Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/4ubPY0ZxLfnaTpYsRuJAD6t_P3o.roa
File:                     4ubPY0ZxLfnaTpYsRuJAD6t_P3o.roa (raw, json)
Hash identifier:          Y1TV4QcMx5c9Jse9Mu8UgoGd0FD270rAfwz/EQcMmzg=
Subject key identifier:   E2:E6:CF:63:46:71:2D:F9:DA:4E:96:2C:46:E2:40:0F:AB:7F:3F:7A
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCAF1952D6AABC1172885D6CBE7077
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/4ubPY0ZxLfnaTpYsRuJAD6t_P3o.roa
Signing time:             Thu 02 Jan 2025 07:48:24 +0000
ROA not before:           Thu 02 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57355
IP address blocks:        217.17.37.0/24 maxlen: 24
                          2001:1a68:30::/52 maxlen: 52
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:af:19:52:d6:aa:bc:11:72:88:5d:6c:be:70:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2e6cf6346712df9da4e962c46e2400fab7f3f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:91:e1:f1:80:63:df:d6:56:c2:63:fc:d3:64:
                    0c:d8:ed:56:66:32:0c:13:b2:a9:e7:90:64:bf:01:
                    21:a8:7b:10:ac:06:00:60:82:43:f5:28:8b:23:6b:
                    87:06:06:91:0c:e8:84:a4:0c:b7:1d:7b:da:c0:68:
                    bc:3d:7f:2a:a1:02:3f:5e:08:f5:e5:cc:44:0e:65:
                    4e:1a:54:ce:61:70:f5:f2:c4:ee:da:ed:bf:3a:59:
                    69:f2:00:06:a1:2c:78:cb:ce:35:fa:5d:69:d2:2e:
                    8b:87:9f:71:af:07:64:91:e8:5a:66:dd:11:32:ea:
                    11:01:44:7f:b8:6e:4e:73:51:f4:eb:83:c4:b9:2f:
                    84:b1:55:f0:00:cd:00:ae:4a:7a:62:d0:ec:38:9b:
                    af:13:70:12:bd:c5:39:b3:a2:fc:34:9a:e0:39:13:
                    01:1f:cc:68:c7:be:c7:a3:83:82:f9:a9:eb:f2:86:
                    09:5f:58:ed:e1:17:83:74:5f:5b:42:7e:4e:56:66:
                    b6:79:b0:58:39:c1:0a:16:39:72:3d:d4:e6:16:65:
                    f4:29:32:7f:45:57:04:c0:e3:ed:c2:4a:1b:d7:7c:
                    19:5d:62:4e:98:f5:94:55:63:e0:cc:c0:11:b1:c9:
                    5a:45:66:37:2f:6c:d7:b5:d2:44:0f:c7:6d:ef:de:
                    ee:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E6:CF:63:46:71:2D:F9:DA:4E:96:2C:46:E2:40:0F:AB:7F:3F:7A
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/4ubPY0ZxLfnaTpYsRuJAD6t_P3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.17.37.0/24
                IPv6:
                  2001:1a68:30::/52

    Signature Algorithm: sha256WithRSAEncryption
         37:0f:fe:a5:3e:1c:d1:19:94:e8:f2:0d:9a:7e:e1:bc:31:20:
         55:99:11:80:fc:6e:01:29:0a:44:da:3b:fe:e0:59:97:3d:a7:
         83:ec:c9:f0:92:5e:b0:be:be:5e:c5:7c:53:42:d5:19:f8:ec:
         67:49:67:e2:02:f4:49:ac:23:56:7f:3f:8b:87:ef:42:68:0d:
         67:4d:f8:39:e2:a2:22:74:8e:e1:ee:df:3f:c5:bc:5c:65:11:
         e5:c3:05:09:92:5d:56:cf:b2:f9:2d:ff:f8:92:5e:91:0f:9d:
         0b:7f:dd:ca:50:c3:b2:ec:40:4b:04:6f:04:88:7d:24:36:b5:
         ec:54:d2:84:af:62:86:d0:e2:c1:0a:ca:1c:c0:f7:72:2e:af:
         87:05:9f:57:cf:90:2f:79:96:03:91:55:ba:b2:f5:3c:bf:a0:
         71:8b:14:3f:e2:6b:7c:6e:5e:0a:95:8b:39:cd:11:90:1d:fb:
         43:33:72:00:5e:c5:18:07:1f:45:13:1a:d4:f8:cc:db:75:2f:
         d8:0a:a3:6c:e7:52:48:ce:e9:a5:83:f9:15:32:e4:ad:38:bc:
         b2:24:c3:b4:55:8b:84:12:1e:1c:e3:9f:bd:0b:68:65:90:04:
         ce:5f:fa:12:fb:7e:46:6c:51:1f:32:52:a1:b4:ed:d9:23:c3:
         31:e3:46:37
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQl/K8ZUtaqvBFyiF1svnB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmU2Y2Y2MzQ2NzEyZGY5ZGE0ZTk2MmM0NmUyNDAwZmFiN2YzZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5Hh8YBj39ZWwmP802QM2O1WZjIM
E7Kp55BkvwEhqHsQrAYAYIJD9SiLI2uHBgaRDOiEpAy3HXvawGi8PX8qoQI/Xgj1
5cxEDmVOGlTOYXD18sTu2u2/Ollp8gAGoSx4y841+l1p0i6Lh59xrwdkkehaZt0R
MuoRAUR/uG5Oc1H064PEuS+EsVXwAM0Arkp6YtDsOJuvE3ASvcU5s6L8NJrgORMB
H8xox77Ho4OC+anr8oYJX1jt4ReDdF9bQn5OVma2ebBYOcEKFjlyPdTmFmX0KTJ/
RVcEwOPtwkob13wZXWJOmPWUVWPgzMARsclaRWY3L2zXtdJED8dt797uOwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOLmz2NGcS352k6WLEbiQA+rfz96MB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvNHViUFkwWnhMZm5hVHBZc1J1SkFENnRfUDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAMBAIAATAGAwQA2RElMBAE
AgACMAoDCAQgARpoADAAMA0GCSqGSIb3DQEBCwUAA4IBAQA3D/6lPhzRGZTo8g2a
fuG8MSBVmRGA/G4BKQpE2jv+4FmXPaeD7Mnwkl6wvr5exXxTQtUZ+OxnSWfiAvRJ
rCNWfz+Lh+9CaA1nTfg54qIidI7h7t8/xbxcZRHlwwUJkl1Wz7L5Lf/4kl6RD50L
f93KUMOy7EBLBG8EiH0kNrXsVNKEr2KG0OLBCsocwPdyLq+HBZ9Xz5AveZYDkVW6
svU8v6BxixQ/4mt8bl4KlYs5zRGQHftDM3IAXsUYBx9FExrU+MzbdS/YCqNs51JI
zumlg/kVMuStOLyyJMO0VYuEEh4c45+9C2hlkATOX/oS+35GbFEfMlKhtO3ZI8Mx
40Y3
-----END CERTIFICATE-----