Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/liYYEUDeEK4mb8kNgSbWRHrhdC8.roa
File:                     liYYEUDeEK4mb8kNgSbWRHrhdC8.roa (raw, json)
Hash identifier:          x+7bDIe8St1YG62wyUZpmycI67GTwgn7MhqsPRwNLlA=
Subject key identifier:   96:26:18:11:40:DE:10:AE:26:6F:C9:0D:81:26:D6:44:7A:E1:74:2F
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C52FB0889B1CD4023BE55837B695
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/liYYEUDeEK4mb8kNgSbWRHrhdC8.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32159
IP address blocks:        188.66.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c5:2f:b0:88:9b:1c:d4:02:3b:e5:58:37:b6:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9626181140de10ae266fc90d8126d6447ae1742f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:09:b4:b0:d0:cb:81:69:9e:16:d4:8b:92:15:
                    70:ce:ee:7b:31:32:63:5c:3e:83:c7:74:24:8c:70:
                    d2:48:3d:bc:4b:80:a0:1b:27:10:41:2e:16:1d:7c:
                    f5:91:64:57:42:4d:78:8f:56:9b:9e:ab:a7:cf:9a:
                    52:8a:fd:85:fd:96:33:40:45:73:ed:95:d1:6f:69:
                    f7:d1:60:42:26:b4:49:91:1a:8c:c7:17:93:a7:f8:
                    07:cc:99:54:ca:73:a4:0c:e7:54:ca:cc:34:dd:09:
                    6d:6a:be:1a:a3:66:89:b2:df:b5:50:2a:32:64:30:
                    25:c4:df:6b:f2:34:95:39:b5:88:e4:57:ec:06:cb:
                    b2:07:91:88:fc:e1:e1:ac:4f:70:b2:9c:43:85:cf:
                    89:23:5e:b1:24:a6:20:97:28:e3:e0:31:d4:cc:7a:
                    ee:c8:e4:91:1a:38:cc:6a:52:ff:f9:9f:73:c6:b8:
                    51:39:1d:b8:94:82:7c:21:5a:37:45:6c:46:b1:a8:
                    9a:de:c8:70:94:ec:61:80:76:54:2a:23:94:62:7b:
                    bc:aa:55:da:2e:50:7a:de:10:05:d7:9d:90:ff:82:
                    c4:16:cc:51:00:35:78:f1:61:4e:6a:fa:81:b0:24:
                    8f:ff:a1:fc:28:91:a0:02:a0:f8:94:bd:2d:f1:d4:
                    56:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:26:18:11:40:DE:10:AE:26:6F:C9:0D:81:26:D6:44:7A:E1:74:2F
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/liYYEUDeEK4mb8kNgSbWRHrhdC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f8:48:2a:0a:ab:9a:c5:85:4c:0d:0b:27:b7:e4:7e:04:e1:
         17:bf:8d:8e:1a:a0:53:57:05:21:f2:eb:26:ee:5d:e2:85:7e:
         8a:14:8e:63:9c:3e:75:56:6a:10:d4:ca:e4:43:53:db:b6:e9:
         e4:a3:35:6a:69:ad:97:64:69:f8:52:b6:e9:de:09:44:6b:4d:
         77:51:9a:d1:5e:56:f6:1e:fc:34:5c:7b:ea:66:b6:17:76:8a:
         e0:32:44:4c:39:e8:b9:c7:b2:e4:66:b8:d5:b4:0e:f8:30:4a:
         f8:7c:06:98:72:30:6a:b9:26:b5:69:d9:20:db:06:a6:46:17:
         a0:fa:a1:cd:b3:9f:ce:67:64:63:bd:47:ef:50:5d:97:e2:7b:
         c2:f2:41:73:fb:17:59:f7:a5:45:c8:fd:ec:91:78:b9:13:ed:
         ac:2d:5a:df:82:f2:b9:34:3a:d6:4f:9b:31:3a:19:f0:d3:b0:
         3d:0f:c1:aa:36:73:de:63:bd:2a:c6:b5:eb:c7:9c:07:83:04:
         80:38:e4:06:b6:59:cf:50:b2:d8:83:15:66:d0:b1:13:1e:b4:
         5d:89:9e:0b:2b:20:b4:49:2d:0d:3f:c0:c0:ca:b7:18:67:0b:
         5e:1b:18:90:86:2c:99:de:71:a9:94:6b:76:4f:d8:6b:05:c4:
         ba:90:0c:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMUvsIibHNQCO+VYN7aVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjI2MTgxMTQwZGUxMGFlMjY2ZmM5MGQ4MTI2ZDY0NDdhZTE3NDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwm0sNDLgWmeFtSLkhVwzu57MTJj
XD6Dx3QkjHDSSD28S4CgGycQQS4WHXz1kWRXQk14j1abnqunz5pSiv2F/ZYzQEVz
7ZXRb2n30WBCJrRJkRqMxxeTp/gHzJlUynOkDOdUysw03Qltar4ao2aJst+1UCoy
ZDAlxN9r8jSVObWI5FfsBsuyB5GI/OHhrE9wspxDhc+JI16xJKYglyjj4DHUzHru
yOSRGjjMalL/+Z9zxrhROR24lIJ8IVo3RWxGsaia3shwlOxhgHZUKiOUYnu8qlXa
LlB63hAF152Q/4LEFsxRADV48WFOavqBsCSP/6H8KJGgAqD4lL0t8dRWtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYmGBFA3hCuJm/JDYEm1kR64XQvMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvbGlZWUVVRGVFSzRtYjhrTmdTYldSSHJoZEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIYMA0G
CSqGSIb3DQEBCwUAA4IBAQAK+EgqCquaxYVMDQsnt+R+BOEXv42OGqBTVwUh8usm
7l3ihX6KFI5jnD51VmoQ1MrkQ1PbtunkozVqaa2XZGn4Urbp3glEa013UZrRXlb2
Hvw0XHvqZrYXdorgMkRMOei5x7LkZrjVtA74MEr4fAaYcjBquSa1adkg2wamRheg
+qHNs5/OZ2RjvUfvUF2X4nvC8kFz+xdZ96VFyP3skXi5E+2sLVrfgvK5NDrWT5sx
Ohnw07A9D8GqNnPeY70qxrXrx5wHgwSAOOQGtlnPULLYgxVm0LETHrRdiZ4LKyC0
SS0NP8DAyrcYZwteGxiQhiyZ3nGplGt2T9hrBcS6kAyJ
-----END CERTIFICATE-----