Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/MBNQLPLpnvDwbwXADwcz7uDmpFk.roa
File:                     MBNQLPLpnvDwbwXADwcz7uDmpFk.roa (raw, json)
Hash identifier:          UGA9RdObOjDkf2E6UjdxmHMjypIJiLmbtUJgDPA+vaM=
Subject key identifier:   30:13:50:2C:F2:E9:9E:F0:F0:6F:05:C0:0F:07:33:EE:E0:E6:A4:59
Certificate issuer:       /CN=26ad7d3560134e0a8ae46fc5b32c5acb61dde39c
Certificate serial:       018CC8DED5E0C38533A3D2F0952FA43C0569
Authority key identifier: 26:AD:7D:35:60:13:4E:0A:8A:E4:6F:C5:B3:2C:5A:CB:61:DD:E3:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/MBNQLPLpnvDwbwXADwcz7uDmpFk.roa
Signing time:             Tue 02 Jan 2024 06:31:36 +0000
ROA not before:           Tue 02 Jan 2024 06:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203735
IP address blocks:        91.205.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d5:e0:c3:85:33:a3:d2:f0:95:2f:a4:3c:05:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26ad7d3560134e0a8ae46fc5b32c5acb61dde39c
        Validity
            Not Before: Jan  2 06:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3013502cf2e99ef0f06f05c00f0733eee0e6a459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:77:97:c9:4a:d9:da:64:1c:f6:e0:a6:d4:d2:
                    9c:f7:4a:b7:1d:67:8a:bf:61:1c:58:f5:26:a3:53:
                    52:2e:b0:92:8b:cf:f0:a4:b9:61:74:0e:22:ad:9d:
                    1b:4b:75:9a:a1:b1:f4:21:a0:e5:7f:91:98:b9:8e:
                    57:47:a6:b1:f0:02:9c:94:09:74:77:23:78:55:c1:
                    31:5e:c8:a8:02:32:d6:aa:cd:55:02:9b:3f:3a:16:
                    90:e7:d6:b9:e6:5b:5b:60:56:02:82:45:e2:d9:15:
                    30:20:fc:42:74:25:9e:4e:b6:70:c0:71:82:27:a4:
                    a7:f1:45:d0:64:2e:8b:07:f3:71:d4:98:68:27:be:
                    2c:11:b6:cd:d3:f7:6d:29:2e:36:74:a9:fd:44:83:
                    fa:4d:07:99:78:d6:f7:64:27:41:66:89:af:58:cc:
                    7f:d3:2c:86:40:e4:ab:d0:f5:dc:fe:ba:f5:5d:8f:
                    55:43:c7:fa:5a:8a:d0:50:bb:e2:80:cf:c2:fa:1f:
                    25:38:45:7d:bb:97:99:be:88:99:76:c5:76:2c:47:
                    45:17:0b:6e:76:09:05:c1:6f:0f:8c:33:52:94:fc:
                    70:47:7d:42:6e:06:00:84:55:d4:d5:da:22:09:54:
                    c7:99:a2:b4:44:2d:0e:69:5e:37:59:b7:84:0c:fe:
                    ca:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:13:50:2C:F2:E9:9E:F0:F0:6F:05:C0:0F:07:33:EE:E0:E6:A4:59
            X509v3 Authority Key Identifier:
                keyid:26:AD:7D:35:60:13:4E:0A:8A:E4:6F:C5:B3:2C:5A:CB:61:DD:E3:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/MBNQLPLpnvDwbwXADwcz7uDmpFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e5:76:a2:3b:db:49:8d:2f:1a:64:57:66:a4:e0:76:67:af:
         33:15:0e:cb:d1:18:e1:c5:8b:fd:c1:40:7c:75:35:25:fa:8f:
         07:b2:b0:0a:e0:4f:eb:88:2f:8a:b0:aa:c3:cf:9f:3f:d5:d1:
         65:04:c6:34:9b:9f:6c:05:48:e8:c9:13:21:69:9b:18:11:56:
         d9:62:11:d9:cb:1a:fe:73:cb:a5:78:2b:c4:2a:49:5f:92:c0:
         29:41:13:3e:2c:67:4c:1d:19:0a:a7:73:68:32:e6:d4:e8:99:
         54:48:dc:60:14:12:a5:36:9c:ea:d1:de:05:c1:42:84:11:ad:
         8a:ca:51:e8:93:50:ca:c1:62:32:43:33:3a:a6:c0:60:1a:b1:
         25:2c:0f:21:ec:30:22:1f:2d:47:2c:8c:d2:1a:1b:be:ba:16:
         7a:41:21:0c:b1:f6:b1:08:82:8f:2b:58:df:b1:f9:06:e3:6b:
         09:02:4e:0c:7d:b8:84:21:6d:e0:76:bc:a6:d2:6c:60:b6:e2:
         cf:00:fb:ac:87:5b:c6:c5:8d:bf:0b:34:57:ff:1f:b4:fe:57:
         ea:44:de:37:4a:7f:88:67:4b:3c:8d:15:5d:83:02:3b:fd:bc:
         c7:e9:75:d3:e9:ea:6d:90:1b:3a:52:ec:23:21:f5:d6:42:e6:
         a7:63:f3:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tXgw4Uzo9LwlS+kPAVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YWQ3ZDM1NjAxMzRlMGE4YWU0NmZjNWIzMmM1YWNiNjFk
ZGUzOWMwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDEzNTAyY2YyZTk5ZWYwZjA2ZjA1YzAwZjA3MzNlZWUwZTZhNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlneXyUrZ2mQc9uCm1NKc90q3HWeK
v2EcWPUmo1NSLrCSi8/wpLlhdA4irZ0bS3WaobH0IaDlf5GYuY5XR6ax8AKclAl0
dyN4VcExXsioAjLWqs1VAps/OhaQ59a55ltbYFYCgkXi2RUwIPxCdCWeTrZwwHGC
J6Sn8UXQZC6LB/Nx1JhoJ74sEbbN0/dtKS42dKn9RIP6TQeZeNb3ZCdBZomvWMx/
0yyGQOSr0PXc/rr1XY9VQ8f6WorQULvigM/C+h8lOEV9u5eZvoiZdsV2LEdFFwtu
dgkFwW8PjDNSlPxwR31CbgYAhFXU1doiCVTHmaK0RC0OaV43WbeEDP7KHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDATUCzy6Z7w8G8FwA8HM+7g5qRZMB8GA1UdIwQY
MBaAFCatfTVgE04KiuRvxbMsWsth3eOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnExOU5XQVRUZ3FLNUdfRnN5eGF5MkhkNDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni85OGZjYjUtODdhNy00ZmRlLTk4NDct
NDkwMmE2NmIyZDk1LzEvTUJOUUxQTHBudkR3YndYQUR3Y3o3dURtcEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni85OGZjYjUtODdhNy00ZmRlLTk4NDctNDkwMmE2NmIyZDk1
LzEvSnExOU5XQVRUZ3FLNUdfRnN5eGF5MkhkNDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW80qMA0G
CSqGSIb3DQEBCwUAA4IBAQAE5XaiO9tJjS8aZFdmpOB2Z68zFQ7L0RjhxYv9wUB8
dTUl+o8HsrAK4E/riC+KsKrDz58/1dFlBMY0m59sBUjoyRMhaZsYEVbZYhHZyxr+
c8uleCvEKklfksApQRM+LGdMHRkKp3NoMubU6JlUSNxgFBKlNpzq0d4FwUKEEa2K
ylHok1DKwWIyQzM6psBgGrElLA8h7DAiHy1HLIzSGhu+uhZ6QSEMsfaxCIKPK1jf
sfkG42sJAk4MfbiEIW3gdrym0mxgtuLPAPush1vGxY2/CzRX/x+0/lfqRN43Sn+I
Z0s8jRVdgwI7/bzH6XXT6eptkBs6UuwjIfXWQuanY/Od
-----END CERTIFICATE-----