Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/d1ogW3WxN0Vy_VZlHCgGlOrnezc.roa
File:                     d1ogW3WxN0Vy_VZlHCgGlOrnezc.roa (raw, json)
Hash identifier:          6ruWmO6+DlJ4vUG/gcPWSMLemL9HmLjlRTKaI8x73SI=
Subject key identifier:   77:5A:20:5B:75:B1:37:45:72:FD:56:65:1C:28:06:94:EA:E7:7B:37
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C6C49E16273A5756DE7E75112EB6
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/d1ogW3WxN0Vy_VZlHCgGlOrnezc.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198883
IP address blocks:        188.66.27.0/24 maxlen: 24
                          188.66.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c6:c4:9e:16:27:3a:57:56:de:7e:75:11:2e:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=775a205b75b1374572fd56651c280694eae77b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:33:cb:8b:aa:54:da:e3:9c:29:28:05:31:4a:
                    08:75:2d:03:9f:2c:fa:c6:de:48:1c:55:4b:25:5b:
                    cd:68:9d:5c:d6:3d:61:a1:22:be:74:14:77:35:bf:
                    d3:84:02:94:c4:f8:d9:01:99:ff:e5:6a:04:27:0f:
                    b3:3b:25:d9:41:98:87:c9:35:2f:95:2d:34:08:13:
                    da:9c:76:2f:56:52:2c:6a:c7:08:6c:ed:d0:70:58:
                    c9:a4:3f:11:49:75:b7:c8:25:cf:5f:88:db:a6:ef:
                    7d:04:b9:3f:18:17:fb:50:d0:73:ea:47:33:1e:fe:
                    e1:20:ea:32:e2:00:90:8d:6e:42:e7:c2:dc:eb:05:
                    7a:42:f5:c6:f8:e6:43:59:c4:28:61:5d:83:09:2b:
                    cd:d0:e1:dc:81:11:23:68:3d:49:cc:0e:98:11:16:
                    27:49:f1:20:9a:2c:4c:95:47:69:ef:3d:8a:ab:b5:
                    fb:11:98:eb:34:cf:28:c4:86:41:2e:ee:bd:e2:a4:
                    a9:6c:ee:ca:5e:c0:8c:2e:90:27:2c:39:ce:ff:06:
                    8b:fe:ba:eb:78:2f:78:ac:0f:fa:13:df:ed:4e:a5:
                    6e:36:a7:78:d9:c6:f9:e8:4d:00:f1:3e:a8:73:17:
                    83:6b:9b:24:f2:d7:05:1c:46:3b:af:e3:2f:46:4b:
                    d6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:5A:20:5B:75:B1:37:45:72:FD:56:65:1C:28:06:94:EA:E7:7B:37
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/d1ogW3WxN0Vy_VZlHCgGlOrnezc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.25.0/24
                  188.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:65:34:db:64:88:8f:53:b6:36:0c:e9:38:60:f4:d7:7e:ff:
         84:f4:a1:40:de:22:a3:22:65:af:c0:66:5a:76:2d:51:24:95:
         c5:f2:41:33:11:bc:33:29:16:63:dc:f7:e6:6c:2f:c0:84:13:
         32:33:a7:95:b3:ae:ee:81:ee:98:e3:c0:c7:a7:ba:e5:9f:0c:
         94:3c:a8:7e:09:1f:51:cb:ac:1d:fe:b9:94:d2:9e:49:3f:29:
         8c:2d:2c:60:81:74:04:25:fc:34:f5:b5:51:c9:26:63:e7:73:
         a6:48:f7:ec:90:23:08:2d:79:e9:41:2d:f5:9e:25:4f:97:ce:
         27:38:9e:3a:58:4b:61:8e:ee:6a:8b:8e:63:30:fa:83:1a:37:
         f5:d3:95:32:50:f7:80:26:a5:07:9c:eb:38:fb:e5:1e:e7:0c:
         f0:15:3f:f8:d3:7f:7c:66:e2:8f:e5:be:e7:98:41:cf:f7:e8:
         90:03:9e:bf:59:1d:23:2f:ce:54:98:5e:9b:1f:0d:74:42:de:
         b7:ed:71:88:75:23:46:42:6e:14:ee:58:f1:38:1d:e0:3b:bf:
         14:a7:2d:31:72:6e:fe:aa:e9:64:55:ff:7a:ad:c6:c5:7b:8f:
         b6:1a:96:43:98:a5:9f:3c:0b:85:4b:96:f2:62:3a:f6:f7:7e:
         dd:4d:16:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAMbEnhYnOldW3n51ES62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzVhMjA1Yjc1YjEzNzQ1NzJmZDU2NjUxYzI4MDY5NGVhZTc3YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDPLi6pU2uOcKSgFMUoIdS0Dnyz6
xt5IHFVLJVvNaJ1c1j1hoSK+dBR3Nb/ThAKUxPjZAZn/5WoEJw+zOyXZQZiHyTUv
lS00CBPanHYvVlIsascIbO3QcFjJpD8RSXW3yCXPX4jbpu99BLk/GBf7UNBz6kcz
Hv7hIOoy4gCQjW5C58Lc6wV6QvXG+OZDWcQoYV2DCSvN0OHcgREjaD1JzA6YERYn
SfEgmixMlUdp7z2Kq7X7EZjrNM8oxIZBLu694qSpbO7KXsCMLpAnLDnO/waL/rrr
eC94rA/6E9/tTqVuNqd42cb56E0A8T6ocxeDa5sk8tcFHEY7r+MvRkvWowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHdaIFt1sTdFcv1WZRwoBpTq53s3MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvZDFvZ1czV3hOMFZ5X1ZabEhDZ0dsT3JuZXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEIZAwQA
vEIbMA0GCSqGSIb3DQEBCwUAA4IBAQB/ZTTbZIiPU7Y2DOk4YPTXfv+E9KFA3iKj
ImWvwGZadi1RJJXF8kEzEbwzKRZj3PfmbC/AhBMyM6eVs67uge6Y48DHp7rlnwyU
PKh+CR9Ry6wd/rmU0p5JPymMLSxggXQEJfw09bVRySZj53OmSPfskCMILXnpQS31
niVPl84nOJ46WEthju5qi45jMPqDGjf105UyUPeAJqUHnOs4++Ue5wzwFT/40398
ZuKP5b7nmEHP9+iQA56/WR0jL85UmF6bHw10Qt637XGIdSNGQm4U7ljxOB3gO78U
py0xcm7+qulkVf96rcbFe4+2GpZDmKWfPAuFS5byYjr2937dTRZ4
-----END CERTIFICATE-----