Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/SRe5U6xfMvljIQdriCAN0I5HsZw.roa
File:                     SRe5U6xfMvljIQdriCAN0I5HsZw.roa (raw, json)
Hash identifier:          q4kBl9STjyY8/TkFWNKya+BNT+MH+oUHQTwAcWBuXWM=
Subject key identifier:   49:17:B9:53:AC:5F:32:F9:63:21:07:6B:88:20:0D:D0:8E:47:B1:9C
Certificate issuer:       /CN=af85bb8a50443e504c4853cce025ef58341c1d50
Certificate serial:       018CC42557975834D1DA35808A11566202EC
Authority key identifier: AF:85:BB:8A:50:44:3E:50:4C:48:53:CC:E0:25:EF:58:34:1C:1D:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4W7ilBEPlBMSFPM4CXvWDQcHVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/SRe5U6xfMvljIQdriCAN0I5HsZw.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34376
IP address blocks:        91.199.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/r4W7ilBEPlBMSFPM4CXvWDQcHVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/r4W7ilBEPlBMSFPM4CXvWDQcHVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4W7ilBEPlBMSFPM4CXvWDQcHVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:57:97:58:34:d1:da:35:80:8a:11:56:62:02:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af85bb8a50443e504c4853cce025ef58341c1d50
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4917b953ac5f32f96321076b88200dd08e47b19c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:59:5b:18:1f:5f:c0:40:8e:f3:1f:7d:87:7c:
                    be:06:ee:b0:26:e3:48:96:62:60:7b:fb:4f:a9:8d:
                    36:0f:25:fa:dd:c6:94:29:a7:a6:f0:b4:a7:59:97:
                    9e:69:c5:8f:a6:ba:e0:6a:34:cf:32:7e:c2:84:2c:
                    44:62:68:14:a3:87:fd:82:b9:a3:4a:50:f1:ba:84:
                    7f:bd:74:53:3a:fc:7b:0d:e1:67:9d:2a:02:fb:be:
                    e7:1d:d9:5b:02:af:db:38:0a:39:13:64:24:ff:d5:
                    60:3d:9f:87:15:c7:cb:00:2e:5e:61:3d:f8:6b:17:
                    40:9d:08:c7:cd:5d:e9:82:23:50:a8:e1:e6:4d:43:
                    79:db:6a:63:02:26:55:81:7a:12:77:d6:c6:d4:8d:
                    19:5f:21:5a:80:68:59:ce:3c:02:77:03:25:6f:da:
                    01:46:8b:51:a6:3c:d9:50:55:8d:1a:c4:58:4f:ff:
                    af:c0:b4:47:c8:83:bd:ab:1c:9b:19:88:fa:2c:d2:
                    19:cd:f0:aa:10:50:47:eb:29:56:bd:06:2a:9c:92:
                    47:e3:d1:a1:69:ad:07:cd:2c:64:6f:7f:f8:c8:fb:
                    40:6b:53:1b:75:9b:54:bb:04:68:5c:5d:c0:f5:e1:
                    c9:ff:cc:3f:d5:79:ee:fe:09:c7:83:82:e0:fd:19:
                    5d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:17:B9:53:AC:5F:32:F9:63:21:07:6B:88:20:0D:D0:8E:47:B1:9C
            X509v3 Authority Key Identifier:
                keyid:AF:85:BB:8A:50:44:3E:50:4C:48:53:CC:E0:25:EF:58:34:1C:1D:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4W7ilBEPlBMSFPM4CXvWDQcHVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/SRe5U6xfMvljIQdriCAN0I5HsZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/r4W7ilBEPlBMSFPM4CXvWDQcHVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:90:18:e3:12:58:1a:0c:7d:c0:ac:84:bd:1a:5d:86:3c:00:
         3d:55:aa:d6:78:79:c3:07:68:0e:2c:03:8c:82:3c:89:07:f7:
         87:a1:43:39:7f:e3:c5:ff:6f:3a:e7:65:5d:d1:61:70:8d:73:
         dc:38:76:93:cf:4d:32:1a:92:b0:66:56:06:d6:e3:6f:6e:37:
         af:89:f8:b6:25:a6:58:e3:dd:88:65:37:5f:57:29:36:90:b7:
         76:f8:1c:93:52:b9:2a:97:12:5e:ce:c2:5e:cc:b2:44:13:ba:
         f0:ef:98:1d:0a:29:e7:6a:58:e1:4d:55:30:fc:65:ed:65:e4:
         e9:bf:c8:6d:8f:40:0f:22:43:e1:75:54:17:1e:32:fe:01:65:
         c2:c4:a8:c7:96:a6:31:27:61:84:f9:5c:dc:f4:fa:3f:b9:ad:
         98:8e:8e:96:48:61:91:9e:ef:7e:00:71:ea:13:2b:c6:4a:2d:
         6d:b0:19:9f:df:ab:78:6b:94:f8:8c:9b:9a:17:fd:a9:cc:b6:
         1c:c6:d8:92:db:28:9b:f7:17:7b:95:a6:8b:b9:ac:8a:fb:e8:
         9a:7a:15:16:46:57:79:c0:00:a8:9b:bf:da:4c:55:39:4d:21:
         5b:82:2f:37:3c:24:ad:c8:a2:15:10:1d:fb:e5:88:99:bc:fa:
         84:a3:55:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVeXWDTR2jWAihFWYgLsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODViYjhhNTA0NDNlNTA0YzQ4NTNjY2UwMjVlZjU4MzQx
YzFkNTAwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTE3Yjk1M2FjNWYzMmY5NjMyMTA3NmI4ODIwMGRkMDhlNDdiMTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVlbGB9fwECO8x99h3y+Bu6wJuNI
lmJge/tPqY02DyX63caUKaem8LSnWZeeacWPprrgajTPMn7ChCxEYmgUo4f9grmj
SlDxuoR/vXRTOvx7DeFnnSoC+77nHdlbAq/bOAo5E2Qk/9VgPZ+HFcfLAC5eYT34
axdAnQjHzV3pgiNQqOHmTUN522pjAiZVgXoSd9bG1I0ZXyFagGhZzjwCdwMlb9oB
RotRpjzZUFWNGsRYT/+vwLRHyIO9qxybGYj6LNIZzfCqEFBH6ylWvQYqnJJH49Gh
aa0HzSxkb3/4yPtAa1MbdZtUuwRoXF3A9eHJ/8w/1Xnu/gnHg4Lg/Rld5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkXuVOsXzL5YyEHa4ggDdCOR7GcMB8GA1UdIwQY
MBaAFK+Fu4pQRD5QTEhTzOAl71g0HB1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRXN2lsQkVQbEJNU0ZQTTRDWHZXRFFjSFZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zZGYwYjYtNDdjOS00MGZlLTgzNTgt
ZmRlYmJjOTI3ZDQwLzEvU1JlNVU2eGZNdmxqSVFkcmlDQU4wSTVIc1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zZGYwYjYtNDdjOS00MGZlLTgzNTgtZmRlYmJjOTI3ZDQw
LzEvcjRXN2lsQkVQbEJNU0ZQTTRDWHZXRFFjSFZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8eAMA0G
CSqGSIb3DQEBCwUAA4IBAQBHkBjjElgaDH3ArIS9Gl2GPAA9VarWeHnDB2gOLAOM
gjyJB/eHoUM5f+PF/28652Vd0WFwjXPcOHaTz00yGpKwZlYG1uNvbjevifi2JaZY
492IZTdfVyk2kLd2+ByTUrkqlxJezsJezLJEE7rw75gdCinnaljhTVUw/GXtZeTp
v8htj0APIkPhdVQXHjL+AWXCxKjHlqYxJ2GE+Vzc9Po/ua2Yjo6WSGGRnu9+AHHq
EyvGSi1tsBmf36t4a5T4jJuaF/2pzLYcxtiS2yib9xd7laaLuayK++iaehUWRld5
wACom7/aTFU5TSFbgi83PCStyKIVEB375YiZvPqEo1WT
-----END CERTIFICATE-----