Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/exlEKANutgG_vDp1CnyhUG3YUe8.roa
File:                     exlEKANutgG_vDp1CnyhUG3YUe8.roa (raw, json)
Hash identifier:          NHAlDoUxYtYveHw9TLM5p3WftexDT/jlIeiCrEjifQ4=
Subject key identifier:   7B:19:44:28:03:6E:B6:01:BF:BC:3A:75:0A:7C:A1:50:6D:D8:51:EF
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5AF52808FF46C3AFF8338D41FC236
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/exlEKANutgG_vDp1CnyhUG3YUe8.roa
Signing time:             Thu 02 Jan 2025 15:50:05 +0000
ROA not before:           Thu 02 Jan 2025 15:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198883
IP address blocks:        188.66.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:af:52:80:8f:f4:6c:3a:ff:83:38:d4:1f:c2:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b194428036eb601bfbc3a750a7ca1506dd851ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:62:8c:41:4c:6b:df:a6:1f:08:1a:06:d4:4d:
                    90:a9:5e:5f:20:a1:ae:78:60:d0:ae:06:97:de:c9:
                    ec:13:65:df:a4:32:bb:17:3f:ef:22:0e:c8:40:16:
                    64:e6:c5:d7:b3:0d:80:1e:36:d2:b5:4b:b2:75:43:
                    e0:12:3f:7c:16:2c:69:b0:85:bc:d8:37:7a:11:ce:
                    2c:65:28:b7:63:3f:3f:35:58:0b:27:a5:3f:36:d8:
                    d1:fd:2c:4d:d2:c5:36:79:86:ea:59:38:4a:ea:b6:
                    59:ae:94:5f:80:71:00:7d:ad:92:f3:80:4a:5a:af:
                    0c:bf:4d:18:21:f9:01:1a:85:15:4e:90:86:99:9f:
                    73:91:c1:f2:6f:8c:67:47:30:1c:49:5d:23:b6:a9:
                    19:07:1e:5c:35:b5:e7:0d:35:4d:e9:1f:48:5c:6b:
                    b8:f9:de:36:b6:54:f5:67:52:fe:53:de:2c:d7:42:
                    f9:75:37:21:ca:5c:17:41:ec:82:89:bb:e3:ee:fe:
                    b8:67:d5:c0:26:e7:85:13:ad:13:82:c9:05:72:68:
                    90:74:fc:90:45:fd:c8:15:df:f9:0c:01:3c:55:63:
                    2c:fb:4f:b0:d4:7f:91:48:79:08:b3:08:05:ed:01:
                    d8:47:67:da:2a:4d:a7:28:48:bc:9b:99:b0:dc:55:
                    32:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:19:44:28:03:6E:B6:01:BF:BC:3A:75:0A:7C:A1:50:6D:D8:51:EF
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/exlEKANutgG_vDp1CnyhUG3YUe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:77:c0:17:d0:79:72:de:9f:02:81:90:76:c7:94:9f:c0:7b:
         7e:e5:36:dd:4f:e2:d6:5c:72:5a:b8:eb:2d:43:5f:61:e5:28:
         5f:11:9b:d1:46:34:11:b5:39:f9:ad:cd:a3:ee:db:81:6d:a3:
         55:01:72:33:5d:37:14:30:bd:e2:b6:79:d2:d9:4c:c4:96:60:
         e0:a9:0a:5a:7e:19:ca:b5:8f:00:12:57:19:74:0e:58:4b:30:
         14:14:d1:2f:fa:f7:8d:90:a2:cf:4c:42:28:20:d0:d2:50:1d:
         3d:5a:56:7b:f7:dd:c0:84:92:f9:96:71:48:d5:3e:a8:0a:7c:
         f3:07:57:98:79:25:e6:56:ba:d6:4c:2c:d1:6b:b5:f1:71:a6:
         13:4a:f6:30:41:2e:99:49:01:f4:e0:03:f5:21:15:d0:b6:a3:
         43:4f:4d:93:38:37:07:2a:73:e9:e4:09:71:3f:3b:7e:a2:68:
         f0:a9:75:e7:f5:92:1b:9f:ad:59:7a:21:04:14:4b:9a:d1:7c:
         ef:11:01:0f:ac:49:b3:e5:86:40:a7:40:4b:71:11:cb:3c:03:
         94:1a:40:13:2a:17:49:f5:04:4a:77:34:48:2e:84:00:8e:79:
         32:73:b7:57:4e:ca:42:19:60:e4:90:f8:e7:8e:52:97:09:ff:
         86:68:12:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnta9SgI/0bDr/gzjUH8I2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE5NDQyODAzNmViNjAxYmZiYzNhNzUwYTdjYTE1MDZkZDg1MWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mKMQUxr36YfCBoG1E2QqV5fIKGu
eGDQrgaX3snsE2XfpDK7Fz/vIg7IQBZk5sXXsw2AHjbStUuydUPgEj98FixpsIW8
2Dd6Ec4sZSi3Yz8/NVgLJ6U/NtjR/SxN0sU2eYbqWThK6rZZrpRfgHEAfa2S84BK
Wq8Mv00YIfkBGoUVTpCGmZ9zkcHyb4xnRzAcSV0jtqkZBx5cNbXnDTVN6R9IXGu4
+d42tlT1Z1L+U94s10L5dTchylwXQeyCibvj7v64Z9XAJueFE60TgskFcmiQdPyQ
Rf3IFd/5DAE8VWMs+0+w1H+RSHkIswgF7QHYR2faKk2nKEi8m5mw3FUyXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsZRCgDbrYBv7w6dQp8oVBt2FHvMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvZXhsRUtBTnV0Z0dfdkRwMUNueWhVRzNZVWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIbMA0G
CSqGSIb3DQEBCwUAA4IBAQBnd8AX0Hly3p8CgZB2x5SfwHt+5TbdT+LWXHJauOst
Q19h5ShfEZvRRjQRtTn5rc2j7tuBbaNVAXIzXTcUML3itnnS2UzElmDgqQpafhnK
tY8AElcZdA5YSzAUFNEv+veNkKLPTEIoINDSUB09WlZ7993AhJL5lnFI1T6oCnzz
B1eYeSXmVrrWTCzRa7XxcaYTSvYwQS6ZSQH04AP1IRXQtqNDT02TODcHKnPp5Alx
Pzt+omjwqXXn9ZIbn61ZeiEEFEua0XzvEQEPrEmz5YZAp0BLcRHLPAOUGkATKhdJ
9QRKdzRILoQAjnkyc7dXTspCGWDkkPjnjlKXCf+GaBJ8
-----END CERTIFICATE-----