Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/3ebce5-73e3-4e3e-83b0-a788fdc70948/1/MWBaP-HM3jMW5Yk6FgbmWZoD5R4.roa
File:                     MWBaP-HM3jMW5Yk6FgbmWZoD5R4.roa (raw, json)
Hash identifier:          lV/XwmUehafjM9liZirbeuWxwquOHdPb1htNl8VM0b4=
Subject key identifier:   31:60:5A:3F:E1:CC:DE:33:16:E5:89:3A:16:06:E6:59:9A:03:E5:1E
Certificate issuer:       /CN=26cf4d53ed5c0a4bd3fe242201a966655c80cc0e
Certificate serial:       0194228D8767D69B945AB5EB3F4EA60F163D
Authority key identifier: 26:CF:4D:53:ED:5C:0A:4B:D3:FE:24:22:01:A9:66:65:5C:80:CC:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Js9NU-1cCkvT_iQiAalmZVyAzA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/3ebce5-73e3-4e3e-83b0-a788fdc70948/1/MWBaP-HM3jMW5Yk6FgbmWZoD5R4.roa
Signing time:             Wed 01 Jan 2025 15:48:08 +0000
ROA not before:           Wed 01 Jan 2025 15:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202173
IP address blocks:        91.220.120.0/24 maxlen: 24
                          185.79.100.0/22 maxlen: 24
                          2a05:7280::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/3ebce5-73e3-4e3e-83b0-a788fdc70948/1/Js9NU-1cCkvT_iQiAalmZVyAzA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/3ebce5-73e3-4e3e-83b0-a788fdc70948/1/Js9NU-1cCkvT_iQiAalmZVyAzA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Js9NU-1cCkvT_iQiAalmZVyAzA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:87:67:d6:9b:94:5a:b5:eb:3f:4e:a6:0f:16:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26cf4d53ed5c0a4bd3fe242201a966655c80cc0e
        Validity
            Not Before: Jan  1 15:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31605a3fe1ccde3316e5893a1606e6599a03e51e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:99:c1:61:4a:b2:e5:8a:99:5b:2d:9e:b4:c1:
                    f2:02:ff:c7:46:90:c2:53:23:a0:eb:04:dc:6d:20:
                    4b:9d:b9:26:b9:c4:73:39:58:27:8d:9f:7c:cc:a7:
                    5c:5c:a4:01:cd:4f:94:7f:4c:3e:04:54:e6:92:e3:
                    49:4c:91:e6:1a:25:f6:b3:87:26:c6:42:3a:c5:0b:
                    76:bb:1d:5b:10:4d:7b:19:a1:48:07:73:eb:1e:f5:
                    1a:23:87:26:4a:6f:a2:d9:bc:57:5d:95:78:5b:f9:
                    69:21:47:42:87:9e:4a:48:68:6c:09:24:0b:b9:66:
                    13:8e:cf:33:79:99:65:53:11:bb:c0:02:ff:1a:58:
                    2d:e4:d0:ec:be:7b:f1:e6:22:10:c1:f6:d0:fe:ce:
                    f4:79:21:39:38:5e:17:8e:c8:dc:e3:30:50:61:79:
                    93:d5:29:94:37:ca:26:9d:b1:6b:6f:29:34:10:28:
                    83:02:61:f0:d1:b6:c6:a6:60:16:14:1f:95:3a:e6:
                    2e:fc:ab:f2:a7:0b:56:25:c1:39:21:10:15:ff:74:
                    b4:dc:40:06:ac:85:08:e9:2a:0c:7d:6d:24:7c:dd:
                    9b:f1:56:ef:73:cf:80:08:65:54:96:b2:15:91:cf:
                    8b:ae:29:c3:13:d2:a1:2d:72:b3:e0:f3:88:fa:ae:
                    da:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:60:5A:3F:E1:CC:DE:33:16:E5:89:3A:16:06:E6:59:9A:03:E5:1E
            X509v3 Authority Key Identifier:
                keyid:26:CF:4D:53:ED:5C:0A:4B:D3:FE:24:22:01:A9:66:65:5C:80:CC:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Js9NU-1cCkvT_iQiAalmZVyAzA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/3ebce5-73e3-4e3e-83b0-a788fdc70948/1/MWBaP-HM3jMW5Yk6FgbmWZoD5R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/3ebce5-73e3-4e3e-83b0-a788fdc70948/1/Js9NU-1cCkvT_iQiAalmZVyAzA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.120.0/24
                  185.79.100.0/22
                IPv6:
                  2a05:7280::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:2b:cc:eb:d2:16:71:9d:db:b7:86:58:2b:28:6c:e4:2d:b0:
         88:ee:15:04:10:39:bc:a3:f4:e9:98:3a:7f:da:4d:83:23:ec:
         75:31:c7:88:cb:3a:8d:b7:6c:54:14:45:fe:08:04:fd:b1:94:
         3e:8b:42:17:63:09:92:9b:17:69:2f:b7:17:f6:e0:d7:46:88:
         ca:a7:4f:5f:7e:ff:ba:b8:60:b1:b4:db:e4:c2:7a:8f:26:a7:
         4b:c8:a8:65:2a:ee:c0:08:28:a5:ad:e9:0f:57:d3:f7:c5:4e:
         64:af:56:b9:86:fa:a8:ad:d4:09:77:fc:a7:16:40:d4:9b:74:
         62:71:9c:88:3f:7c:5b:b1:10:f2:84:a7:a5:93:54:26:ae:e4:
         8f:b5:5d:53:0c:6c:dc:96:49:30:05:5f:51:a1:85:2e:55:8e:
         c3:c9:b5:87:12:e3:a8:f1:7b:da:dc:ef:2b:49:a8:06:6e:44:
         14:2b:5e:48:be:16:d5:1e:fd:03:c0:7e:e6:ab:0e:31:e0:70:
         41:2d:d0:9e:32:1d:3b:55:d6:4a:36:02:a5:53:5c:bc:4a:65:
         0b:72:c8:06:1e:08:7f:78:03:9a:84:42:7d:ab:06:2b:3c:67:
         c3:52:c9:f5:a6:ae:a1:80:41:01:1b:87:75:e2:0c:1a:9a:d9:
         1f:21:a9:57
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQijYdn1puUWrXrP06mDxY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2Y2Y0ZDUzZWQ1YzBhNGJkM2ZlMjQyMjAxYTk2NjY1NWM4
MGNjMGUwHhcNMjUwMTAxMTU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTYwNWEzZmUxY2NkZTMzMTZlNTg5M2ExNjA2ZTY1OTlhMDNlNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5nBYUqy5YqZWy2etMHyAv/HRpDC
UyOg6wTcbSBLnbkmucRzOVgnjZ98zKdcXKQBzU+Uf0w+BFTmkuNJTJHmGiX2s4cm
xkI6xQt2ux1bEE17GaFIB3PrHvUaI4cmSm+i2bxXXZV4W/lpIUdCh55KSGhsCSQL
uWYTjs8zeZllUxG7wAL/Glgt5NDsvnvx5iIQwfbQ/s70eSE5OF4Xjsjc4zBQYXmT
1SmUN8omnbFrbyk0ECiDAmHw0bbGpmAWFB+VOuYu/KvypwtWJcE5IRAV/3S03EAG
rIUI6SoMfW0kfN2b8Vbvc8+ACGVUlrIVkc+LrinDE9KhLXKz4POI+q7aCwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDFgWj/hzN4zFuWJOhYG5lmaA+UeMB8GA1UdIwQY
MBaAFCbPTVPtXApL0/4kIgGpZmVcgMwOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnM5TlUtMWNDa3ZUX2lRaUFhbG1aVnlBekE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8zZWJjZTUtNzNlMy00ZTNlLTgzYjAt
YTc4OGZkYzcwOTQ4LzEvTVdCYVAtSE0zak1XNVlrNkZnYm1XWm9ENVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8zZWJjZTUtNzNlMy00ZTNlLTgzYjAtYTc4OGZkYzcwOTQ4
LzEvSnM5TlUtMWNDa3ZUX2lRaUFhbG1aVnlBekE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9x4AwQC
uU9kMA0EAgACMAcDBQAqBXKAMA0GCSqGSIb3DQEBCwUAA4IBAQCgK8zr0hZxndu3
hlgrKGzkLbCI7hUEEDm8o/TpmDp/2k2DI+x1MceIyzqNt2xUFEX+CAT9sZQ+i0IX
YwmSmxdpL7cX9uDXRojKp09ffv+6uGCxtNvkwnqPJqdLyKhlKu7ACCilrekPV9P3
xU5kr1a5hvqordQJd/ynFkDUm3RicZyIP3xbsRDyhKelk1QmruSPtV1TDGzclkkw
BV9RoYUuVY7DybWHEuOo8Xva3O8rSagGbkQUK15IvhbVHv0DwH7mqw4x4HBBLdCe
Mh07VdZKNgKlU1y8SmULcsgGHgh/eAOahEJ9qwYrPGfDUsn1pq6hgEEBG4d14gwa
mtkfIalX
-----END CERTIFICATE-----