Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/t_rVk3c-j9XvEsul0sWKvhf2Mwk.roa
File:                     t_rVk3c-j9XvEsul0sWKvhf2Mwk.roa (raw, json)
Hash identifier:          EhAqGHmfLqA2sCQH3IdVFTDjPB0HqI9gM1ScMJUsIZo=
Subject key identifier:   B7:FA:D5:93:77:3E:8F:D5:EF:12:CB:A5:D2:C5:8A:BE:17:F6:33:09
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0192726D82CC5D1951E05EB634C898C44C83
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/t_rVk3c-j9XvEsul0sWKvhf2Mwk.roa
Signing time:             Wed 09 Oct 2024 17:57:12 +0000
ROA not before:           Wed 09 Oct 2024 17:57:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        188.66.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:72:6d:82:cc:5d:19:51:e0:5e:b6:34:c8:98:c4:4c:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Oct  9 17:57:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7fad593773e8fd5ef12cba5d2c58abe17f63309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:97:b8:7b:93:8f:d1:ec:f5:73:06:58:08:dc:
                    86:d1:c7:4a:fc:0c:b2:4d:ca:24:57:17:4a:52:b4:
                    0d:a9:93:be:12:0c:fd:18:f1:eb:99:c7:1f:d9:2b:
                    0c:6c:b2:01:5b:82:36:35:e4:e6:ea:e1:81:87:3e:
                    a9:ab:79:ee:12:15:cf:b2:9d:20:2b:a5:e6:ca:84:
                    20:bf:9f:89:7c:83:7d:1a:d6:34:89:03:92:52:dc:
                    03:59:8a:fb:95:db:eb:85:92:14:c9:f4:91:55:cc:
                    71:09:c5:ae:bd:28:df:96:d0:7a:0f:24:13:d6:e7:
                    c4:96:aa:57:c6:23:e4:3d:2c:4d:78:b9:c0:4d:5b:
                    87:6a:32:e3:a1:de:a5:f8:83:f8:f8:0d:3e:2a:0c:
                    2f:32:f8:00:50:35:5e:83:e8:08:d2:3e:d4:28:2c:
                    34:b1:a1:96:56:fe:27:5d:db:75:ca:6d:16:21:41:
                    9c:43:6f:d8:48:20:78:63:56:56:c2:d2:26:c0:b0:
                    94:3a:1e:be:9b:8b:0f:9f:d8:31:43:98:42:9a:82:
                    24:fe:4c:91:36:9a:dd:cf:03:92:81:ee:2a:8c:3c:
                    78:8c:34:ea:0d:61:33:82:a4:6e:15:92:a5:e2:df:
                    bd:51:2c:cf:c9:75:28:f7:75:03:c5:bb:eb:f3:8a:
                    e0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:FA:D5:93:77:3E:8F:D5:EF:12:CB:A5:D2:C5:8A:BE:17:F6:33:09
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/t_rVk3c-j9XvEsul0sWKvhf2Mwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:8c:d8:aa:48:e5:78:9b:eb:24:47:57:b1:c7:49:14:d7:19:
         a6:b7:5e:f6:e7:9d:7f:ad:24:34:d2:7d:02:60:e0:af:5f:54:
         23:8f:79:6a:ab:04:45:95:4f:92:7c:f4:37:83:6f:18:73:10:
         df:5e:c9:50:bf:26:49:b4:71:e0:b2:bc:ba:18:33:ab:c1:21:
         fb:0d:8a:18:a8:86:1d:77:62:1c:c1:cb:e1:0c:f1:3a:75:7b:
         09:97:5d:49:c8:50:22:9f:91:30:85:24:55:ea:0d:18:9c:af:
         af:c6:5c:b1:93:cf:e8:49:a1:41:dc:0e:74:4e:aa:71:ce:5a:
         39:2f:73:4e:ae:ea:8e:a4:57:dc:ef:74:94:3b:4a:71:16:d6:
         e5:5c:70:e9:8c:01:6a:da:78:60:05:a2:3b:fb:7b:fc:de:32:
         5b:9d:05:8d:0b:64:ea:2e:1d:12:42:7c:89:bc:5e:19:fc:bc:
         f2:38:97:1a:16:1a:09:67:ee:32:0a:57:37:e4:dd:05:e3:df:
         9d:52:0e:10:48:51:89:4b:16:98:b6:5a:98:11:e9:5b:39:ca:
         2c:c3:b0:3e:ac:93:0d:bc:dc:05:9d:c9:e3:e6:dc:90:1d:7d:
         db:d0:6d:5f:c7:cd:ea:02:20:75:48:11:b2:15:9a:7d:53:cc:
         22:07:87:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJybYLMXRlR4F62NMiYxEyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQxMDA5MTc1NzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2ZhZDU5Mzc3M2U4ZmQ1ZWYxMmNiYTVkMmM1OGFiZTE3ZjYzMzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Je4e5OP0ez1cwZYCNyG0cdK/Ayy
TcokVxdKUrQNqZO+Egz9GPHrmccf2SsMbLIBW4I2NeTm6uGBhz6pq3nuEhXPsp0g
K6XmyoQgv5+JfIN9GtY0iQOSUtwDWYr7ldvrhZIUyfSRVcxxCcWuvSjfltB6DyQT
1ufElqpXxiPkPSxNeLnATVuHajLjod6l+IP4+A0+KgwvMvgAUDVeg+gI0j7UKCw0
saGWVv4nXdt1ym0WIUGcQ2/YSCB4Y1ZWwtImwLCUOh6+m4sPn9gxQ5hCmoIk/kyR
NprdzwOSge4qjDx4jDTqDWEzgqRuFZKl4t+9USzPyXUo93UDxbvr84rgzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLf61ZN3Po/V7xLLpdLFir4X9jMJMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvdF9yVmszYy1qOVh2RXN1bDBzV0t2aGYyTXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIZMA0G
CSqGSIb3DQEBCwUAA4IBAQBhjNiqSOV4m+skR1exx0kU1xmmt172551/rSQ00n0C
YOCvX1Qjj3lqqwRFlU+SfPQ3g28YcxDfXslQvyZJtHHgsry6GDOrwSH7DYoYqIYd
d2IcwcvhDPE6dXsJl11JyFAin5EwhSRV6g0YnK+vxlyxk8/oSaFB3A50Tqpxzlo5
L3NOruqOpFfc73SUO0pxFtblXHDpjAFq2nhgBaI7+3v83jJbnQWNC2TqLh0SQnyJ
vF4Z/LzyOJcaFhoJZ+4yClc35N0F49+dUg4QSFGJSxaYtlqYEelbOcosw7A+rJMN
vNwFncnj5tyQHX3b0G1fx83qAiB1SBGyFZp9U8wiB4dk
-----END CERTIFICATE-----