Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/qaPWFc8W4DHYDBR4lTSF2V3DUE4.roa
File:                     qaPWFc8W4DHYDBR4lTSF2V3DUE4.roa (raw, json)
Hash identifier:          xnbDjFAfr5Kvy9hpNdoqK7W1S/GekZWZT8BX+UHZFr4=
Subject key identifier:   A9:A3:D6:15:CF:16:E0:31:D8:0C:14:78:95:34:85:D9:5D:C3:50:4E
Certificate issuer:       /CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Certificate serial:       018CC7274F71DCC9CC755FBEF392A3EFABB7
Authority key identifier: E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/qaPWFc8W4DHYDBR4lTSF2V3DUE4.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204320
IP address blocks:        188.74.39.0/24 maxlen: 24
                          2a03:4b27:f000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4f:71:dc:c9:cc:75:5f:be:f3:92:a3:ef:ab:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9a3d615cf16e031d80c1478953485d95dc3504e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8e:21:32:9b:5e:3c:60:45:1a:d6:d9:fb:91:
                    7e:70:09:75:8a:62:2e:da:c6:bc:4e:62:e1:ac:4f:
                    11:d8:1f:06:44:bc:23:81:e4:b6:95:c2:1e:fd:73:
                    12:f1:77:7c:29:3b:b1:66:3b:a2:70:49:09:58:e6:
                    66:7b:47:15:83:db:c7:f3:d1:4b:84:20:35:de:e2:
                    52:23:5c:f6:ba:7a:d1:d9:d6:a8:5c:4b:46:6e:42:
                    55:e0:7b:1d:09:c7:dc:20:a6:e6:e9:80:bf:77:6a:
                    3a:78:62:79:f3:c7:ee:8c:94:df:92:3b:23:1e:4b:
                    22:74:1f:34:f4:13:b6:db:b0:12:18:d5:38:96:a7:
                    8d:09:98:dd:94:24:5a:f6:78:f3:79:45:5e:97:a8:
                    93:c1:d3:d0:12:d6:54:ba:7e:bc:24:68:37:f3:5c:
                    b1:db:bc:25:40:6c:f2:7b:3c:15:b0:b1:3e:65:b8:
                    6c:4f:19:97:54:42:07:a7:81:f9:85:66:88:b1:f8:
                    c8:cc:f9:5c:9f:27:08:38:0f:1e:74:57:88:e9:af:
                    3a:07:09:f3:f2:dd:a8:a6:8d:45:a0:c3:37:10:8e:
                    68:de:a6:58:a5:d3:a6:d4:6f:96:60:66:47:eb:fa:
                    21:8b:04:bd:7e:16:8a:77:05:96:40:85:e9:3a:94:
                    6f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A3:D6:15:CF:16:E0:31:D8:0C:14:78:95:34:85:D9:5D:C3:50:4E
            X509v3 Authority Key Identifier:
                keyid:E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/qaPWFc8W4DHYDBR4lTSF2V3DUE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.74.39.0/24
                IPv6:
                  2a03:4b27:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         20:35:c5:00:36:d4:7a:83:8f:d5:72:c6:8b:19:f0:83:0c:99:
         1e:0f:43:10:a4:de:3a:cb:8b:56:de:6d:12:61:4d:3f:11:98:
         c6:97:62:31:9d:7f:77:fb:f7:6b:d6:2d:9f:89:26:f1:1f:0c:
         ed:51:14:44:5c:78:13:85:10:10:1b:8b:df:f2:65:df:c6:a4:
         18:19:55:c7:23:e8:65:f4:2c:fa:ee:0d:e3:a0:43:a6:2f:25:
         ac:de:be:d4:e1:99:e1:bd:a5:fc:10:34:83:ad:53:fe:21:46:
         b9:d5:47:b0:4a:aa:cf:7c:ca:52:15:e9:1c:22:76:3a:9a:a1:
         ad:d6:7f:bd:5f:f4:89:c5:6e:60:99:58:8f:3b:ac:6a:03:df:
         f1:87:aa:54:75:ff:65:a3:dd:ef:23:be:84:a9:75:37:77:c5:
         d7:a1:38:33:35:87:30:9f:3b:ae:84:42:f7:20:3f:8c:1b:a9:
         93:af:5e:c8:40:02:cc:3c:0d:a7:04:4a:aa:6e:11:41:7b:76:
         a9:93:4e:cd:02:d8:5a:43:23:5e:3d:a3:ad:25:4d:e8:cc:7d:
         bc:69:84:5e:d6:a3:7f:f1:aa:f6:dc:7f:84:fe:f7:d6:b4:bd:
         db:44:73:c9:b0:e0:8e:88:e0:9c:a8:9c:3d:03:fb:dc:da:df:
         74:f3:9f:e7
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJ09x3MnMdV++85Kj76u3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOWYxYTZlODRjMDI3N2VmY2I1NmQ5NDJiMGViNWU0NTY0
NzExMjkwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWEzZDYxNWNmMTZlMDMxZDgwYzE0Nzg5NTM0ODVkOTVkYzM1MDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj44hMptePGBFGtbZ+5F+cAl1imIu
2sa8TmLhrE8R2B8GRLwjgeS2lcIe/XMS8Xd8KTuxZjuicEkJWOZme0cVg9vH89FL
hCA13uJSI1z2unrR2daoXEtGbkJV4HsdCcfcIKbm6YC/d2o6eGJ588fujJTfkjsj
HksidB809BO227ASGNU4lqeNCZjdlCRa9njzeUVel6iTwdPQEtZUun68JGg381yx
27wlQGzyezwVsLE+ZbhsTxmXVEIHp4H5hWaIsfjIzPlcnycIOA8edFeI6a86Bwnz
8t2opo1FoMM3EI5o3qZYpdOm1G+WYGZH6/ohiwS9fhaKdwWWQIXpOpRvTwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKmj1hXPFuAx2AwUeJU0hdldw1BOMB8GA1UdIwQY
MBaAFOOfGm6EwCd+/LVtlCsOteRWRxEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMt
MGU1MzkyNzU3ZjgyLzEvcWFQV0ZjOFc0REhZREJSNGxUU0YyVjNEVUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMtMGU1MzkyNzU3Zjgy
LzEvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAvEonMA4E
AgACMAgDBgQqA0sn8DANBgkqhkiG9w0BAQsFAAOCAQEAIDXFADbUeoOP1XLGixnw
gwyZHg9DEKTeOsuLVt5tEmFNPxGYxpdiMZ1/d/v3a9Ytn4km8R8M7VEURFx4E4UQ
EBuL3/Jl38akGBlVxyPoZfQs+u4N46BDpi8lrN6+1OGZ4b2l/BA0g61T/iFGudVH
sEqqz3zKUhXpHCJ2OpqhrdZ/vV/0icVuYJlYjzusagPf8YeqVHX/ZaPd7yO+hKl1
N3fF16E4MzWHMJ87roRC9yA/jBupk69eyEACzDwNpwRKqm4RQXt2qZNOzQLYWkMj
Xj2jrSVN6Mx9vGmEXtajf/Gq9tx/hP731rS920RzybDgjojgnKicPQP73NrfdPOf
5w==
-----END CERTIFICATE-----