Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/IyOQ3_9kRcCaKPJsq4axOWy-HYs.roa
File:                     IyOQ3_9kRcCaKPJsq4axOWy-HYs.roa (raw, json)
Hash identifier:          S+LuIEKMRU2TRdcgebmfy4EZ9tZD9n61WhgTtODu9to=
Subject key identifier:   23:23:90:DF:FF:64:45:C0:9A:28:F2:6C:AB:86:B1:39:6C:BE:1D:8B
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500CA7F17DCB37E7FEB66A3EB4935F4
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/IyOQ3_9kRcCaKPJsq4axOWy-HYs.roa
Signing time:             Mon 01 Jan 2024 12:30:12 +0000
ROA not before:           Mon 01 Jan 2024 12:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216159
IP address blocks:        188.66.27.0/24 maxlen: 24
                          188.66.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ca:7f:17:dc:b3:7e:7f:eb:66:a3:eb:49:35:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=232390dfff6445c09a28f26cab86b1396cbe1d8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:62:7f:1e:98:01:54:19:1c:57:81:6c:22:32:
                    8c:83:6d:61:a5:73:c1:2a:47:04:bf:53:2b:e3:0f:
                    79:f0:b7:6d:17:2e:18:16:2c:e7:cc:20:0b:2b:76:
                    5d:7f:13:95:ad:62:fa:84:ee:21:5c:20:db:5f:dd:
                    7c:53:bd:35:91:cb:6f:30:9a:dd:3c:2d:7f:a1:79:
                    a9:72:ee:7f:de:42:57:0c:3e:ca:1f:1f:fa:b4:1d:
                    84:c9:33:03:75:fe:19:8b:02:c0:6b:bd:7d:11:84:
                    77:de:80:1c:bf:85:d0:09:78:55:2a:1a:33:6f:07:
                    cc:11:f1:a0:12:77:2f:74:9e:1c:98:d4:63:29:84:
                    6b:5b:48:31:ef:b5:e4:eb:be:ca:f4:61:42:59:7a:
                    36:54:e4:05:58:20:1a:28:db:8d:58:0c:b8:56:bf:
                    ae:c9:13:50:21:d0:f9:ca:16:61:7e:de:f3:f4:90:
                    0c:8f:5b:10:45:0e:d0:19:db:95:3f:28:1b:83:1c:
                    80:b1:b5:22:93:96:17:9a:c5:f8:76:9d:78:dc:66:
                    6d:0b:91:0d:6b:fc:80:82:19:2d:df:a9:f5:3c:ac:
                    ae:bb:46:d3:41:ce:da:36:c7:58:94:89:da:56:9f:
                    92:cc:17:81:99:f8:c4:ee:44:cc:dd:43:2a:af:5c:
                    00:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:23:90:DF:FF:64:45:C0:9A:28:F2:6C:AB:86:B1:39:6C:BE:1D:8B
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/IyOQ3_9kRcCaKPJsq4axOWy-HYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.25.0/24
                  188.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:0b:44:cb:a6:07:71:7c:c9:8a:45:7e:2a:c3:ba:95:b4:f1:
         3d:59:95:6d:0f:e7:50:57:2f:8c:4d:93:56:8d:54:fd:25:73:
         b9:da:53:0a:95:32:70:ce:c3:82:f8:6a:c5:73:18:d3:5e:97:
         e1:d5:fd:cb:49:ad:3a:67:ff:b6:7a:4b:bd:8a:fe:e5:35:f1:
         46:42:0d:42:6f:df:7f:5d:93:59:18:e0:4b:78:fd:49:61:df:
         ca:c6:c1:e4:22:c3:69:37:51:a7:a6:02:2b:91:3e:0f:6e:63:
         72:8e:63:cf:91:36:6a:92:35:6d:65:e4:f7:e6:4e:43:60:5f:
         0a:60:23:80:34:78:52:03:cb:80:b4:d9:41:10:8d:c9:66:68:
         b5:e9:0c:45:5b:62:99:08:24:ca:ce:20:d3:62:a3:11:d5:07:
         8b:d0:98:d2:34:2c:35:5b:04:81:37:bf:91:ed:6c:48:96:81:
         46:0e:12:93:16:3b:6e:ce:e4:64:e5:07:db:0e:8d:77:95:3f:
         f3:8c:3f:c9:b0:e0:03:a8:20:3b:47:7a:f3:6b:e4:d0:6f:e8:
         b0:42:47:0b:c4:06:f4:5b:a1:3a:a4:5a:d7:b9:d2:74:2f:a2:
         cc:63:7b:15:14:d0:2d:90:c8:e9:1f:27:32:48:78:2c:d5:f9:
         06:4e:3b:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAMp/F9yzfn/rZqPrSTX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzIzOTBkZmZmNjQ0NWMwOWEyOGYyNmNhYjg2YjEzOTZjYmUxZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWJ/HpgBVBkcV4FsIjKMg21hpXPB
KkcEv1Mr4w958LdtFy4YFiznzCALK3ZdfxOVrWL6hO4hXCDbX918U701kctvMJrd
PC1/oXmpcu5/3kJXDD7KHx/6tB2EyTMDdf4ZiwLAa719EYR33oAcv4XQCXhVKhoz
bwfMEfGgEncvdJ4cmNRjKYRrW0gx77Xk677K9GFCWXo2VOQFWCAaKNuNWAy4Vr+u
yRNQIdD5yhZhft7z9JAMj1sQRQ7QGduVPygbgxyAsbUik5YXmsX4dp143GZtC5EN
a/yAghkt36n1PKyuu0bTQc7aNsdYlInaVp+SzBeBmfjE7kTM3UMqr1wA7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCMjkN//ZEXAmijybKuGsTlsvh2LMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvSXlPUTNfOWtSY0NhS1BKc3E0YXhPV3ktSFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEIZAwQA
vEIbMA0GCSqGSIb3DQEBCwUAA4IBAQA8C0TLpgdxfMmKRX4qw7qVtPE9WZVtD+dQ
Vy+MTZNWjVT9JXO52lMKlTJwzsOC+GrFcxjTXpfh1f3LSa06Z/+2eku9iv7lNfFG
Qg1Cb99/XZNZGOBLeP1JYd/KxsHkIsNpN1GnpgIrkT4PbmNyjmPPkTZqkjVtZeT3
5k5DYF8KYCOANHhSA8uAtNlBEI3JZmi16QxFW2KZCCTKziDTYqMR1QeL0JjSNCw1
WwSBN7+R7WxIloFGDhKTFjtuzuRk5QfbDo13lT/zjD/JsOADqCA7R3rza+TQb+iw
QkcLxAb0W6E6pFrXudJ0L6LMY3sVFNAtkMjpHycySHgs1fkGTjsQ
-----END CERTIFICATE-----