Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/mCjjXmNHP3ERcyACKlhWztWevjs.roa
File:                     mCjjXmNHP3ERcyACKlhWztWevjs.roa (raw, json)
Hash identifier:          prSCXa4i1+SV8yhrAGFkhQKRCebFhXikZZjChURnSUE=
Subject key identifier:   98:28:E3:5E:63:47:3F:71:11:73:20:02:2A:58:56:CE:D5:9E:BE:3B
Certificate issuer:       /CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
Certificate serial:       018D07C7092236CE804732AAA76A6E565223
Authority key identifier: 88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/mCjjXmNHP3ERcyACKlhWztWevjs.roa
Signing time:             Sun 14 Jan 2024 11:41:40 +0000
ROA not before:           Sun 14 Jan 2024 11:41:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215974
IP address blocks:        86.107.6.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:07:c7:09:22:36:ce:80:47:32:aa:a7:6a:6e:56:52:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
        Validity
            Not Before: Jan 14 11:41:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9828e35e63473f71117320022a5856ced59ebe3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:44:01:c6:4e:24:fc:df:35:10:7c:61:1c:01:
                    26:84:d7:e2:61:e2:12:6d:15:33:8e:d4:a2:09:ab:
                    1c:f7:ff:86:49:8b:e6:72:ab:02:dd:d9:d1:89:a7:
                    ad:f2:8b:7b:47:dd:c1:dc:bc:c9:11:a1:2e:5f:c4:
                    68:61:d1:f8:65:0f:cb:ea:04:16:43:7b:91:87:83:
                    6a:cb:7b:2f:9e:d3:fd:2e:bd:d9:bd:6d:18:2a:5c:
                    38:a4:54:f4:82:e5:a4:1e:13:5f:1f:0c:60:3c:70:
                    b7:a1:1b:7b:bb:c7:07:eb:a7:2b:37:e1:9d:1f:66:
                    6b:ad:5e:95:8f:91:2a:58:2f:c7:77:23:8a:77:5e:
                    de:f8:1d:54:a2:b1:36:8e:e9:87:29:97:06:56:8a:
                    ae:52:09:2d:c1:50:8a:64:05:f3:45:94:3b:26:6a:
                    d8:73:4e:40:50:26:37:ab:6e:d2:c9:4b:0a:c5:0b:
                    30:ab:35:b1:ad:f4:4a:5f:1e:cd:24:10:d7:df:51:
                    8e:f2:ac:5f:d3:12:12:b4:77:e3:91:66:d6:d3:11:
                    bc:03:20:81:bc:12:55:32:dc:1e:35:94:b8:45:91:
                    af:19:b6:6d:bd:6c:ad:5b:07:10:6c:a5:33:3f:03:
                    cc:b0:e1:c8:6e:05:69:33:e0:0c:fc:ca:b7:6a:0e:
                    a9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:28:E3:5E:63:47:3F:71:11:73:20:02:2A:58:56:CE:D5:9E:BE:3B
            X509v3 Authority Key Identifier:
                keyid:88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/mCjjXmNHP3ERcyACKlhWztWevjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:3a:a5:e4:ea:9e:d0:96:98:2c:fb:03:7e:ef:8f:dc:88:67:
         91:21:1a:b6:4c:f4:f9:db:00:cf:07:4e:ce:91:59:8c:21:e0:
         63:cc:10:90:b6:cf:24:9d:e1:ac:cb:ff:85:2c:9c:cc:f1:59:
         a6:18:a6:3f:59:b1:a8:00:c5:8d:97:8b:68:70:60:47:f1:08:
         76:f6:e7:ad:41:05:be:9f:1e:71:1d:03:bd:8b:71:89:ef:2d:
         7f:ee:bd:e9:49:59:ea:dd:92:4a:95:d2:70:c0:14:00:53:a9:
         e8:f8:2c:a3:53:3d:fe:39:90:0c:11:18:5f:c5:54:43:20:41:
         55:e5:e8:20:d5:55:a0:fe:18:f0:f5:29:81:28:07:4d:72:6d:
         51:6f:9e:61:6c:46:01:95:6a:f2:96:aa:59:7e:a0:24:83:4c:
         75:ad:10:df:67:58:ba:17:b3:1f:56:27:23:27:76:5e:69:db:
         92:41:a7:78:8e:e7:a4:8c:97:68:f6:c6:fd:c9:d0:da:39:ec:
         db:a4:ac:47:17:5a:5c:30:1e:b6:fa:77:fd:90:15:d3:5e:33:
         dd:cb:ee:d3:a4:51:0c:a5:48:5c:92:60:2f:19:cc:12:70:b6:
         0a:b8:82:68:cc:56:cb:c7:41:58:3d:de:14:94:4b:f2:b9:bc:
         43:7f:01:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0HxwkiNs6ARzKqp2puVlIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NDdhYTkxYjA2ZDhjNmI4NzI4NGYzZjQ1YTIxZGMyODFm
N2JhNTUwHhcNMjQwMTE0MTE0MTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODI4ZTM1ZTYzNDczZjcxMTE3MzIwMDIyYTU4NTZjZWQ1OWViZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkQBxk4k/N81EHxhHAEmhNfiYeIS
bRUzjtSiCasc9/+GSYvmcqsC3dnRiaet8ot7R93B3LzJEaEuX8RoYdH4ZQ/L6gQW
Q3uRh4Nqy3svntP9Lr3ZvW0YKlw4pFT0guWkHhNfHwxgPHC3oRt7u8cH66crN+Gd
H2ZrrV6Vj5EqWC/HdyOKd17e+B1UorE2jumHKZcGVoquUgktwVCKZAXzRZQ7JmrY
c05AUCY3q27SyUsKxQswqzWxrfRKXx7NJBDX31GO8qxf0xIStHfjkWbW0xG8AyCB
vBJVMtweNZS4RZGvGbZtvWytWwcQbKUzPwPMsOHIbgVpM+AM/Mq3ag6pjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgo415jRz9xEXMgAipYVs7Vnr47MB8GA1UdIwQY
MBaAFIhHqpGwbYxrhyhPP0WiHcKB97pVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYt
Y2VhNzVkMGNkNjcxLzEvbUNqalhtTkhQM0VSY3lBQ0tsaFd6dFdldmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYtY2VhNzVkMGNkNjcx
LzEvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVmsGMA0G
CSqGSIb3DQEBCwUAA4IBAQBUOqXk6p7Qlpgs+wN+74/ciGeRIRq2TPT52wDPB07O
kVmMIeBjzBCQts8kneGsy/+FLJzM8VmmGKY/WbGoAMWNl4tocGBH8Qh29uetQQW+
nx5xHQO9i3GJ7y1/7r3pSVnq3ZJKldJwwBQAU6no+CyjUz3+OZAMERhfxVRDIEFV
5egg1VWg/hjw9SmBKAdNcm1Rb55hbEYBlWrylqpZfqAkg0x1rRDfZ1i6F7MfVicj
J3ZeaduSQad4juekjJdo9sb9ydDaOezbpKxHF1pcMB62+nf9kBXTXjPdy+7TpFEM
pUhckmAvGcwScLYKuIJozFbLx0FYPd4UlEvyubxDfwFL
-----END CERTIFICATE-----