Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/MTWR2-fK-zXP_vo66N4nyK1kX1Y.roa
File:                     MTWR2-fK-zXP_vo66N4nyK1kX1Y.roa (raw, json)
Hash identifier:          6274b1F9aoiTzplMN8aMf75bval3AD8cdeJgbZU5gLo=
Subject key identifier:   31:35:91:DB:E7:CA:FB:35:CF:FE:FA:3A:E8:DE:27:C8:AD:64:5F:56
Certificate issuer:       /CN=6a7a2c6dbe511a07472437a9a0fb4fccd12be89f
Certificate serial:       0194266BB5EF18C2FB9BF52C606DC35714E9
Authority key identifier: 6A:7A:2C:6D:BE:51:1A:07:47:24:37:A9:A0:FB:4F:CC:D1:2B:E8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/anosbb5RGgdHJDepoPtPzNEr6J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/MTWR2-fK-zXP_vo66N4nyK1kX1Y.roa
Signing time:             Thu 02 Jan 2025 09:49:40 +0000
ROA not before:           Thu 02 Jan 2025 09:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47886
IP address blocks:        185.218.36.0/22 maxlen: 24
                          2a0b:d240::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/anosbb5RGgdHJDepoPtPzNEr6J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/anosbb5RGgdHJDepoPtPzNEr6J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/anosbb5RGgdHJDepoPtPzNEr6J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 21:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:b5:ef:18:c2:fb:9b:f5:2c:60:6d:c3:57:14:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a7a2c6dbe511a07472437a9a0fb4fccd12be89f
        Validity
            Not Before: Jan  2 09:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=313591dbe7cafb35cffefa3ae8de27c8ad645f56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:86:ae:87:c2:84:d5:89:e6:60:85:c6:bb:e3:
                    67:60:80:d1:98:82:33:e2:8e:18:a6:e3:67:72:de:
                    38:0e:98:e8:63:2a:e5:c6:12:44:65:0c:c8:5f:25:
                    df:5a:d1:0b:db:c2:95:6a:a9:9b:2d:8c:6e:f4:80:
                    e6:9e:1b:54:43:e4:1a:cf:2e:bb:ae:fc:2f:0c:9f:
                    01:5e:fb:c5:f6:f0:fb:8f:53:a2:e1:de:89:3d:18:
                    8f:e0:59:f1:5f:95:74:d1:87:c2:e2:f7:68:c9:e6:
                    d2:30:37:00:4a:00:00:5a:53:2c:c8:dc:fe:bf:36:
                    65:a4:6f:76:87:78:05:a5:07:13:07:1c:30:ce:0c:
                    5b:7b:31:57:b7:f0:97:81:da:53:2a:bb:b4:e5:03:
                    2c:7b:80:7f:78:6d:8e:ee:45:c4:17:9d:44:bd:d5:
                    92:60:95:d3:3a:ca:56:47:dd:60:95:68:57:cd:e6:
                    26:0d:d5:d3:43:7f:2d:e5:51:9f:ca:88:06:5c:ca:
                    c0:2f:d3:2e:e1:70:02:91:f7:82:2d:ca:c4:0c:bd:
                    f8:ac:63:73:26:4c:6e:f3:41:0c:01:f4:d2:e4:3b:
                    11:37:89:3f:20:8c:b4:ae:1a:2d:ae:69:a3:ca:81:
                    4d:db:ab:b9:a9:e3:41:2d:ed:97:22:c2:37:1d:5c:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:35:91:DB:E7:CA:FB:35:CF:FE:FA:3A:E8:DE:27:C8:AD:64:5F:56
            X509v3 Authority Key Identifier:
                keyid:6A:7A:2C:6D:BE:51:1A:07:47:24:37:A9:A0:FB:4F:CC:D1:2B:E8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/anosbb5RGgdHJDepoPtPzNEr6J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/MTWR2-fK-zXP_vo66N4nyK1kX1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/anosbb5RGgdHJDepoPtPzNEr6J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.36.0/22
                IPv6:
                  2a0b:d240::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:aa:cc:bb:91:a3:c4:3f:19:05:00:a8:c4:ee:25:3a:f9:3c:
         94:18:da:b4:a1:3f:1f:d1:24:34:69:db:be:f8:38:b6:67:47:
         9e:e7:60:97:67:0c:33:ef:1e:ec:8e:be:9b:da:f2:07:dd:7f:
         90:24:dd:19:87:45:c9:1c:5e:eb:22:d3:12:2e:df:f4:6c:64:
         63:40:b7:e2:60:f4:d7:d9:14:5b:8a:08:7c:d7:27:df:61:96:
         01:07:74:55:ab:fd:8d:7c:88:65:ca:b6:90:e3:9a:f4:25:b6:
         4a:e1:59:ab:21:4b:62:d4:19:a8:dc:33:29:53:2e:ad:9a:4b:
         38:8f:28:9f:9a:5d:86:d7:3c:ef:ec:ca:d0:0c:a5:7e:db:da:
         80:bc:a2:11:d2:b5:87:23:8b:08:43:6d:4e:ab:7c:0b:95:c5:
         7a:59:92:44:fb:4a:b0:f2:c1:bf:5c:b4:91:3b:b9:9f:77:c6:
         b3:d2:ad:f7:8f:7a:c5:4f:99:2c:3d:b7:88:a2:1f:e0:3c:8e:
         27:8f:40:ab:06:12:88:30:9d:2d:84:cb:c9:fd:53:a9:d4:85:
         79:fc:3d:38:05:2c:8d:72:27:a3:28:6e:d7:21:85:2e:29:c7:
         89:03:3e:56:78:37:34:fd:d7:7d:ec:71:40:e7:9e:13:c4:97:
         0a:f7:46:75
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma7XvGML7m/UsYG3DVxTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhN2EyYzZkYmU1MTFhMDc0NzI0MzdhOWEwZmI0ZmNjZDEy
YmU4OWYwHhcNMjUwMTAyMDk0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTM1OTFkYmU3Y2FmYjM1Y2ZmZWZhM2FlOGRlMjdjOGFkNjQ1ZjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIauh8KE1YnmYIXGu+NnYIDRmIIz
4o4YpuNnct44DpjoYyrlxhJEZQzIXyXfWtEL28KVaqmbLYxu9IDmnhtUQ+Qazy67
rvwvDJ8BXvvF9vD7j1Oi4d6JPRiP4FnxX5V00YfC4vdoyebSMDcASgAAWlMsyNz+
vzZlpG92h3gFpQcTBxwwzgxbezFXt/CXgdpTKru05QMse4B/eG2O7kXEF51EvdWS
YJXTOspWR91glWhXzeYmDdXTQ38t5VGfyogGXMrAL9Mu4XACkfeCLcrEDL34rGNz
Jkxu80EMAfTS5DsRN4k/IIy0rhotrmmjyoFN26u5qeNBLe2XIsI3HVwyLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDE1kdvnyvs1z/76OujeJ8itZF9WMB8GA1UdIwQY
MBaAFGp6LG2+URoHRyQ3qaD7T8zRK+ifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW5vc2JiNVJHZ2RISkRlcG9QdFB6TkVyNko4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80ZDUzZTUtNmUwYy00NmQ1LTlhODgt
Y2U5YzE0OWY4ODliLzEvTVRXUjItZkstelhQX3ZvNjZONG55SzFrWDFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80ZDUzZTUtNmUwYy00NmQ1LTlhODgtY2U5YzE0OWY4ODli
LzEvYW5vc2JiNVJHZ2RISkRlcG9QdFB6TkVyNko4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudokMA0E
AgACMAcDBQAqC9JAMA0GCSqGSIb3DQEBCwUAA4IBAQApqsy7kaPEPxkFAKjE7iU6
+TyUGNq0oT8f0SQ0adu++Di2Z0ee52CXZwwz7x7sjr6b2vIH3X+QJN0Zh0XJHF7r
ItMSLt/0bGRjQLfiYPTX2RRbigh81yffYZYBB3RVq/2NfIhlyraQ45r0JbZK4Vmr
IUti1Bmo3DMpUy6tmks4jyifml2G1zzv7MrQDKV+29qAvKIR0rWHI4sIQ21Oq3wL
lcV6WZJE+0qw8sG/XLSRO7mfd8az0q33j3rFT5ksPbeIoh/gPI4nj0CrBhKIMJ0t
hMvJ/VOp1IV5/D04BSyNciejKG7XIYUuKceJAz5WeDc0/dd97HFA554TxJcK90Z1
-----END CERTIFICATE-----