Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/mb-d1XV5vVLQEjalMWvt6vTsWMg.roa
File:                     mb-d1XV5vVLQEjalMWvt6vTsWMg.roa (raw, json)
Hash identifier:          uTJWZCwIM4ioooPleIzcYRLsOUtD3nLa0gats6bP7i8=
Subject key identifier:   99:BF:9D:D5:75:79:BD:52:D0:12:36:A5:31:6B:ED:EA:F4:EC:58:C8
Certificate issuer:       /CN=9ca8a132519a242949497363b8caa33e72c673f8
Certificate serial:       018CC6B78B0F8003C3BD7EC02F538A072794
Authority key identifier: 9C:A8:A1:32:51:9A:24:29:49:49:73:63:B8:CA:A3:3E:72:C6:73:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nKihMlGaJClJSXNjuMqjPnLGc_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/mb-d1XV5vVLQEjalMWvt6vTsWMg.roa
Signing time:             Mon 01 Jan 2024 20:29:26 +0000
ROA not before:           Mon 01 Jan 2024 20:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211820
IP address blocks:        157.180.214.0/24 maxlen: 24
                          157.180.215.0/24 maxlen: 24
                          194.45.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/nKihMlGaJClJSXNjuMqjPnLGc_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/nKihMlGaJClJSXNjuMqjPnLGc_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nKihMlGaJClJSXNjuMqjPnLGc_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8b:0f:80:03:c3:bd:7e:c0:2f:53:8a:07:27:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ca8a132519a242949497363b8caa33e72c673f8
        Validity
            Not Before: Jan  1 20:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99bf9dd57579bd52d01236a5316bedeaf4ec58c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:51:e4:df:0e:3a:b9:3d:74:7d:35:d5:ba:a1:
                    46:2f:b8:22:f0:3c:14:97:74:52:1e:75:7e:1a:13:
                    4f:4d:80:21:6a:da:64:0f:52:da:a0:59:3f:01:66:
                    e1:65:b0:d6:79:d7:dd:13:a1:c5:cb:ac:01:5c:b9:
                    64:70:5f:44:c9:a4:48:69:f1:23:3e:58:76:b8:ed:
                    51:41:a7:79:72:e8:0a:b4:82:e7:d8:23:b7:4e:41:
                    a9:5d:e1:57:83:0b:96:ca:a7:f8:9e:58:45:f7:76:
                    ef:5b:4f:d7:a9:67:50:f9:2a:1e:33:9a:76:d4:27:
                    8c:be:6e:ca:3e:f8:bf:7a:a3:b5:04:79:88:a5:f0:
                    35:ec:24:62:34:05:4a:08:00:5e:10:98:f5:f9:5b:
                    a2:e0:7f:34:9a:59:08:bd:bf:d7:c1:92:20:a4:0b:
                    10:3d:9d:bb:40:fa:ae:07:fa:55:c2:aa:68:cf:51:
                    69:26:6c:74:f0:9b:fb:0f:27:27:1f:72:82:e7:51:
                    e4:7b:41:94:9e:08:99:f5:5a:db:01:30:50:b4:e9:
                    7e:12:95:50:aa:57:8e:9a:cf:5f:80:59:0a:c7:61:
                    68:1f:66:51:41:52:41:f2:48:ec:35:a1:6e:af:e4:
                    ea:af:92:3f:92:12:43:47:81:6b:04:eb:6b:8d:a4:
                    d8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:BF:9D:D5:75:79:BD:52:D0:12:36:A5:31:6B:ED:EA:F4:EC:58:C8
            X509v3 Authority Key Identifier:
                keyid:9C:A8:A1:32:51:9A:24:29:49:49:73:63:B8:CA:A3:3E:72:C6:73:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nKihMlGaJClJSXNjuMqjPnLGc_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/mb-d1XV5vVLQEjalMWvt6vTsWMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/nKihMlGaJClJSXNjuMqjPnLGc_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.180.214.0/23
                  194.45.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:e9:cd:b1:35:da:d3:1d:f9:bb:46:2d:16:b3:65:df:c3:56:
         6d:18:b8:4e:0a:d6:1e:c6:0e:90:f8:ca:2d:80:26:84:21:46:
         65:39:bc:c7:88:ee:b1:a6:13:b1:c4:8d:00:6f:57:d4:56:60:
         3f:31:0c:9d:02:9f:22:b7:35:a9:d5:88:3b:f1:83:64:02:75:
         5a:0a:83:4a:c8:d5:67:d2:74:ec:64:83:5b:31:d8:d3:68:4d:
         8e:48:8a:b4:44:20:d7:86:4c:e7:01:79:43:ab:c8:f6:d1:fd:
         43:e1:ab:a6:d2:65:f8:09:0c:d4:a2:cf:7a:5f:3b:ba:7e:0b:
         48:61:1e:3e:5d:2f:23:d0:66:33:7e:27:44:ff:90:91:c8:c3:
         fa:14:ca:62:8d:8b:fb:6c:13:12:22:f7:7b:00:f1:91:32:fa:
         f1:b7:9c:25:f8:c3:78:75:bd:64:a9:0b:b2:53:24:72:d4:5b:
         f5:74:b3:b6:a1:4e:48:1d:b7:75:b6:44:b3:e8:50:ad:e4:c9:
         7f:78:78:2d:56:91:f8:ec:df:4b:44:06:29:6d:f6:57:73:0a:
         ae:2a:da:8a:e5:53:5a:f1:14:1e:16:03:d9:cf:6b:48:7d:66:
         fe:72:8c:0a:90:fd:97:c1:c9:d6:6f:94:bc:2e:b9:4a:94:d9:
         85:0d:e7:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt4sPgAPDvX7AL1OKByeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYThhMTMyNTE5YTI0Mjk0OTQ5NzM2M2I4Y2FhMzNlNzJj
NjczZjgwHhcNMjQwMTAxMjAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWJmOWRkNTc1NzliZDUyZDAxMjM2YTUzMTZiZWRlYWY0ZWM1OGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlHk3w46uT10fTXVuqFGL7gi8DwU
l3RSHnV+GhNPTYAhatpkD1LaoFk/AWbhZbDWedfdE6HFy6wBXLlkcF9EyaRIafEj
Plh2uO1RQad5cugKtILn2CO3TkGpXeFXgwuWyqf4nlhF93bvW0/XqWdQ+SoeM5p2
1CeMvm7KPvi/eqO1BHmIpfA17CRiNAVKCABeEJj1+Vui4H80mlkIvb/XwZIgpAsQ
PZ27QPquB/pVwqpoz1FpJmx08Jv7DycnH3KC51Hke0GUngiZ9VrbATBQtOl+EpVQ
qleOms9fgFkKx2FoH2ZRQVJB8kjsNaFur+Tqr5I/khJDR4FrBOtrjaTY3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJm/ndV1eb1S0BI2pTFr7er07FjIMB8GA1UdIwQY
MBaAFJyooTJRmiQpSUlzY7jKoz5yxnP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbktpaE1sR2FKQ2xKU1hOanVNcWpQbkxHY19nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8zZTBlOWEtNTFmMy00OWRlLTlkMWIt
MDBjZDg2YWY4NDlkLzEvbWItZDFYVjV2VkxRRWphbE1XdnQ2dlRzV01nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8zZTBlOWEtNTFmMy00OWRlLTlkMWItMDBjZDg2YWY4NDlk
LzEvbktpaE1sR2FKQ2xKU1hOanVNcWpQbkxHY19nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBnbTWAwQA
wi0UMA0GCSqGSIb3DQEBCwUAA4IBAQAt6c2xNdrTHfm7Ri0Ws2Xfw1ZtGLhOCtYe
xg6Q+MotgCaEIUZlObzHiO6xphOxxI0Ab1fUVmA/MQydAp8itzWp1Yg78YNkAnVa
CoNKyNVn0nTsZINbMdjTaE2OSIq0RCDXhkznAXlDq8j20f1D4aum0mX4CQzUos96
Xzu6fgtIYR4+XS8j0GYzfidE/5CRyMP6FMpijYv7bBMSIvd7APGRMvrxt5wl+MN4
db1kqQuyUyRy1Fv1dLO2oU5IHbd1tkSz6FCt5Ml/eHgtVpH47N9LRAYpbfZXcwqu
KtqK5VNa8RQeFgPZz2tIfWb+cowKkP2XwcnWb5S8LrlKlNmFDefI
-----END CERTIFICATE-----