Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/mbr-JW14gZq2QvW61reFB2YKZdA.roa
File:                     mbr-JW14gZq2QvW61reFB2YKZdA.roa (raw, json)
Hash identifier:          x2kxt/1vAnEfHmMozlmgyYEQJtHEETzngcW+dGcKSgc=
Subject key identifier:   99:BA:FE:25:6D:78:81:9A:B6:42:F5:BA:D6:B7:85:07:66:0A:65:D0
Certificate issuer:       /CN=e75bce163cb502a657f272f79fd3e487fbbd4b88
Certificate serial:       018CC5DCBE7D87788C6451C7BD0802312609
Authority key identifier: E7:5B:CE:16:3C:B5:02:A6:57:F2:72:F7:9F:D3:E4:87:FB:BD:4B:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51vOFjy1AqZX8nL3n9Pkh_u9S4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/mbr-JW14gZq2QvW61reFB2YKZdA.roa
Signing time:             Mon 01 Jan 2024 16:30:27 +0000
ROA not before:           Mon 01 Jan 2024 16:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206377
IP address blocks:        185.35.84.0/22 maxlen: 22
                          2a00:f280::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/51vOFjy1AqZX8nL3n9Pkh_u9S4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/51vOFjy1AqZX8nL3n9Pkh_u9S4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51vOFjy1AqZX8nL3n9Pkh_u9S4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:be:7d:87:78:8c:64:51:c7:bd:08:02:31:26:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e75bce163cb502a657f272f79fd3e487fbbd4b88
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99bafe256d78819ab642f5bad6b78507660a65d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ce:55:39:f5:de:ca:a8:13:54:70:91:5c:db:
                    a6:b9:80:6f:fd:ea:c1:52:95:64:c9:f9:0b:88:27:
                    cf:3d:08:9b:91:e8:77:fb:56:98:39:98:61:41:dd:
                    62:01:9d:4b:45:7f:65:fc:07:a7:19:01:6b:8c:eb:
                    7c:aa:3e:27:07:12:33:e6:ff:22:12:3c:bb:21:37:
                    48:cb:7c:ce:1f:af:02:8b:1b:bd:9a:4e:23:43:52:
                    c0:84:d3:e3:f1:77:43:6f:02:2a:60:44:57:5d:b9:
                    da:1a:fb:38:4c:aa:af:4f:d4:ff:86:8f:bc:38:c7:
                    ef:ea:5c:2b:00:2f:49:cb:f7:20:e9:c1:30:75:b2:
                    89:74:7f:35:c4:ac:18:23:72:a5:c3:1c:ea:c0:ba:
                    83:d3:98:cd:06:48:39:ed:ad:fa:9e:cc:22:e7:c5:
                    82:38:11:1e:95:64:d6:09:cf:e6:1d:73:aa:de:2f:
                    1c:c3:91:d4:08:e2:0d:e9:de:f7:87:94:6f:4a:e7:
                    ba:05:e5:b2:6c:e1:80:f2:f2:02:36:cf:1a:99:e4:
                    6d:2f:40:8c:35:a4:eb:ab:c9:e4:9d:43:42:6a:1b:
                    88:98:5b:49:04:34:68:86:e9:fa:01:85:32:61:ad:
                    3f:f7:f5:85:74:ea:55:66:e8:d2:fc:d0:b1:50:dd:
                    3c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:BA:FE:25:6D:78:81:9A:B6:42:F5:BA:D6:B7:85:07:66:0A:65:D0
            X509v3 Authority Key Identifier:
                keyid:E7:5B:CE:16:3C:B5:02:A6:57:F2:72:F7:9F:D3:E4:87:FB:BD:4B:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51vOFjy1AqZX8nL3n9Pkh_u9S4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/mbr-JW14gZq2QvW61reFB2YKZdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/51vOFjy1AqZX8nL3n9Pkh_u9S4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.84.0/22
                IPv6:
                  2a00:f280::/32

    Signature Algorithm: sha256WithRSAEncryption
         bf:97:9e:c6:b8:ee:c0:30:25:ce:c6:8b:8a:b8:84:c6:a2:cc:
         2a:92:2f:c0:4c:9c:d3:30:18:cd:44:84:da:14:da:92:9e:a2:
         a7:25:fa:fc:44:e6:f4:82:7e:8c:1b:56:2d:15:d5:a9:dc:d4:
         d1:0d:85:f7:d3:fe:55:02:cd:3d:ad:3e:16:33:2f:19:e0:dc:
         74:30:71:49:81:e1:4e:95:1e:4e:53:c4:5c:c2:be:f6:ca:7a:
         0c:0f:94:fa:80:38:c7:60:ff:6c:78:84:5d:6b:d9:e3:cb:d4:
         50:9c:3d:f9:ea:f9:84:4f:78:ec:50:b8:b6:64:a0:62:59:a3:
         fd:75:8a:e3:1b:36:c5:13:a0:57:7d:cd:31:a2:47:a8:14:64:
         6e:29:52:19:1e:9e:1f:bc:fd:87:74:b4:5b:9a:48:44:65:2f:
         85:8a:33:ad:8e:ba:e5:38:a4:ae:2c:6a:aa:46:0b:cb:8d:c4:
         fe:96:43:15:33:96:0b:87:ef:97:c8:dd:f1:8b:c7:14:50:8b:
         38:fd:36:a8:a3:9d:ce:2b:08:5a:d2:75:0d:9e:a4:c3:c6:95:
         a5:b0:d3:4e:68:12:fe:49:0c:06:c8:05:5b:e1:dd:83:ae:de:
         59:fe:6b:83:f6:5f:64:b9:4c:25:ad:61:e4:5d:28:fd:39:17:
         ae:05:c6:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3L59h3iMZFHHvQgCMSYJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NWJjZTE2M2NiNTAyYTY1N2YyNzJmNzlmZDNlNDg3ZmJi
ZDRiODgwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWJhZmUyNTZkNzg4MTlhYjY0MmY1YmFkNmI3ODUwNzY2MGE2NWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq85VOfXeyqgTVHCRXNumuYBv/erB
UpVkyfkLiCfPPQibkeh3+1aYOZhhQd1iAZ1LRX9l/AenGQFrjOt8qj4nBxIz5v8i
Ejy7ITdIy3zOH68Cixu9mk4jQ1LAhNPj8XdDbwIqYERXXbnaGvs4TKqvT9T/ho+8
OMfv6lwrAC9Jy/cg6cEwdbKJdH81xKwYI3KlwxzqwLqD05jNBkg57a36nswi58WC
OBEelWTWCc/mHXOq3i8cw5HUCOIN6d73h5RvSue6BeWybOGA8vICNs8ameRtL0CM
NaTrq8nknUNCahuImFtJBDRohun6AYUyYa0/9/WFdOpVZujS/NCxUN08uwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJm6/iVteIGatkL1uta3hQdmCmXQMB8GA1UdIwQY
MBaAFOdbzhY8tQKmV/Jy95/T5If7vUuIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTF2T0ZqeTFBcVpYOG5MM245UGtoX3U5UzRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9jNTcwOGItZmFmOS00MmE0LWJmNDgt
NGI4NTc4NzE1MTU0LzEvbWJyLUpXMTRnWnEyUXZXNjFyZUZCMllLWmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9jNTcwOGItZmFmOS00MmE0LWJmNDgtNGI4NTc4NzE1MTU0
LzEvNTF2T0ZqeTFBcVpYOG5MM245UGtoX3U5UzRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSNUMA0E
AgACMAcDBQAqAPKAMA0GCSqGSIb3DQEBCwUAA4IBAQC/l57GuO7AMCXOxouKuITG
oswqki/ATJzTMBjNRITaFNqSnqKnJfr8ROb0gn6MG1YtFdWp3NTRDYX30/5VAs09
rT4WMy8Z4Nx0MHFJgeFOlR5OU8Rcwr72ynoMD5T6gDjHYP9seIRda9njy9RQnD35
6vmET3jsULi2ZKBiWaP9dYrjGzbFE6BXfc0xokeoFGRuKVIZHp4fvP2HdLRbmkhE
ZS+FijOtjrrlOKSuLGqqRgvLjcT+lkMVM5YLh++XyN3xi8cUUIs4/Taoo53OKwha
0nUNnqTDxpWlsNNOaBL+SQwGyAVb4d2Drt5Z/muD9l9kuUwlrWHkXSj9OReuBcbm
-----END CERTIFICATE-----