Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/s-sL5wT32taHauUGptZDQ8bJgP4.roa
File:                     s-sL5wT32taHauUGptZDQ8bJgP4.roa (raw, json)
Hash identifier:          3roMJQDeGMcuay4MzIwtKwbCGU0o/jeBJESEuIo5kS8=
Subject key identifier:   B3:EB:0B:E7:04:F7:DA:D6:87:6A:E5:06:A6:D6:43:43:C6:C9:80:FE
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018EE5D10FB3E50F324D3D30F0BEB8055118
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/s-sL5wT32taHauUGptZDQ8bJgP4.roa
Signing time:             Tue 16 Apr 2024 07:31:07 +0000
ROA not before:           Tue 16 Apr 2024 07:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        188.66.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e5:d1:0f:b3:e5:0f:32:4d:3d:30:f0:be:b8:05:51:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Apr 16 07:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3eb0be704f7dad6876ae506a6d64343c6c980fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:46:cc:dc:10:7e:35:6c:e2:a2:ad:12:36:35:
                    dc:29:bd:a8:54:7f:03:60:1a:4e:d3:7f:28:c5:e3:
                    8f:71:14:85:d2:0b:0f:91:df:2c:9b:1b:a0:19:5d:
                    40:41:69:dc:37:cc:63:07:49:d0:b2:d6:d1:a5:59:
                    bf:ee:31:c0:77:42:3c:50:f0:08:7c:c3:29:b8:67:
                    37:74:ab:80:39:d9:2d:d7:71:30:e0:13:1e:7e:cf:
                    27:ea:52:af:4f:94:2b:d1:fd:84:8b:33:29:a8:c5:
                    b0:c8:15:6a:e5:2e:43:05:23:6a:10:35:22:72:ec:
                    b6:d7:44:ae:df:4d:66:37:08:a5:e0:31:34:aa:8f:
                    3a:8e:3f:77:53:99:8d:d8:91:42:b8:18:a6:b6:c2:
                    36:c9:1b:61:df:18:bd:ce:dd:62:2e:eb:39:01:a0:
                    a8:02:e4:29:b4:47:cd:f8:70:14:e4:cd:bb:aa:f1:
                    55:0e:e7:99:75:21:db:42:69:94:a3:30:04:57:54:
                    c5:2a:0f:7d:29:6a:62:ce:3d:fc:7f:ec:47:b9:e4:
                    72:92:11:ff:22:d9:d5:9f:f3:1d:23:5b:8a:11:91:
                    9b:1b:47:d9:b5:26:d0:53:bc:2d:0c:0f:a1:e0:02:
                    fd:c8:51:c4:c0:91:c7:86:a7:0f:3b:d3:49:ea:8d:
                    7d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:EB:0B:E7:04:F7:DA:D6:87:6A:E5:06:A6:D6:43:43:C6:C9:80:FE
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/s-sL5wT32taHauUGptZDQ8bJgP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:cd:43:f5:5d:2b:f0:6f:12:0c:e3:c1:51:cb:eb:44:da:99:
         86:97:61:79:75:03:54:fb:4a:1f:1f:7e:7e:08:af:89:94:6f:
         45:70:1a:4e:12:a3:1a:12:c9:12:62:21:c0:26:5f:4e:c0:7c:
         40:fc:0f:08:f8:f9:7b:11:1b:69:20:86:36:20:8c:fc:2a:f3:
         8f:87:90:c8:e2:fb:cc:25:fa:33:62:61:d1:ad:fa:d1:71:ad:
         3a:54:da:b3:5f:dd:b8:57:43:3c:5c:0a:ee:ec:d3:09:c3:c7:
         e2:72:c9:b5:79:f5:3c:71:9e:cc:85:bf:d8:c7:a2:b0:82:c6:
         15:cd:ca:8b:c1:cb:64:bf:1e:95:14:32:0b:16:e0:32:6c:5e:
         1c:b7:53:7f:df:f9:9c:9d:e5:f0:bd:aa:b0:2d:07:23:30:c7:
         a4:a1:a6:5c:fa:78:63:e6:ed:89:a6:d5:51:73:ea:e8:b0:4a:
         8a:67:51:15:04:90:e1:2a:9e:e1:bb:7a:46:05:e4:6a:af:8a:
         0e:bb:dd:0f:87:6f:b9:56:e5:14:55:61:11:49:72:ef:c2:9d:
         76:07:b3:3a:6c:f6:55:d8:c5:34:aa:25:4e:a7:a9:b2:20:b0:
         ba:e7:b1:98:47:32:15:7b:e6:33:75:40:6e:b0:94:6d:53:4b:
         f1:d3:f1:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7l0Q+z5Q8yTT0w8L64BVEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwNDE2MDczMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2ViMGJlNzA0ZjdkYWQ2ODc2YWU1MDZhNmQ2NDM0M2M2Yzk4MGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUbM3BB+NWzioq0SNjXcKb2oVH8D
YBpO038oxeOPcRSF0gsPkd8smxugGV1AQWncN8xjB0nQstbRpVm/7jHAd0I8UPAI
fMMpuGc3dKuAOdkt13Ew4BMefs8n6lKvT5Qr0f2EizMpqMWwyBVq5S5DBSNqEDUi
cuy210Su301mNwil4DE0qo86jj93U5mN2JFCuBimtsI2yRth3xi9zt1iLus5AaCo
AuQptEfN+HAU5M27qvFVDueZdSHbQmmUozAEV1TFKg99KWpizj38f+xHueRykhH/
ItnVn/MdI1uKEZGbG0fZtSbQU7wtDA+h4AL9yFHEwJHHhqcPO9NJ6o19cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPrC+cE99rWh2rlBqbWQ0PGyYD+MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvcy1zTDV3VDMydGFIYXVVR3B0WkRROGJKZ1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIaMA0G
CSqGSIb3DQEBCwUAA4IBAQCozUP1XSvwbxIM48FRy+tE2pmGl2F5dQNU+0ofH35+
CK+JlG9FcBpOEqMaEskSYiHAJl9OwHxA/A8I+Pl7ERtpIIY2IIz8KvOPh5DI4vvM
JfozYmHRrfrRca06VNqzX924V0M8XAru7NMJw8ficsm1efU8cZ7Mhb/Yx6KwgsYV
zcqLwctkvx6VFDILFuAybF4ct1N/3/mcneXwvaqwLQcjMMekoaZc+nhj5u2JptVR
c+rosEqKZ1EVBJDhKp7hu3pGBeRqr4oOu90Ph2+5VuUUVWERSXLvwp12B7M6bPZV
2MU0qiVOp6myILC657GYRzIVe+YzdUBusJRtU0vx0/H5
-----END CERTIFICATE-----