Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e30-bRHvLQ_jglvwcPY-AMAcCpQ.roa
File:                     e30-bRHvLQ_jglvwcPY-AMAcCpQ.roa (raw, json)
Hash identifier:          I2S32P6dksl2xyRFnZsQPfwBiCIa3sBABxUiGVxUkiY=
Subject key identifier:   7B:7D:3E:6D:11:EF:2D:0F:E3:82:5B:F0:70:F6:3E:00:C0:1C:0A:94
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       018CE5E2B1E4DC64FA51AC5E2A6B3910B50E
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e30-bRHvLQ_jglvwcPY-AMAcCpQ.roa
Signing time:             Sun 07 Jan 2024 21:44:48 +0000
ROA not before:           Sun 07 Jan 2024 21:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30836
IP address blocks:        217.113.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e5:e2:b1:e4:dc:64:fa:51:ac:5e:2a:6b:39:10:b5:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  7 21:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b7d3e6d11ef2d0fe3825bf070f63e00c01c0a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:76:59:8a:a2:fb:cb:30:20:8b:21:29:3f:03:
                    50:72:bd:7d:dd:07:37:d3:30:5a:96:21:83:27:14:
                    6f:0c:5e:b4:54:f8:ac:6f:79:d9:ce:3f:3f:9a:a7:
                    dd:d5:53:40:c0:45:ab:95:2a:11:8f:6f:e1:d7:19:
                    bb:04:23:67:f1:58:88:e6:ee:94:94:74:01:13:9c:
                    cf:4c:21:19:5d:62:81:f1:ba:23:d3:f0:b6:5d:f4:
                    9c:64:85:cd:85:7e:8b:d3:d1:c2:a6:17:e3:9b:c9:
                    eb:94:9f:d2:5c:54:11:7f:d0:f0:24:93:ae:af:9d:
                    61:6c:5b:d9:41:b5:f8:98:c8:c0:73:c0:f8:88:14:
                    86:eb:16:7e:6d:d2:cd:17:3f:8f:c0:75:c1:4e:e2:
                    af:bd:25:65:cb:ad:81:68:d0:09:79:e0:b8:86:52:
                    18:33:16:c0:e3:24:c8:ab:7d:41:6f:0f:b5:66:cd:
                    69:e3:4c:4b:7a:79:0e:7e:b4:3f:f9:a2:4c:fb:ad:
                    f0:71:6c:41:11:0f:0e:32:81:62:91:15:97:4f:b7:
                    fb:ec:c7:c1:9b:37:a1:ee:4d:70:cc:cb:8b:1d:46:
                    e4:fe:5c:8a:82:ff:16:11:15:d5:b6:0c:c5:88:4c:
                    1f:7e:c7:5d:b7:9c:84:0d:88:7a:47:61:ac:60:f4:
                    03:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:7D:3E:6D:11:EF:2D:0F:E3:82:5B:F0:70:F6:3E:00:C0:1C:0A:94
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e30-bRHvLQ_jglvwcPY-AMAcCpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:e0:78:e7:af:d3:51:f4:89:5d:e0:28:b2:3f:a2:6a:66:c1:
         37:51:97:4d:c6:1f:db:6e:0f:17:ac:de:f2:63:46:7d:ee:d0:
         a2:ca:9c:e9:e6:01:14:57:24:f5:41:ee:7a:70:1f:fe:8f:e9:
         4d:1e:a8:97:b4:09:f4:79:f3:e5:f6:68:5a:40:85:44:2c:ce:
         c3:10:73:3c:6f:80:bb:ba:31:28:3b:05:d6:94:8e:73:e6:72:
         dd:f0:58:74:ee:b3:bd:27:3f:93:89:7b:85:bb:5e:84:d4:69:
         c0:78:3c:39:d0:f0:de:9a:d8:8c:61:a7:58:5e:28:ca:02:bf:
         2b:28:13:2f:6a:ca:82:c3:cb:b7:e7:71:5f:9a:5e:36:ba:94:
         3a:bb:c1:a7:a3:dc:46:ce:72:89:85:45:94:6c:fd:b5:16:7c:
         70:53:27:4e:d8:ab:81:8c:10:cb:2b:3e:4a:3e:d0:6b:56:5f:
         59:79:38:ac:a5:ab:12:e0:a3:1e:02:64:f9:a0:ed:94:5b:1f:
         94:fb:df:6c:b5:b9:38:c1:19:aa:fe:e6:5a:ea:14:70:d9:51:
         32:64:a3:6b:c0:6d:b3:7c:98:52:d7:4b:66:c2:4f:ab:c4:75:
         4b:14:82:0b:6b:c8:ff:42:61:36:62:77:ea:12:bb:dd:14:a5:
         7a:ca:1e:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzl4rHk3GT6UaxeKms5ELUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQwMTA3MjE0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjdkM2U2ZDExZWYyZDBmZTM4MjViZjA3MGY2M2UwMGMwMWMwYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnZZiqL7yzAgiyEpPwNQcr193Qc3
0zBaliGDJxRvDF60VPisb3nZzj8/mqfd1VNAwEWrlSoRj2/h1xm7BCNn8ViI5u6U
lHQBE5zPTCEZXWKB8boj0/C2XfScZIXNhX6L09HCphfjm8nrlJ/SXFQRf9DwJJOu
r51hbFvZQbX4mMjAc8D4iBSG6xZ+bdLNFz+PwHXBTuKvvSVly62BaNAJeeC4hlIY
MxbA4yTIq31Bbw+1Zs1p40xLenkOfrQ/+aJM+63wcWxBEQ8OMoFikRWXT7f77MfB
mzeh7k1wzMuLHUbk/lyKgv8WERXVtgzFiEwffsddt5yEDYh6R2GsYPQD7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHt9Pm0R7y0P44Jb8HD2PgDAHAqUMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvZTMwLWJSSHZMUV9qZ2x2d2NQWS1BTUFjQ3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XE+MA0G
CSqGSIb3DQEBCwUAA4IBAQCW4Hjnr9NR9Ild4CiyP6JqZsE3UZdNxh/bbg8XrN7y
Y0Z97tCiypzp5gEUVyT1Qe56cB/+j+lNHqiXtAn0efPl9mhaQIVELM7DEHM8b4C7
ujEoOwXWlI5z5nLd8Fh07rO9Jz+TiXuFu16E1GnAeDw50PDemtiMYadYXijKAr8r
KBMvasqCw8u353Ffml42upQ6u8Gno9xGznKJhUWUbP21FnxwUydO2KuBjBDLKz5K
PtBrVl9ZeTispasS4KMeAmT5oO2UWx+U+99stbk4wRmq/uZa6hRw2VEyZKNrwG2z
fJhS10tmwk+rxHVLFIILa8j/QmE2YnfqErvdFKV6yh4I
-----END CERTIFICATE-----