Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/687cd5-6345-4f64-be46-ede70c8ed513/1/QewG02ZmelbxArTx7szw1Mk3Nr0.roa
File:                     QewG02ZmelbxArTx7szw1Mk3Nr0.roa (raw, json)
Hash identifier:          gTVn4ttNO2Ov+7Fc8KtyTVJwhEDAdXu6AU5zdFXkbF4=
Subject key identifier:   41:EC:06:D3:66:66:7A:56:F1:02:B4:F1:EE:CC:F0:D4:C9:37:36:BD
Certificate issuer:       /CN=2cac84ceec57b35fa39534ae23009aea820239aa
Certificate serial:       018CC7942E0B64C234BF754AE6C45D094FE4
Authority key identifier: 2C:AC:84:CE:EC:57:B3:5F:A3:95:34:AE:23:00:9A:EA:82:02:39:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKyEzuxXs1-jlTSuIwCa6oICOao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/687cd5-6345-4f64-be46-ede70c8ed513/1/QewG02ZmelbxArTx7szw1Mk3Nr0.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49446
IP address blocks:        91.213.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/687cd5-6345-4f64-be46-ede70c8ed513/1/LKyEzuxXs1-jlTSuIwCa6oICOao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/687cd5-6345-4f64-be46-ede70c8ed513/1/LKyEzuxXs1-jlTSuIwCa6oICOao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKyEzuxXs1-jlTSuIwCa6oICOao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2e:0b:64:c2:34:bf:75:4a:e6:c4:5d:09:4f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cac84ceec57b35fa39534ae23009aea820239aa
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41ec06d366667a56f102b4f1eeccf0d4c93736bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5a:31:f6:d5:7c:7d:44:46:cf:e2:23:08:03:
                    2d:4a:48:f5:db:9e:94:fe:ef:09:b2:6f:d9:64:35:
                    bc:52:ee:b9:90:c3:36:25:87:5a:bb:1d:92:34:f2:
                    ec:c3:f1:c3:83:0b:35:6d:e2:f4:dd:e9:f9:0e:98:
                    6d:66:8d:a3:49:32:28:61:ec:04:49:72:a9:22:c6:
                    31:53:25:26:99:9f:be:55:df:3f:6d:db:ef:fb:31:
                    ca:7a:f2:2d:74:5d:99:a1:bb:9b:d9:e0:76:af:68:
                    0c:fa:30:2d:b6:fb:61:57:00:44:ac:42:c4:13:5c:
                    87:d8:e0:29:b6:0f:f6:c4:34:dd:40:20:98:7f:cb:
                    e4:90:27:3f:9a:9b:27:7a:05:f8:54:45:3c:07:d8:
                    e1:c3:eb:88:97:84:49:c1:00:6a:d0:9e:85:1a:70:
                    c5:a9:28:5a:50:79:f8:92:c0:51:3a:60:38:38:6f:
                    30:28:2b:7c:f1:f6:1f:55:f5:08:d3:5f:fc:f7:2c:
                    fd:bf:d5:aa:9a:54:eb:fe:38:95:e8:cb:ac:b3:65:
                    23:9c:3e:6a:cf:13:15:b3:0e:f2:e0:60:16:67:b9:
                    87:e2:a5:b9:2d:b1:cc:6e:7a:50:8c:dd:1f:80:90:
                    7f:d5:cf:5f:ff:af:35:0d:8d:62:ed:0c:d5:42:b8:
                    22:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:EC:06:D3:66:66:7A:56:F1:02:B4:F1:EE:CC:F0:D4:C9:37:36:BD
            X509v3 Authority Key Identifier:
                keyid:2C:AC:84:CE:EC:57:B3:5F:A3:95:34:AE:23:00:9A:EA:82:02:39:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKyEzuxXs1-jlTSuIwCa6oICOao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/687cd5-6345-4f64-be46-ede70c8ed513/1/QewG02ZmelbxArTx7szw1Mk3Nr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/687cd5-6345-4f64-be46-ede70c8ed513/1/LKyEzuxXs1-jlTSuIwCa6oICOao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:16:03:96:c0:36:d9:9d:b4:6a:61:42:8c:3c:38:b7:a6:e1:
         b6:8f:15:01:a0:8c:e4:52:78:38:ea:2b:0f:1b:35:8e:38:91:
         5b:d6:44:c2:7a:20:32:65:d2:af:0d:6e:88:72:2d:e2:75:10:
         96:3e:76:d7:57:cc:83:87:68:6e:e5:27:a1:27:26:9f:b5:1d:
         7a:47:12:bc:5a:88:85:5a:6a:58:e9:ff:dc:cb:c0:13:81:8e:
         19:06:03:2f:64:3c:30:2e:0e:ee:9f:f2:ac:de:45:72:98:6a:
         d6:2b:5f:11:7a:c8:78:86:cf:e8:93:56:5f:c3:c5:68:49:ed:
         03:33:08:a9:9c:70:44:c1:d7:bc:7c:0e:49:e8:91:ce:a4:8e:
         f3:62:29:24:12:5b:47:b3:1a:70:29:85:bf:eb:01:65:40:3a:
         29:bc:30:28:19:65:de:67:67:4b:02:66:55:39:e3:48:84:dd:
         a7:77:fd:be:7f:f1:98:1c:2f:27:0e:98:54:01:f1:73:03:32:
         af:6e:8e:5e:16:25:25:c9:00:3f:2d:46:1b:c3:5e:cf:c7:a6:
         09:ad:bf:35:6b:b4:c3:11:58:f3:f8:b4:9c:58:10:20:79:74:
         be:b5:cb:b9:f7:5c:78:d7:68:88:77:f6:2a:30:76:64:a5:1d:
         06:a6:70:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlC4LZMI0v3VK5sRdCU/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYWM4NGNlZWM1N2IzNWZhMzk1MzRhZTIzMDA5YWVhODIw
MjM5YWEwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWVjMDZkMzY2NjY3YTU2ZjEwMmI0ZjFlZWNjZjBkNGM5MzczNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlox9tV8fURGz+IjCAMtSkj1256U
/u8Jsm/ZZDW8Uu65kMM2JYdaux2SNPLsw/HDgws1beL03en5DphtZo2jSTIoYewE
SXKpIsYxUyUmmZ++Vd8/bdvv+zHKevItdF2Zobub2eB2r2gM+jAttvthVwBErELE
E1yH2OAptg/2xDTdQCCYf8vkkCc/mpsnegX4VEU8B9jhw+uIl4RJwQBq0J6FGnDF
qShaUHn4ksBROmA4OG8wKCt88fYfVfUI01/89yz9v9WqmlTr/jiV6Muss2UjnD5q
zxMVsw7y4GAWZ7mH4qW5LbHMbnpQjN0fgJB/1c9f/681DY1i7QzVQrgi3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHsBtNmZnpW8QK08e7M8NTJNza9MB8GA1UdIwQY
MBaAFCyshM7sV7Nfo5U0riMAmuqCAjmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEt5RXp1eFhzMS1qbFRTdUl3Q2E2b0lDT2FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC82ODdjZDUtNjM0NS00ZjY0LWJlNDYt
ZWRlNzBjOGVkNTEzLzEvUWV3RzAyWm1lbGJ4QXJUeDdzencxTWszTnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC82ODdjZDUtNjM0NS00ZjY0LWJlNDYtZWRlNzBjOGVkNTEz
LzEvTEt5RXp1eFhzMS1qbFRTdUl3Q2E2b0lDT2FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UCMA0G
CSqGSIb3DQEBCwUAA4IBAQCqFgOWwDbZnbRqYUKMPDi3puG2jxUBoIzkUng46isP
GzWOOJFb1kTCeiAyZdKvDW6Ici3idRCWPnbXV8yDh2hu5SehJyaftR16RxK8WoiF
WmpY6f/cy8ATgY4ZBgMvZDwwLg7un/Ks3kVymGrWK18Resh4hs/ok1Zfw8VoSe0D
MwipnHBEwde8fA5J6JHOpI7zYikkEltHsxpwKYW/6wFlQDopvDAoGWXeZ2dLAmZV
OeNIhN2nd/2+f/GYHC8nDphUAfFzAzKvbo5eFiUlyQA/LUYbw17Px6YJrb81a7TD
EVjz+LScWBAgeXS+tcu591x412iId/YqMHZkpR0GpnCW
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:30:53 2024 by rpki-client on console-ams.rpki-client.org