Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/J0GauXW8BXn08yRJlHrYSe_LNsE.roa
File:                     J0GauXW8BXn08yRJlHrYSe_LNsE.roa (raw, json)
Hash identifier:          z9XbDgVuvEGm+vIMXuYevUxw9a7P2cgkXN9vVoJpaFk=
Subject key identifier:   27:41:9A:B9:75:BC:05:79:F4:F3:24:49:94:7A:D8:49:EF:CB:36:C1
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019364006E240C4A7319DAD4002167DB6BDE
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/J0GauXW8BXn08yRJlHrYSe_LNsE.roa
Signing time:             Mon 25 Nov 2024 15:46:09 +0000
ROA not before:           Mon 25 Nov 2024 15:46:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        188.66.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:64:00:6e:24:0c:4a:73:19:da:d4:00:21:67:db:6b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Nov 25 15:46:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27419ab975bc0579f4f32449947ad849efcb36c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c0:05:c8:38:b4:24:1e:04:f5:3a:6f:01:8b:
                    3b:bb:14:20:c0:d8:42:ce:88:ad:07:bd:f8:da:70:
                    35:6f:bd:0b:aa:d8:33:3b:4f:cd:f5:f2:95:58:8a:
                    96:ff:ba:55:6a:cf:11:f8:f4:b7:e8:73:d4:09:00:
                    4f:6a:3d:27:1a:3a:4d:9c:93:7e:bc:1d:54:a5:1f:
                    e4:b6:5f:ee:7a:1f:2d:2e:19:1d:1d:59:19:a4:c2:
                    f5:34:0c:8b:4c:09:e3:85:30:b2:50:04:55:ba:04:
                    36:34:23:dd:12:cf:de:8f:a6:66:9b:dd:5a:89:e4:
                    f2:ec:da:3a:e9:ac:f5:4b:36:fe:03:63:c9:ad:a3:
                    56:9e:d3:cc:38:70:3d:2b:1a:37:a0:31:90:9d:95:
                    13:49:c2:e0:76:5b:8e:ad:f6:dd:dd:43:f0:28:d1:
                    22:8d:42:f3:84:de:90:d3:2e:2e:ee:86:0d:6a:d8:
                    2e:c6:b0:72:ef:0a:59:bd:5a:a6:db:95:b6:53:4b:
                    93:fe:5c:a7:ba:29:76:9a:f1:86:84:d2:38:9a:7a:
                    69:44:dd:9f:f7:12:05:d3:24:79:ea:61:d4:ab:9c:
                    48:28:a3:ac:6b:e5:00:78:52:d7:a3:af:b2:6b:06:
                    67:10:8d:64:fc:8a:41:bd:b7:cc:c0:48:d5:17:28:
                    78:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:41:9A:B9:75:BC:05:79:F4:F3:24:49:94:7A:D8:49:EF:CB:36:C1
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/J0GauXW8BXn08yRJlHrYSe_LNsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:df:16:16:d1:c4:ce:23:0b:ef:04:59:08:fa:90:41:7e:c4:
         07:95:76:fe:ad:60:54:a2:28:5d:8b:d5:42:91:80:64:02:15:
         2c:c1:4c:3e:57:58:08:48:65:ff:87:a3:ac:63:86:82:4f:42:
         b0:e5:49:5a:b3:b2:52:12:26:f8:c1:40:f4:02:1b:15:31:a8:
         7f:30:7c:00:e2:ef:f8:62:89:ea:bf:88:8a:3a:c1:9f:5c:7d:
         6a:8e:73:bc:86:46:fc:82:0f:d6:7d:be:a8:78:f0:b2:b9:f3:
         2a:63:3c:d5:ec:de:6e:51:63:a1:99:ae:24:43:47:2d:6e:dd:
         f2:40:52:4b:e7:95:54:17:b7:a8:e7:b3:0a:22:7e:a8:28:8f:
         ae:29:74:c3:88:e3:e7:52:e0:32:64:01:ed:bb:57:ed:91:52:
         2a:21:58:00:13:c1:08:48:1b:40:49:6c:b3:4e:74:c4:29:67:
         08:4a:bd:22:97:d9:2e:fd:aa:5c:77:13:ad:d0:9e:c3:be:1a:
         88:ae:f7:6a:7d:0a:01:0b:8b:a9:03:9b:7d:0a:88:1a:bf:86:
         60:5d:f0:41:a2:da:a1:91:58:7f:7f:c2:5f:6e:6f:ee:8a:22:
         be:95:15:48:75:94:21:19:da:e2:d3:e2:d9:fa:3a:fa:9c:9c:
         0e:3d:07:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNkAG4kDEpzGdrUACFn22veMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQxMTI1MTU0NjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzQxOWFiOTc1YmMwNTc5ZjRmMzI0NDk5NDdhZDg0OWVmY2IzNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8AFyDi0JB4E9TpvAYs7uxQgwNhC
zoitB7342nA1b70LqtgzO0/N9fKVWIqW/7pVas8R+PS36HPUCQBPaj0nGjpNnJN+
vB1UpR/ktl/ueh8tLhkdHVkZpML1NAyLTAnjhTCyUARVugQ2NCPdEs/ej6Zmm91a
ieTy7No66az1Szb+A2PJraNWntPMOHA9Kxo3oDGQnZUTScLgdluOrfbd3UPwKNEi
jULzhN6Q0y4u7oYNatguxrBy7wpZvVqm25W2U0uT/lynuil2mvGGhNI4mnppRN2f
9xIF0yR56mHUq5xIKKOsa+UAeFLXo6+yawZnEI1k/IpBvbfMwEjVFyh4fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdBmrl1vAV59PMkSZR62EnvyzbBMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvSjBHYXVYVzhCWG4wOHlSSmxIcllTZV9MTnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIaMA0G
CSqGSIb3DQEBCwUAA4IBAQBb3xYW0cTOIwvvBFkI+pBBfsQHlXb+rWBUoihdi9VC
kYBkAhUswUw+V1gISGX/h6OsY4aCT0Kw5Ulas7JSEib4wUD0AhsVMah/MHwA4u/4
Yonqv4iKOsGfXH1qjnO8hkb8gg/Wfb6oePCyufMqYzzV7N5uUWOhma4kQ0ctbt3y
QFJL55VUF7eo57MKIn6oKI+uKXTDiOPnUuAyZAHtu1ftkVIqIVgAE8EISBtASWyz
TnTEKWcISr0il9ku/apcdxOt0J7DvhqIrvdqfQoBC4upA5t9Cogav4ZgXfBBotqh
kVh/f8Jfbm/uiiK+lRVIdZQhGdri0+LZ+jr6nJwOPQfQ
-----END CERTIFICATE-----