Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/eienVZLbItzkx1-u5Ja0Y4h-vIw.roa
File:                     eienVZLbItzkx1-u5Ja0Y4h-vIw.roa (raw, json)
Hash identifier:          yvuw6AiUkR45vB6w51jA9lp/x0+SIBkBXgdWwqOqJhk=
Subject key identifier:   7A:27:A7:55:92:DB:22:DC:E4:C7:5F:AE:E4:96:B4:63:88:7E:BC:8C
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BBA4B39254B8B65393888B34C60A6
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/eienVZLbItzkx1-u5Ja0Y4h-vIw.roa
Signing time:             Tue 02 Jan 2024 12:35:12 +0000
ROA not before:           Tue 02 Jan 2024 12:35:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57355
IP address blocks:        217.17.37.0/24 maxlen: 24
                          2001:1a68:30::/52 maxlen: 52

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:ba:4b:39:25:4b:8b:65:39:38:88:b3:4c:60:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a27a75592db22dce4c75faee496b463887ebc8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:37:ed:7f:3a:ad:cb:61:73:c9:1e:26:8a:16:
                    4e:5a:e0:95:a9:49:37:56:20:3d:51:e5:37:90:b3:
                    ca:91:4a:0f:f9:d3:12:e9:d6:d2:da:fc:4d:12:74:
                    da:1b:f7:0d:19:95:f2:32:98:b0:90:27:dd:82:11:
                    39:d1:a9:b6:18:63:9c:0b:e0:95:8c:03:b3:0f:52:
                    1b:4b:9e:32:14:32:33:3b:3c:f8:da:72:5a:0e:7a:
                    43:2f:92:fd:fc:0a:d0:bc:c7:e2:70:21:99:78:60:
                    66:47:84:7a:02:95:1b:32:07:6f:10:32:24:d6:d5:
                    0f:7c:a9:8a:a8:c0:95:82:6f:f1:26:07:37:be:5e:
                    47:9b:a5:3f:4e:c3:63:f1:2e:74:5d:02:7d:4c:bd:
                    19:7d:f5:d4:0d:c3:67:2d:e8:88:75:b0:83:12:3b:
                    ed:6f:ea:af:93:29:73:d3:41:5a:65:a8:0c:00:c1:
                    47:d0:b1:b4:e0:05:61:aa:7f:9b:93:4f:68:1e:0e:
                    6f:7e:fa:4c:aa:28:c2:8a:de:de:36:d2:70:dd:1f:
                    ab:e1:71:d6:de:65:32:b8:7d:28:0b:14:25:f4:7f:
                    60:3c:10:fe:b2:a5:92:d4:7b:63:80:56:bb:3a:b7:
                    7d:9b:47:31:bf:23:fd:8d:a9:67:1c:5f:4f:b9:91:
                    17:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:27:A7:55:92:DB:22:DC:E4:C7:5F:AE:E4:96:B4:63:88:7E:BC:8C
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/eienVZLbItzkx1-u5Ja0Y4h-vIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.17.37.0/24
                IPv6:
                  2001:1a68:30::/52

    Signature Algorithm: sha256WithRSAEncryption
         45:9c:5e:89:89:5b:34:fa:8c:a6:42:f8:e0:af:98:7f:ed:e4:
         db:af:2a:b1:09:2e:2e:e0:a6:31:67:c4:c8:6d:45:a8:ac:3e:
         de:19:11:2b:8b:49:35:bc:da:36:e1:2b:d0:30:1b:39:ee:0c:
         a0:93:dd:c9:28:c5:4e:04:29:21:50:14:de:33:e4:ac:04:08:
         6c:3e:cb:a0:0f:b3:af:fe:66:83:7b:f0:dd:1c:5c:77:0c:18:
         96:f8:f0:00:76:c2:eb:af:a4:dc:e9:7f:6b:61:41:2d:88:b0:
         8b:03:72:0a:53:3a:92:be:cb:77:3d:50:30:5f:fc:ed:b9:54:
         51:37:7d:ac:32:80:8a:7b:5a:eb:5e:7a:a1:cb:31:98:19:a8:
         8c:05:38:0e:8d:9e:8b:55:c0:cf:cd:6b:68:cc:b2:92:b8:8a:
         d7:59:3c:bf:76:24:b1:49:fd:e1:62:3d:db:9a:5a:f1:43:4f:
         92:e2:a2:b8:19:1f:33:af:63:8d:fc:9a:b2:92:20:df:29:cb:
         0e:4f:c9:af:2a:05:00:5c:71:32:80:cf:55:bf:db:26:94:e9:
         99:d5:f3:57:ca:70:09:a9:b4:a8:4f:50:f1:f2:40:a5:88:c9:
         c7:e9:8d:42:24:4d:ff:da:b3:94:c3:8b:50:6e:a9:6c:42:e6:
         41:e5:41:b7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKK7pLOSVLi2U5OIizTGCmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTI3YTc1NTkyZGIyMmRjZTRjNzVmYWVlNDk2YjQ2Mzg4N2ViYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTftfzqty2FzyR4mihZOWuCVqUk3
ViA9UeU3kLPKkUoP+dMS6dbS2vxNEnTaG/cNGZXyMpiwkCfdghE50am2GGOcC+CV
jAOzD1IbS54yFDIzOzz42nJaDnpDL5L9/ArQvMficCGZeGBmR4R6ApUbMgdvEDIk
1tUPfKmKqMCVgm/xJgc3vl5Hm6U/TsNj8S50XQJ9TL0ZffXUDcNnLeiIdbCDEjvt
b+qvkylz00FaZagMAMFH0LG04AVhqn+bk09oHg5vfvpMqijCit7eNtJw3R+r4XHW
3mUyuH0oCxQl9H9gPBD+sqWS1HtjgFa7Ord9m0cxvyP9jalnHF9PuZEXoQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHonp1WS2yLc5MdfruSWtGOIfryMMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvZWllblZaTGJJdHpreDEtdTVKYTBZNGgtdkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAMBAIAATAGAwQA2RElMBAE
AgACMAoDCAQgARpoADAAMA0GCSqGSIb3DQEBCwUAA4IBAQBFnF6JiVs0+oymQvjg
r5h/7eTbryqxCS4u4KYxZ8TIbUWorD7eGREri0k1vNo24SvQMBs57gygk93JKMVO
BCkhUBTeM+SsBAhsPsugD7Ov/maDe/DdHFx3DBiW+PAAdsLrr6Tc6X9rYUEtiLCL
A3IKUzqSvst3PVAwX/ztuVRRN32sMoCKe1rrXnqhyzGYGaiMBTgOjZ6LVcDPzWto
zLKSuIrXWTy/diSxSf3hYj3bmlrxQ0+S4qK4GR8zr2ON/JqykiDfKcsOT8mvKgUA
XHEygM9Vv9smlOmZ1fNXynAJqbSoT1Dx8kCliMnH6Y1CJE3/2rOUw4tQbqlsQuZB
5UG3
-----END CERTIFICATE-----