Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/dEKSh_pL1TMf0A8XqCogsaV9pgE.roa
File:                     dEKSh_pL1TMf0A8XqCogsaV9pgE.roa (raw, json)
Hash identifier:          lbp3HNIcwm4IEpbBJM++DNSOugQv9ZmM63P/NmmcBWo=
Subject key identifier:   74:42:92:87:FA:4B:D5:33:1F:D0:0F:17:A8:2A:20:B1:A5:7D:A6:01
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0190370023DBD6AF6BB7FC65AAE5C903B184
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/dEKSh_pL1TMf0A8XqCogsaV9pgE.roa
Signing time:             Thu 20 Jun 2024 18:54:34 +0000
ROA not before:           Thu 20 Jun 2024 18:54:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215287
IP address blocks:        188.66.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 15:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:37:00:23:db:d6:af:6b:b7:fc:65:aa:e5:c9:03:b1:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jun 20 18:54:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74429287fa4bd5331fd00f17a82a20b1a57da601
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a7:de:8f:dd:1e:7c:fd:7e:4c:b1:e3:e3:56:
                    d7:0f:9f:f6:ca:cd:06:98:54:0d:54:ad:76:a2:51:
                    54:62:90:b9:fc:e5:5e:0e:e6:69:75:87:75:57:d8:
                    ef:95:91:18:04:f3:61:0b:b5:c7:91:ac:bb:ea:56:
                    ea:76:ed:c4:54:92:f3:a3:5c:6a:73:ba:a9:9c:3e:
                    49:5d:77:b5:da:67:fa:03:53:e3:24:c0:05:96:85:
                    76:06:74:e3:b9:6a:c1:d0:28:34:cb:12:e8:c7:f5:
                    dd:de:87:58:7d:1d:59:8e:1f:f7:60:1b:5e:c6:24:
                    c9:6d:bc:f8:d9:be:17:ac:5d:86:23:2e:b5:ce:eb:
                    ee:21:55:64:9e:90:c9:d3:e2:7a:3b:82:3b:6c:cb:
                    64:1b:92:04:d4:a2:0b:e2:07:fb:f5:6a:1a:54:f2:
                    53:b5:c3:c2:f5:6b:98:53:72:c0:45:d6:b6:86:4b:
                    56:1f:9e:96:fb:a6:c9:8f:0e:bb:72:2f:00:d2:09:
                    48:95:c9:de:ec:d6:12:ea:11:f2:7b:32:2a:a2:35:
                    a3:63:e4:c3:95:9e:38:e3:09:4d:6a:8e:90:93:d5:
                    48:21:46:20:28:94:df:eb:e2:b0:41:cd:c7:ec:cc:
                    8c:16:52:1a:32:04:4f:a8:78:d0:75:13:f3:73:80:
                    5e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:42:92:87:FA:4B:D5:33:1F:D0:0F:17:A8:2A:20:B1:A5:7D:A6:01
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/dEKSh_pL1TMf0A8XqCogsaV9pgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:ad:7c:85:76:9b:7f:5e:37:50:5f:55:d0:bf:79:e5:54:f4:
         ee:c8:c0:3f:28:da:a4:28:4f:1e:09:fa:97:a9:23:01:67:ea:
         3b:77:a7:c0:9e:18:8b:5c:70:4b:24:cf:74:98:a0:7a:9d:17:
         e8:28:f3:9d:3e:00:26:b3:92:aa:df:a4:0c:41:66:30:32:54:
         99:2a:87:93:50:1e:6c:fc:89:1a:09:6b:77:a6:92:33:5a:43:
         7c:5e:aa:3e:ff:80:92:35:d4:b9:8d:0e:e5:77:d2:8e:6b:0f:
         9a:b2:d4:66:cf:d7:9d:e2:53:f6:3a:48:21:56:97:53:96:60:
         d1:11:d2:30:bb:1a:f4:1d:ff:06:e9:ac:8c:e5:e5:34:0f:5f:
         61:33:93:cc:07:5a:c1:e1:87:dd:91:e6:0f:6a:b2:e4:81:a1:
         f3:d5:6b:61:4b:a5:d2:d7:0f:16:3d:55:e8:ae:39:3b:fd:ee:
         92:9c:da:76:d5:ce:9a:b0:fc:35:7a:d6:c9:d1:9a:44:1d:3a:
         ba:71:48:09:d6:05:cb:26:cf:be:2e:9d:22:b6:2c:58:54:07:
         c9:e4:02:a0:e2:d9:64:be:ec:aa:dd:31:4c:9c:a8:95:f5:a1:
         f8:35:b7:8a:22:b4:12:3c:08:56:94:a6:a3:12:a7:97:9e:26:
         05:36:6d:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA3ACPb1q9rt/xlquXJA7GEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwNjIwMTg1NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDQyOTI4N2ZhNGJkNTMzMWZkMDBmMTdhODJhMjBiMWE1N2RhNjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qfej90efP1+TLHj41bXD5/2ys0G
mFQNVK12olFUYpC5/OVeDuZpdYd1V9jvlZEYBPNhC7XHkay76lbqdu3EVJLzo1xq
c7qpnD5JXXe12mf6A1PjJMAFloV2BnTjuWrB0Cg0yxLox/Xd3odYfR1Zjh/3YBte
xiTJbbz42b4XrF2GIy61zuvuIVVknpDJ0+J6O4I7bMtkG5IE1KIL4gf79WoaVPJT
tcPC9WuYU3LARda2hktWH56W+6bJjw67ci8A0glIlcne7NYS6hHyezIqojWjY+TD
lZ444wlNao6Qk9VIIUYgKJTf6+KwQc3H7MyMFlIaMgRPqHjQdRPzc4BelwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRCkof6S9UzH9APF6gqILGlfaYBMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvZEVLU2hfcEwxVE1mMEE4WHFDb2dzYVY5cGdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIaMA0G
CSqGSIb3DQEBCwUAA4IBAQASrXyFdpt/XjdQX1XQv3nlVPTuyMA/KNqkKE8eCfqX
qSMBZ+o7d6fAnhiLXHBLJM90mKB6nRfoKPOdPgAms5Kq36QMQWYwMlSZKoeTUB5s
/IkaCWt3ppIzWkN8Xqo+/4CSNdS5jQ7ld9KOaw+astRmz9ed4lP2OkghVpdTlmDR
EdIwuxr0Hf8G6ayM5eU0D19hM5PMB1rB4YfdkeYParLkgaHz1WthS6XS1w8WPVXo
rjk7/e6SnNp21c6asPw1etbJ0ZpEHTq6cUgJ1gXLJs++Lp0itixYVAfJ5AKg4tlk
vuyq3TFMnKiV9aH4NbeKIrQSPAhWlKajEqeXniYFNm3O
-----END CERTIFICATE-----