:bc:4d:59:f8:12:4c:d6:0b:
         91:65:98:9f:c3:4c:75:8e:d1:43:15:7f:99:43:83:6f:43:c5:
         8e:69:e2:b7:27:d5:1d:53:ed:78:b3:9f:4f:77:1b:42:13:6c:
         e6:38:45:22:52:89:7a:42:f9:72:04:eb:24:df:b2:df:da:4c:
         88:9d:ea:d3:cc:2d:1a:a7:63:a0:40:13:1a:09:e4:9e:c8:f6:
         30:df:fc:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0Jcaq+/my5dLj5Hq2Yi3AKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTE0MTkyNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjE4MGJjOTRmMDdiZWQwZDhjZmI3NTI2YWM1MTg4NWU1ZWI2NGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiScuRMXbHGRUM2D3Jyq/R3yHUZ0
xB49l/L/RtxuuGOG+pSkgXSnPws6hpbCIA2CxkDful6nFCRNMe8CVZfqF/njVLG+
EVTVsxHam/fzAxkS1vkjQqIb7DzpN9a9V4Y7fLAYJyMuowe/f/TGuOEetK9nCQJT
9TPrkYpPls8LkdspNxP/tEXg3A9ESKgWJaGyTeDFlAY0lqTOJOrN1UGbkglVGWAZ
VHEMLfAMt5cPebDyOA0eOIbQoIkbON2StVO0NQekh+ZN/so9JQYdXXjPrZZr9DO6
Kwy8ZUjUia3dsLy54gg0G5bFFsnciaKyRzGnoxz67hM3FyoPsr1EkbRh3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBIYC8lPB77Q2M+3UmrFGIXl62SzMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvRWhnTHlVOEh2dERZejdkU2FzVVloZVhyWkxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEIZAwQA
vEIbMA0GCSqGSIb3DQEBCwUAA4IBAQBzBgaynZ27VsHa2E81GueuNtKyBXyoyu0t
011EzCN6zywuvpQ5rttV1WcU2Hx6j8N/SE6V99iXplT8mXL05J3R+yorwBmtubro
tLj2DC4w1N2vsmaQjIksRhPnR0MfQkWVEP4H8DWphMEEHt2eMlIngZcqtb58WeJG
4dhD2MC7KASQOHDxH632YOYLkUrYlllBJA5JTRIY4axXyQKd+IltxcAVgCZb/CdP
HtzNvE1Z+BJM1guRZZifw0x1jtFDFX+ZQ4NvQ8WOaeK3J9UdU+14s59PdxtCE2zm
OEUiUol6QvlyBOsk37Lf2kyInerTzC0ap2OgQBMaCeSeyPYw3/w1
-----END CERTIFICATE-----