Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/3SVlUMhwEG7pV3wlybr__7X3jC0.roa
File:                     3SVlUMhwEG7pV3wlybr__7X3jC0.roa (raw, json)
Hash identifier:          ui/pS186F0FocD+jUAGnMdk5zqID1IhV4mXNTYP6ZTQ=
Subject key identifier:   DD:25:65:50:C8:70:10:6E:E9:57:7C:25:C9:BA:FF:FF:B5:F7:8C:2D
Certificate issuer:       /CN=34e4f60b0e508726dde68c1c255d04bd21a3a183
Certificate serial:       018CC5DC4AD5AE5CE963618C2F3C85817A04
Authority key identifier: 34:E4:F6:0B:0E:50:87:26:DD:E6:8C:1C:25:5D:04:BD:21:A3:A1:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NOT2Cw5Qhybd5owcJV0EvSGjoYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/3SVlUMhwEG7pV3wlybr__7X3jC0.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197086
IP address blocks:        91.217.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/NOT2Cw5Qhybd5owcJV0EvSGjoYM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/NOT2Cw5Qhybd5owcJV0EvSGjoYM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NOT2Cw5Qhybd5owcJV0EvSGjoYM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4a:d5:ae:5c:e9:63:61:8c:2f:3c:85:81:7a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34e4f60b0e508726dde68c1c255d04bd21a3a183
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd256550c870106ee9577c25c9baffffb5f78c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3b:4f:be:8b:c6:e9:65:af:ad:03:b3:ad:71:
                    63:96:ea:62:a3:cc:77:f2:86:c8:92:ef:98:45:c5:
                    a0:96:ec:0a:6d:e9:60:88:8b:64:60:a5:09:07:59:
                    3b:e7:53:15:1e:4a:e8:f8:8b:ee:ed:98:34:e3:2d:
                    5c:99:05:03:5d:ce:45:c3:2a:0a:d7:15:e1:f6:90:
                    f2:63:e3:a0:18:8d:a0:8c:20:0a:a4:95:d4:72:06:
                    48:03:6d:18:5b:c6:4b:7a:16:7d:cf:64:cf:e4:ac:
                    fd:36:2e:65:30:af:0d:80:0b:35:b6:31:23:7b:e3:
                    2f:33:3b:7d:09:57:fd:57:db:6f:15:37:e8:f6:35:
                    34:20:22:04:f5:a7:f6:ca:a0:91:64:75:a1:6e:2c:
                    cb:30:08:fb:bc:82:15:20:9e:16:0a:91:35:c3:21:
                    43:ba:35:50:22:8d:22:b2:bc:6a:71:aa:3d:e1:92:
                    ff:d9:9e:db:3f:a1:a1:03:e6:a6:d3:29:21:55:7c:
                    dd:55:4a:a3:e8:5e:5c:1a:ea:68:ca:15:fb:eb:44:
                    02:4c:08:25:1e:ce:27:7a:2f:cb:24:63:e7:13:3f:
                    20:0f:4b:14:21:8d:96:70:c8:4f:e3:eb:86:51:87:
                    c9:e9:2b:31:9b:40:34:93:eb:de:cb:2e:8a:a2:8d:
                    6a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:25:65:50:C8:70:10:6E:E9:57:7C:25:C9:BA:FF:FF:B5:F7:8C:2D
            X509v3 Authority Key Identifier:
                keyid:34:E4:F6:0B:0E:50:87:26:DD:E6:8C:1C:25:5D:04:BD:21:A3:A1:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NOT2Cw5Qhybd5owcJV0EvSGjoYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/3SVlUMhwEG7pV3wlybr__7X3jC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/af3da0-af92-41b8-87bf-d58b094df06c/1/NOT2Cw5Qhybd5owcJV0EvSGjoYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:74:ae:72:e4:22:1b:f6:74:37:22:e0:5e:a3:36:5e:5c:83:
         62:f5:50:d8:a0:a7:02:26:9b:56:ef:6f:56:57:91:1c:b6:27:
         64:5b:91:9c:b4:39:41:8e:96:60:57:6a:22:3c:2c:d5:2a:de:
         7c:91:5c:58:ed:cb:df:dd:bb:1e:ca:70:2a:f1:44:09:02:75:
         f6:d6:0d:0f:b1:7e:e1:f7:de:ce:04:cb:b1:60:46:18:80:e0:
         a1:5c:b1:de:a3:63:40:a4:98:d7:82:89:79:f3:e9:1c:dd:52:
         7d:cf:7b:34:b2:f5:9b:7e:a2:f6:24:10:67:38:a7:a4:87:ae:
         84:db:42:3a:d4:a8:5c:6d:d0:ab:d3:2a:a8:f5:ad:45:bc:e6:
         46:d5:52:b0:c6:4a:f5:c7:44:5c:58:41:21:49:06:49:02:87:
         71:71:f7:4d:ef:02:af:2e:07:ec:de:ae:f1:9a:ba:4c:a2:f6:
         5f:13:14:b6:0f:28:a3:eb:e5:2a:ff:fa:d3:f4:da:05:12:f9:
         ae:f7:48:14:d9:c1:ea:bf:34:57:5e:ce:07:fe:06:c3:9e:cf:
         c9:43:2a:ab:a4:37:0b:40:35:90:36:18:89:37:79:93:b2:58:
         8e:3c:26:77:5b:de:37:26:ff:b6:8e:f5:c9:d7:41:bd:28:c5:
         19:db:76:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ErVrlzpY2GMLzyFgXoEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZTRmNjBiMGU1MDg3MjZkZGU2OGMxYzI1NWQwNGJkMjFh
M2ExODMwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDI1NjU1MGM4NzAxMDZlZTk1NzdjMjVjOWJhZmZmZmI1Zjc4YzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljtPvovG6WWvrQOzrXFjlupio8x3
8obIku+YRcWgluwKbelgiItkYKUJB1k751MVHkro+Ivu7Zg04y1cmQUDXc5FwyoK
1xXh9pDyY+OgGI2gjCAKpJXUcgZIA20YW8ZLehZ9z2TP5Kz9Ni5lMK8NgAs1tjEj
e+MvMzt9CVf9V9tvFTfo9jU0ICIE9af2yqCRZHWhbizLMAj7vIIVIJ4WCpE1wyFD
ujVQIo0isrxqcao94ZL/2Z7bP6GhA+am0ykhVXzdVUqj6F5cGupoyhX760QCTAgl
Hs4nei/LJGPnEz8gD0sUIY2WcMhP4+uGUYfJ6Ssxm0A0k+veyy6Koo1qRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0lZVDIcBBu6Vd8Jcm6//+194wtMB8GA1UdIwQY
MBaAFDTk9gsOUIcm3eaMHCVdBL0ho6GDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk9UMkN3NVFoeWJkNW93Y0pWMEV2U0dqb1lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9hZjNkYTAtYWY5Mi00MWI4LTg3YmYt
ZDU4YjA5NGRmMDZjLzEvM1NWbFVNaHdFRzdwVjN3bHlicl9fN1gzakMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9hZjNkYTAtYWY5Mi00MWI4LTg3YmYtZDU4YjA5NGRmMDZj
LzEvTk9UMkN3NVFoeWJkNW93Y0pWMEV2U0dqb1lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nNMA0G
CSqGSIb3DQEBCwUAA4IBAQCsdK5y5CIb9nQ3IuBeozZeXINi9VDYoKcCJptW729W
V5EctidkW5GctDlBjpZgV2oiPCzVKt58kVxY7cvf3bseynAq8UQJAnX21g0PsX7h
997OBMuxYEYYgOChXLHeo2NApJjXgol58+kc3VJ9z3s0svWbfqL2JBBnOKekh66E
20I61KhcbdCr0yqo9a1FvOZG1VKwxkr1x0RcWEEhSQZJAodxcfdN7wKvLgfs3q7x
mrpMovZfExS2Dyij6+Uq//rT9NoFEvmu90gU2cHqvzRXXs4H/gbDns/JQyqrpDcL
QDWQNhiJN3mTsliOPCZ3W943Jv+2jvXJ10G9KMUZ23YM
-----END CERTIFICATE-----