Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/p5OBToLLw5pvvlKMmJQcKKUQ2J8.roa
File:                     p5OBToLLw5pvvlKMmJQcKKUQ2J8.roa (raw, json)
Hash identifier:          f0OvVP/T0hmS5D1Ng9LpF/4W8etUVwFGHZhXoxRNYVM=
Subject key identifier:   A7:93:81:4E:82:CB:C3:9A:6F:BE:52:8C:98:94:1C:28:A5:10:D8:9F
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       01926B868A0CFB8B429497A02A848068835E
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/p5OBToLLw5pvvlKMmJQcKKUQ2J8.roa
Signing time:             Tue 08 Oct 2024 09:47:12 +0000
ROA not before:           Tue 08 Oct 2024 09:47:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        188.66.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6b:86:8a:0c:fb:8b:42:94:97:a0:2a:84:80:68:83:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Oct  8 09:47:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a793814e82cbc39a6fbe528c98941c28a510d89f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:22:ac:ed:44:4c:0d:d9:48:b5:b7:21:e5:8f:
                    ae:4b:84:c7:ea:01:e1:4c:81:91:ad:fc:1e:65:f0:
                    13:6d:db:88:ac:fc:a4:15:bd:89:7f:17:d4:65:5c:
                    43:c0:be:8f:5b:18:a4:b6:9c:aa:1d:e1:41:0a:03:
                    0e:6b:28:c5:c2:38:f3:1a:c4:8e:15:05:0f:a2:09:
                    47:27:5a:47:fe:fc:b0:15:18:27:e1:f3:e0:70:d9:
                    b4:01:59:96:f5:2b:d9:6e:13:60:65:e7:15:0a:8b:
                    f7:76:cb:c1:fa:a8:8e:cf:0d:a4:5d:43:68:45:22:
                    08:60:6f:b3:33:49:a7:08:0d:e5:a3:59:16:64:b8:
                    ec:76:33:55:9a:44:5c:1f:0b:7c:81:0c:bb:4a:d0:
                    b2:e8:fb:f4:9f:e1:24:0e:d9:80:bb:21:96:83:c4:
                    5e:d5:83:32:d3:99:17:e1:95:0c:6e:d6:2b:1a:c9:
                    5a:db:1a:4a:8e:d6:4c:97:28:0d:c4:ac:4d:6c:92:
                    22:c0:9b:07:a2:61:02:96:61:9c:58:69:5e:e9:87:
                    1d:35:18:13:44:f6:1e:01:d1:79:1b:d9:50:53:ed:
                    84:5a:fb:f6:51:7b:fb:1e:3b:5f:44:3d:04:9f:a8:
                    3f:59:58:42:29:f8:67:d1:94:83:bb:4e:08:ab:69:
                    53:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:93:81:4E:82:CB:C3:9A:6F:BE:52:8C:98:94:1C:28:A5:10:D8:9F
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/p5OBToLLw5pvvlKMmJQcKKUQ2J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:84:93:2e:19:05:5d:b0:56:18:dd:6f:2f:6c:bc:15:6a:ce:
         a5:66:bb:3b:db:8f:6b:d0:e7:ff:92:63:73:4d:af:80:47:a3:
         3f:e9:cf:ce:f1:76:b5:a7:24:22:d8:cb:06:54:80:3a:41:ec:
         8b:ae:c5:45:07:b3:f1:8d:82:ae:ee:56:40:9b:c9:5a:f0:cc:
         49:f5:99:c4:e7:64:d5:94:ee:2f:de:26:a1:c1:b9:4a:18:94:
         e5:c4:ce:31:55:75:79:2f:23:22:dd:1a:ba:b2:1a:99:57:03:
         b1:08:73:b9:f7:21:24:7d:0f:e4:0c:0a:fd:12:a3:d2:67:7e:
         d7:3b:be:bf:60:65:05:11:c6:4f:93:2e:ea:37:36:b6:87:b6:
         21:fb:21:cc:06:02:2b:9a:06:93:7a:bd:ea:90:d7:87:46:23:
         57:54:8f:ae:be:f2:f2:1c:76:cd:6e:9b:9a:e3:00:e9:e7:d1:
         e1:b0:74:1e:74:34:c1:ef:7a:07:b6:57:e3:bc:e6:8f:84:dd:
         aa:01:04:67:36:48:15:78:96:18:6a:ee:87:8c:f7:65:74:00:
         d9:0d:a6:cb:7e:cc:e6:be:d5:f8:06:6d:96:cd:a5:24:a5:aa:
         50:8a:e3:c6:73:45:7a:02:55:56:7e:cc:34:9f:5f:6d:9c:de:
         9d:2e:36:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJrhooM+4tClJegKoSAaINeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQxMDA4MDk0NzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzkzODE0ZTgyY2JjMzlhNmZiZTUyOGM5ODk0MWMyOGE1MTBkODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SKs7URMDdlItbch5Y+uS4TH6gHh
TIGRrfweZfATbduIrPykFb2JfxfUZVxDwL6PWxiktpyqHeFBCgMOayjFwjjzGsSO
FQUPoglHJ1pH/vywFRgn4fPgcNm0AVmW9SvZbhNgZecVCov3dsvB+qiOzw2kXUNo
RSIIYG+zM0mnCA3lo1kWZLjsdjNVmkRcHwt8gQy7StCy6Pv0n+EkDtmAuyGWg8Re
1YMy05kX4ZUMbtYrGsla2xpKjtZMlygNxKxNbJIiwJsHomEClmGcWGle6YcdNRgT
RPYeAdF5G9lQU+2EWvv2UXv7HjtfRD0En6g/WVhCKfhn0ZSDu04Iq2lTgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeTgU6Cy8Oab75SjJiUHCilENifMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvcDVPQlRvTEx3NXB2dmxLTW1KUWNLS1VRMko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIbMA0G
CSqGSIb3DQEBCwUAA4IBAQCOhJMuGQVdsFYY3W8vbLwVas6lZrs7249r0Of/kmNz
Ta+AR6M/6c/O8Xa1pyQi2MsGVIA6QeyLrsVFB7PxjYKu7lZAm8la8MxJ9ZnE52TV
lO4v3iahwblKGJTlxM4xVXV5LyMi3Rq6shqZVwOxCHO59yEkfQ/kDAr9EqPSZ37X
O76/YGUFEcZPky7qNza2h7Yh+yHMBgIrmgaTer3qkNeHRiNXVI+uvvLyHHbNbpua
4wDp59HhsHQedDTB73oHtlfjvOaPhN2qAQRnNkgVeJYYau6HjPdldADZDabLfszm
vtX4Bm2WzaUkpapQiuPGc0V6AlVWfsw0n19tnN6dLjZr
-----END CERTIFICATE-----