Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/MTPWLW2wZKUX3rd5H2fglwcmRP8.roa
File:                     MTPWLW2wZKUX3rd5H2fglwcmRP8.roa (raw, json)
Hash identifier:          NV6d77rjaDRaqkT0W7HOp+x3FnU/qH62m4QIfaIEmLM=
Subject key identifier:   31:33:D6:2D:6D:B0:64:A5:17:DE:B7:79:1F:67:E0:97:07:26:44:FF
Certificate issuer:       /CN=b7733e9de9485b44671c8e511da221e4153c711b
Certificate serial:       019880436E623FC7CF0542A6CA19DD2F1551
Authority key identifier: B7:73:3E:9D:E9:48:5B:44:67:1C:8E:51:1D:A2:21:E4:15:3C:71:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t3M-nelIW0RnHI5RHaIh5BU8cRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/MTPWLW2wZKUX3rd5H2fglwcmRP8.roa
Signing time:             Wed 06 Aug 2025 16:42:39 +0000
ROA not before:           Wed 06 Aug 2025 16:42:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        91.241.48.0/22 maxlen: 24
                          91.241.48.0/24 maxlen: 24
                          194.5.236.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/t3M-nelIW0RnHI5RHaIh5BU8cRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/t3M-nelIW0RnHI5RHaIh5BU8cRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t3M-nelIW0RnHI5RHaIh5BU8cRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:80:43:6e:62:3f:c7:cf:05:42:a6:ca:19:dd:2f:15:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7733e9de9485b44671c8e511da221e4153c711b
        Validity
            Not Before: Aug  6 16:42:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3133d62d6db064a517deb7791f67e097072644ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:36:c4:55:b2:3a:bc:0d:55:40:db:a6:72:7f:
                    38:a0:4f:de:55:56:86:89:6a:fa:70:d7:b1:40:89:
                    d4:66:67:09:69:d0:09:48:6b:cc:2f:33:21:74:dd:
                    38:66:4a:06:dd:ce:40:3d:17:da:32:5e:d1:fa:c4:
                    3c:26:04:07:10:36:24:bd:ca:46:db:41:94:7f:a5:
                    7e:1e:23:f8:3a:e7:8a:2a:12:86:e1:33:6a:94:7b:
                    fe:9e:18:35:cc:da:7a:61:dd:e4:41:c6:c0:fa:15:
                    b5:93:78:d1:a7:81:8b:93:6e:55:18:fa:c9:fc:2f:
                    ad:1e:c8:0f:e3:b0:63:c5:5a:4a:96:28:da:b6:23:
                    46:7c:fe:80:df:87:a3:2f:4d:e4:9e:44:a5:a1:bc:
                    ae:21:54:40:da:df:96:34:d5:1e:17:cf:d1:cc:05:
                    e8:c8:c4:25:53:df:c0:84:24:2b:8f:26:3c:e0:4a:
                    cb:77:45:73:60:bb:21:29:83:06:0b:68:1b:6a:1f:
                    2e:71:94:57:f4:b9:45:e6:65:8e:32:f5:16:df:5b:
                    a2:cd:89:d3:2d:5a:43:26:e6:21:55:e5:89:2e:de:
                    b8:59:c5:87:ce:75:dc:f0:5c:13:79:ad:a4:32:19:
                    63:f6:46:eb:19:ff:ef:91:a7:7a:ac:a6:de:8e:01:
                    e5:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:33:D6:2D:6D:B0:64:A5:17:DE:B7:79:1F:67:E0:97:07:26:44:FF
            X509v3 Authority Key Identifier:
                keyid:B7:73:3E:9D:E9:48:5B:44:67:1C:8E:51:1D:A2:21:E4:15:3C:71:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t3M-nelIW0RnHI5RHaIh5BU8cRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/MTPWLW2wZKUX3rd5H2fglwcmRP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/t3M-nelIW0RnHI5RHaIh5BU8cRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.48.0/22
                  194.5.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:aa:b0:70:b7:49:92:ac:36:de:f6:90:74:d5:7b:60:cc:c1:
         bd:1c:cc:a3:34:81:6a:73:bd:b7:cd:fd:cb:75:40:70:04:a7:
         14:21:5f:f7:c7:64:73:bf:66:73:36:7c:ef:49:4d:4c:90:22:
         0e:e9:49:2d:36:92:00:19:2d:0b:2a:12:0c:84:c5:64:63:2b:
         9c:1c:62:aa:99:5c:1d:18:b0:4c:45:67:31:67:e7:72:8b:f7:
         dc:c7:4f:5e:56:dc:e4:38:4a:42:69:9e:cc:fd:a1:07:b7:69:
         d3:18:43:45:1e:46:4d:6c:02:31:bb:ce:a8:73:bd:bf:91:27:
         4d:ab:75:96:4a:5c:65:69:85:e0:c0:07:48:9f:cc:fa:e1:7c:
         8b:7d:04:9d:ae:26:63:06:75:2e:f3:75:20:ac:e5:4f:5d:68:
         54:1c:24:4e:79:49:a3:1c:22:b6:21:b6:b1:c8:ec:dd:e9:ab:
         7b:ac:e1:68:e6:0e:14:8b:5f:b3:22:58:67:76:9b:37:33:89:
         d5:2c:3a:25:cf:09:f6:e8:f6:f9:03:8c:08:1d:55:59:67:5e:
         70:1f:a0:66:9d:ff:25:5c:0c:11:e2:29:3d:58:f1:ed:2c:74:
         eb:44:11:94:12:7d:b4:44:6e:1b:a8:85:63:b9:68:a9:05:be:
         49:f8:bc:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiAQ25iP8fPBUKmyhndLxVRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NzMzZTlkZTk0ODViNDQ2NzFjOGU1MTFkYTIyMWU0MTUz
YzcxMWIwHhcNMjUwODA2MTY0MjM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTMzZDYyZDZkYjA2NGE1MTdkZWI3NzkxZjY3ZTA5NzA3MjY0NGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzbEVbI6vA1VQNumcn84oE/eVVaG
iWr6cNexQInUZmcJadAJSGvMLzMhdN04ZkoG3c5APRfaMl7R+sQ8JgQHEDYkvcpG
20GUf6V+HiP4OueKKhKG4TNqlHv+nhg1zNp6Yd3kQcbA+hW1k3jRp4GLk25VGPrJ
/C+tHsgP47BjxVpKlijatiNGfP6A34ejL03knkSlobyuIVRA2t+WNNUeF8/RzAXo
yMQlU9/AhCQrjyY84ErLd0VzYLshKYMGC2gbah8ucZRX9LlF5mWOMvUW31uizYnT
LVpDJuYhVeWJLt64WcWHznXc8FwTea2kMhlj9kbrGf/vkad6rKbejgHl6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDEz1i1tsGSlF963eR9n4JcHJkT/MB8GA1UdIwQY
MBaAFLdzPp3pSFtEZxyOUR2iIeQVPHEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDNNLW5lbElXMFJuSEk1UkhhSWg1QlU4Y1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8xN2U0NTAtODgxOC00YTI3LTlmMzUt
NTE4Y2QxNDcxM2ViLzEvTVRQV0xXMndaS1VYM3JkNUgyZmdsd2NtUlA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8xN2U0NTAtODgxOC00YTI3LTlmMzUtNTE4Y2QxNDcxM2Vi
LzEvdDNNLW5lbElXMFJuSEk1UkhhSWg1QlU4Y1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW/EwAwQB
wgXsMA0GCSqGSIb3DQEBCwUAA4IBAQAgqrBwt0mSrDbe9pB01XtgzMG9HMyjNIFq
c723zf3LdUBwBKcUIV/3x2Rzv2ZzNnzvSU1MkCIO6UktNpIAGS0LKhIMhMVkYyuc
HGKqmVwdGLBMRWcxZ+dyi/fcx09eVtzkOEpCaZ7M/aEHt2nTGENFHkZNbAIxu86o
c72/kSdNq3WWSlxlaYXgwAdIn8z64XyLfQSdriZjBnUu83UgrOVPXWhUHCROeUmj
HCK2IbaxyOzd6at7rOFo5g4Ui1+zIlhndps3M4nVLDolzwn26Pb5A4wIHVVZZ15w
H6Bmnf8lXAwR4ik9WPHtLHTrRBGUEn20RG4bqIVjuWipBb5J+LyV
-----END CERTIFICATE-----