Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/mWDbGVVpCQ84rC7Zv5fGnlAS0IM.roa
File:                     mWDbGVVpCQ84rC7Zv5fGnlAS0IM.roa (raw, json)
Hash identifier:          p+WC5acLc9Vp8ZBrdZrqWpaCEJthWpQv4NHUQY+p8+s=
Subject key identifier:   99:60:DB:19:55:69:09:0F:38:AC:2E:D9:BF:97:C6:9E:50:12:D0:83
Certificate issuer:       /CN=22fd1b59d5caaf7506bc0d5c34f30c2159b04398
Certificate serial:       019427B5198A29CAC1C56C4E18EAF86CB720
Authority key identifier: 22:FD:1B:59:D5:CA:AF:75:06:BC:0D:5C:34:F3:0C:21:59:B0:43:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/mWDbGVVpCQ84rC7Zv5fGnlAS0IM.roa
Signing time:             Thu 02 Jan 2025 15:49:27 +0000
ROA not before:           Thu 02 Jan 2025 15:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33946
IP address blocks:        193.26.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:19:8a:29:ca:c1:c5:6c:4e:18:ea:f8:6c:b7:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22fd1b59d5caaf7506bc0d5c34f30c2159b04398
        Validity
            Not Before: Jan  2 15:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9960db195569090f38ac2ed9bf97c69e5012d083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:16:fb:39:0f:88:84:f9:32:f8:95:45:de:50:
                    ca:6a:ae:b1:05:22:1b:10:0e:b4:1c:98:50:35:75:
                    1c:7a:29:51:bd:bf:66:61:e7:77:9e:1f:68:f2:48:
                    fa:44:b3:f1:b8:98:ab:7a:f9:a7:ca:6f:4e:a8:86:
                    90:1a:6b:8d:d1:1f:73:19:89:aa:ae:5d:d4:aa:25:
                    99:2a:cf:ba:86:8d:96:a8:d8:59:6d:42:49:e2:36:
                    73:74:42:d4:1e:63:03:ff:17:63:b4:6a:83:ab:ea:
                    08:9e:3c:7d:b1:8f:f8:d2:26:18:cd:2c:f9:05:cb:
                    f0:71:38:e4:87:92:51:59:61:88:a9:66:55:88:3e:
                    f5:d2:b3:6e:01:77:f5:75:59:73:79:94:54:b8:64:
                    c7:33:83:f2:08:fe:5e:1b:e5:42:5a:69:71:93:de:
                    f7:4e:13:43:da:88:59:71:15:bb:56:6c:07:cb:6c:
                    ee:fc:fb:c0:68:27:41:92:68:6f:ae:3d:10:ae:73:
                    7d:b5:3d:43:43:64:40:95:79:36:26:e5:75:df:85:
                    a9:25:a4:c1:a4:63:29:b3:77:20:c1:50:83:62:70:
                    1a:e2:45:ba:65:2f:cc:d3:c8:02:da:01:28:97:59:
                    83:81:7c:f6:46:1a:3d:69:05:7e:1c:b5:30:4c:b1:
                    6c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:60:DB:19:55:69:09:0F:38:AC:2E:D9:BF:97:C6:9E:50:12:D0:83
            X509v3 Authority Key Identifier:
                keyid:22:FD:1B:59:D5:CA:AF:75:06:BC:0D:5C:34:F3:0C:21:59:B0:43:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/mWDbGVVpCQ84rC7Zv5fGnlAS0IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:9e:7d:60:20:b8:79:a1:d2:2a:32:98:0c:e2:bc:af:c6:64:
         61:78:6f:4b:4d:48:d8:14:69:07:23:74:bd:31:c3:b7:3b:8a:
         7a:13:b5:cb:0a:25:2e:74:0f:c0:0a:0c:8d:70:22:df:49:75:
         b5:9b:e5:4f:32:07:0e:c4:11:d0:8f:0d:55:5a:5b:e5:9c:a9:
         f2:e3:a3:84:0e:c0:83:a4:fc:eb:48:68:fb:ea:57:49:33:75:
         b9:d5:c8:49:72:7a:77:0a:7c:da:4a:b1:22:f8:c2:61:8c:2b:
         9f:ae:34:bd:bb:25:fc:88:eb:b8:5a:d7:78:d5:4d:f5:5f:d3:
         f5:36:05:89:1a:5e:c6:cc:00:e0:54:b3:cf:20:e3:ea:0e:e2:
         4b:54:e3:30:53:5f:2e:b2:7b:35:6d:0b:fb:9d:23:85:b5:ab:
         9f:ab:15:83:1f:65:d3:ed:4a:04:ba:c7:49:bf:f8:e2:e9:a4:
         db:b1:e6:ee:2f:a2:5f:82:1f:9c:f3:b4:7e:8d:5d:d7:cb:00:
         0b:58:37:21:fc:23:06:1a:af:b7:5d:3b:33:d8:e1:8d:5a:7f:
         ec:90:ce:fe:de:1e:dd:c3:82:53:58:d5:b3:56:d2:9a:5d:fe:
         38:5e:9a:8b:81:85:dc:d4:78:12:a7:32:01:79:d1:e4:e2:d8:
         86:8c:91:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntRmKKcrBxWxOGOr4bLcgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZmQxYjU5ZDVjYWFmNzUwNmJjMGQ1YzM0ZjMwYzIxNTli
MDQzOTgwHhcNMjUwMTAyMTU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTYwZGIxOTU1NjkwOTBmMzhhYzJlZDliZjk3YzY5ZTUwMTJkMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxb7OQ+IhPky+JVF3lDKaq6xBSIb
EA60HJhQNXUceilRvb9mYed3nh9o8kj6RLPxuJirevmnym9OqIaQGmuN0R9zGYmq
rl3UqiWZKs+6ho2WqNhZbUJJ4jZzdELUHmMD/xdjtGqDq+oInjx9sY/40iYYzSz5
BcvwcTjkh5JRWWGIqWZViD710rNuAXf1dVlzeZRUuGTHM4PyCP5eG+VCWmlxk973
ThND2ohZcRW7VmwHy2zu/PvAaCdBkmhvrj0QrnN9tT1DQ2RAlXk2JuV134WpJaTB
pGMps3cgwVCDYnAa4kW6ZS/M08gC2gEol1mDgXz2Rho9aQV+HLUwTLFsyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlg2xlVaQkPOKwu2b+Xxp5QEtCDMB8GA1UdIwQY
MBaAFCL9G1nVyq91BrwNXDTzDCFZsEOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXYwYldkWEtyM1VHdkExY05QTU1JVm13UTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC84NTBlOTYtMTkxZi00ZGNiLTllZGIt
Y2Q1OGZhMjAxNGRkLzEvbVdEYkdWVnBDUTg0ckM3WnY1ZkdubEFTMElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC84NTBlOTYtMTkxZi00ZGNiLTllZGItY2Q1OGZhMjAxNGRk
LzEvSXYwYldkWEtyM1VHdkExY05QTU1JVm13UTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoHMA0G
CSqGSIb3DQEBCwUAA4IBAQA+nn1gILh5odIqMpgM4ryvxmRheG9LTUjYFGkHI3S9
McO3O4p6E7XLCiUudA/ACgyNcCLfSXW1m+VPMgcOxBHQjw1VWlvlnKny46OEDsCD
pPzrSGj76ldJM3W51chJcnp3CnzaSrEi+MJhjCufrjS9uyX8iOu4Wtd41U31X9P1
NgWJGl7GzADgVLPPIOPqDuJLVOMwU18usns1bQv7nSOFtaufqxWDH2XT7UoEusdJ
v/ji6aTbsebuL6Jfgh+c87R+jV3XywALWDch/CMGGq+3XTsz2OGNWn/skM7+3h7d
w4JTWNWzVtKaXf44XpqLgYXc1HgSpzIBedHk4tiGjJGb
-----END CERTIFICATE-----