Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/w1G2WgRwg5TMv1o-ctrHxpnkGg8.roa
File:                     w1G2WgRwg5TMv1o-ctrHxpnkGg8.roa (raw, json)
Hash identifier:          agU6Qqy0fnivl3H4SG64+Hxp9Tp7KmPmlQXRx4PQep0=
Subject key identifier:   C3:51:B6:5A:04:70:83:94:CC:BF:5A:3E:72:DA:C7:C6:99:E4:1A:0F
Certificate issuer:       /CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Certificate serial:       019427B64274B9C8665B5315CB0723FE0AAD
Authority key identifier: E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/w1G2WgRwg5TMv1o-ctrHxpnkGg8.roa
Signing time:             Thu 02 Jan 2025 15:50:43 +0000
ROA not before:           Thu 02 Jan 2025 15:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204320
IP address blocks:        188.74.39.0/24 maxlen: 24
                          2a03:4b27:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:42:74:b9:c8:66:5b:53:15:cb:07:23:fe:0a:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
        Validity
            Not Before: Jan  2 15:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c351b65a04708394ccbf5a3e72dac7c699e41a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:1c:05:76:0b:42:89:e5:43:d2:ef:8e:40:b7:
                    a7:81:90:38:82:22:df:64:d5:f4:df:77:a7:5d:62:
                    39:15:af:b2:94:b8:64:78:4f:8a:66:7a:0d:6f:7f:
                    cf:7f:85:81:b4:9a:1e:08:be:4e:d9:1d:53:ac:43:
                    77:2a:8d:0c:f0:5c:83:24:24:de:72:c5:bb:66:77:
                    20:48:d6:db:4c:f5:5a:70:9d:6a:26:22:4f:0d:11:
                    f8:98:53:5c:b8:79:3e:b4:8a:62:6b:90:cc:68:94:
                    77:62:5d:de:68:4e:ba:4c:b4:86:62:4b:95:54:2b:
                    83:ca:13:4a:c1:9b:db:a4:4e:0e:a1:df:6e:d4:44:
                    64:00:45:5a:73:04:54:60:5e:92:29:7f:fd:3d:65:
                    40:a4:bd:e9:4f:62:b6:21:bd:03:02:40:45:80:37:
                    72:83:51:3b:45:c1:3d:9d:c9:ee:05:b4:03:fa:18:
                    89:ec:78:e3:78:83:15:f5:e8:77:bc:f8:47:cb:8c:
                    2a:4c:df:04:a0:cc:65:5d:ee:a6:90:66:18:6a:66:
                    06:aa:8c:70:9d:58:05:cc:5a:dd:45:f9:1e:ff:eb:
                    28:5c:c4:f5:04:08:8f:62:c3:d6:2a:23:19:ad:5a:
                    5a:b9:48:62:a8:a5:2c:2b:76:12:58:e1:b6:ce:ae:
                    cd:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:51:B6:5A:04:70:83:94:CC:BF:5A:3E:72:DA:C7:C6:99:E4:1A:0F
            X509v3 Authority Key Identifier:
                keyid:E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/w1G2WgRwg5TMv1o-ctrHxpnkGg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.74.39.0/24
                IPv6:
                  2a03:4b27:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         62:f1:ec:80:26:b3:e4:51:b0:7b:eb:2e:58:a3:de:b7:c3:84:
         f6:99:b9:da:40:05:6b:00:f1:2c:d7:f5:ff:30:94:6e:b3:dd:
         29:4a:c3:5d:da:d9:62:76:49:f4:fb:f8:be:84:4f:3d:0b:3c:
         26:52:4d:0e:4c:e1:61:df:e3:57:f8:8b:2e:10:8e:a2:53:45:
         0c:d1:95:61:6a:1d:2a:7b:a7:d0:ff:91:d6:49:f7:25:49:bf:
         01:7b:e3:54:3e:a4:30:93:ae:72:c1:1d:78:8b:a4:d2:e2:e0:
         e3:0f:9d:80:f0:0e:d8:e0:97:5d:78:48:12:f0:68:22:24:4f:
         d2:ff:92:cc:4d:e2:b6:d6:87:73:14:44:63:6c:d9:85:6d:ee:
         b8:3b:54:c4:fb:36:6e:91:cc:97:9d:73:2f:7a:62:b3:56:06:
         8f:74:15:b4:a4:7a:67:3f:7f:db:6f:05:d6:23:48:84:cd:4e:
         f1:49:e2:f8:91:a2:67:b2:c1:50:62:cd:ea:bd:3d:51:50:0b:
         19:bb:3a:84:05:33:ce:30:26:c5:28:c1:90:00:74:36:49:b7:
         8f:2a:6c:fa:fc:ee:1d:00:96:6f:d6:38:b2:e1:ed:d3:5b:f9:
         ea:14:51:2a:1a:28:86:66:f6:ef:7d:79:3c:c7:ce:a8:66:af:
         2f:ed:82:13
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQntkJ0uchmW1MVywcj/gqtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOWYxYTZlODRjMDI3N2VmY2I1NmQ5NDJiMGViNWU0NTY0
NzExMjkwHhcNMjUwMTAyMTU1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzUxYjY1YTA0NzA4Mzk0Y2NiZjVhM2U3MmRhYzdjNjk5ZTQxYTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hwFdgtCieVD0u+OQLengZA4giLf
ZNX033enXWI5Fa+ylLhkeE+KZnoNb3/Pf4WBtJoeCL5O2R1TrEN3Ko0M8FyDJCTe
csW7ZncgSNbbTPVacJ1qJiJPDRH4mFNcuHk+tIpia5DMaJR3Yl3eaE66TLSGYkuV
VCuDyhNKwZvbpE4Ood9u1ERkAEVacwRUYF6SKX/9PWVApL3pT2K2Ib0DAkBFgDdy
g1E7RcE9ncnuBbQD+hiJ7HjjeIMV9eh3vPhHy4wqTN8EoMxlXe6mkGYYamYGqoxw
nVgFzFrdRfke/+soXMT1BAiPYsPWKiMZrVpauUhiqKUsK3YSWOG2zq7NxQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMNRtloEcIOUzL9aPnLax8aZ5BoPMB8GA1UdIwQY
MBaAFOOfGm6EwCd+/LVtlCsOteRWRxEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMt
MGU1MzkyNzU3ZjgyLzEvdzFHMldnUndnNVRNdjFvLWN0ckh4cG5rR2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMtMGU1MzkyNzU3Zjgy
LzEvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAvEonMA4E
AgACMAgDBgQqA0sn8DANBgkqhkiG9w0BAQsFAAOCAQEAYvHsgCaz5FGwe+suWKPe
t8OE9pm52kAFawDxLNf1/zCUbrPdKUrDXdrZYnZJ9Pv4voRPPQs8JlJNDkzhYd/j
V/iLLhCOolNFDNGVYWodKnun0P+R1kn3JUm/AXvjVD6kMJOucsEdeIuk0uLg4w+d
gPAO2OCXXXhIEvBoIiRP0v+SzE3ittaHcxREY2zZhW3uuDtUxPs2bpHMl51zL3pi
s1YGj3QVtKR6Zz9/228F1iNIhM1O8Uni+JGiZ7LBUGLN6r09UVALGbs6hAUzzjAm
xSjBkAB0Nkm3jyps+vzuHQCWb9Y4suHt01v56hRRKhoohmb27315PMfOqGavL+2C
Ew==
-----END CERTIFICATE-----