Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/XnxB6U2DT6BCca0TL3Jjs5kATME.roa
File:                     XnxB6U2DT6BCca0TL3Jjs5kATME.roa (raw, json)
Hash identifier:          5FUxuObBzGPTBBVZnOLxOzE1m2/HtTv/nB/LCGGO8mo=
Subject key identifier:   5E:7C:41:E9:4D:83:4F:A0:42:71:AD:13:2F:72:63:B3:99:00:4C:C1
Certificate issuer:       /CN=675fbe4b1f00233ed767990071f04590c90c887d
Certificate serial:       018CC86F682035C732C9A48D2D405A6978F6
Authority key identifier: 67:5F:BE:4B:1F:00:23:3E:D7:67:99:00:71:F0:45:90:C9:0C:88:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/XnxB6U2DT6BCca0TL3Jjs5kATME.roa
Signing time:             Tue 02 Jan 2024 04:29:53 +0000
ROA not before:           Tue 02 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198479
IP address blocks:        37.128.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:68:20:35:c7:32:c9:a4:8d:2d:40:5a:69:78:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=675fbe4b1f00233ed767990071f04590c90c887d
        Validity
            Not Before: Jan  2 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e7c41e94d834fa04271ad132f7263b399004cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5f:36:c1:56:49:b3:04:77:bd:39:6f:2d:44:
                    ef:d7:bf:4c:a5:43:8c:b4:08:f7:e7:cb:32:d9:43:
                    15:f2:99:25:de:e8:fd:cc:ce:a7:b4:38:5e:5e:9c:
                    99:18:38:b2:3d:92:18:12:30:19:68:14:1a:42:3b:
                    87:65:45:0e:df:ae:d4:62:d7:ba:82:a6:bb:e9:8d:
                    0a:ad:67:06:15:49:73:ee:48:ec:d5:f7:2e:6a:83:
                    6e:29:29:03:f3:b9:bb:1e:f2:b8:12:25:53:f3:ba:
                    00:ba:dd:3b:32:c4:bf:58:4c:da:5d:5e:17:f4:a4:
                    8f:b4:ea:5f:8a:fc:6d:0e:f2:f3:58:88:60:d8:e2:
                    83:93:5c:e4:26:67:7a:0e:30:87:b9:09:c2:95:00:
                    0d:56:d1:9a:45:7a:a1:3e:3e:98:41:17:c3:62:fa:
                    5a:44:5d:bb:5d:c3:de:98:d5:bd:66:d8:1d:28:75:
                    cd:ee:f2:a0:40:87:04:2d:f9:60:92:1b:ca:c2:a8:
                    dd:96:f1:d8:76:ec:cb:43:1c:2b:58:c6:b8:0b:05:
                    aa:bc:98:36:76:1e:79:f9:26:4a:6f:57:04:36:79:
                    4f:c9:a7:92:e5:be:17:67:9a:20:2f:34:8c:08:4e:
                    4f:e5:64:8f:f2:83:42:50:e3:7a:d1:26:97:a2:f1:
                    40:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7C:41:E9:4D:83:4F:A0:42:71:AD:13:2F:72:63:B3:99:00:4C:C1
            X509v3 Authority Key Identifier:
                keyid:67:5F:BE:4B:1F:00:23:3E:D7:67:99:00:71:F0:45:90:C9:0C:88:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/XnxB6U2DT6BCca0TL3Jjs5kATME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:92:96:59:c4:36:08:14:7f:4f:fd:42:2e:5a:ed:33:f1:37:
         3a:b4:32:14:7c:53:65:60:fa:b1:4c:4b:53:a4:5d:88:89:ca:
         73:64:a6:46:26:41:7a:dc:97:54:d9:ca:35:82:cf:24:c6:b1:
         48:9f:9e:3e:06:17:e3:db:03:1f:16:c8:84:ca:37:83:22:5c:
         1c:6d:97:e3:6a:20:64:27:af:de:ee:c5:ba:88:f4:7d:34:ac:
         6f:41:68:89:12:fe:fd:0b:b3:21:eb:2d:87:57:e9:8e:9c:07:
         d7:ac:f6:d8:9a:6f:4b:42:14:d6:91:12:ce:da:5d:93:29:1a:
         b1:1e:c7:74:f3:09:df:ce:9a:e5:12:a5:88:9a:20:e4:ba:43:
         45:81:36:34:26:11:70:c9:33:8d:c2:98:f0:96:b3:62:a3:2b:
         0a:0b:db:8b:e9:5e:66:17:e4:81:34:31:fa:da:ca:71:4d:d6:
         c3:0e:78:6d:34:2b:11:d8:d9:6f:2f:76:a7:a6:c1:78:de:40:
         42:6a:d8:57:48:28:99:47:e1:25:ad:04:10:d2:02:da:5b:65:
         72:bc:13:11:3f:da:8c:2b:66:4a:a7:99:83:de:dd:ea:2d:f9:
         80:59:1f:8f:d4:d1:b0:86:4d:39:53:8d:09:ab:eb:0b:85:c9:
         0e:34:5f:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2ggNccyyaSNLUBaaXj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NWZiZTRiMWYwMDIzM2VkNzY3OTkwMDcxZjA0NTkwYzkw
Yzg4N2QwHhcNMjQwMTAyMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTdjNDFlOTRkODM0ZmEwNDI3MWFkMTMyZjcyNjNiMzk5MDA0Y2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF82wVZJswR3vTlvLUTv179MpUOM
tAj358sy2UMV8pkl3uj9zM6ntDheXpyZGDiyPZIYEjAZaBQaQjuHZUUO367UYte6
gqa76Y0KrWcGFUlz7kjs1fcuaoNuKSkD87m7HvK4EiVT87oAut07MsS/WEzaXV4X
9KSPtOpfivxtDvLzWIhg2OKDk1zkJmd6DjCHuQnClQANVtGaRXqhPj6YQRfDYvpa
RF27XcPemNW9ZtgdKHXN7vKgQIcELflgkhvKwqjdlvHYduzLQxwrWMa4CwWqvJg2
dh55+SZKb1cENnlPyaeS5b4XZ5ogLzSMCE5P5WSP8oNCUON60SaXovFAkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF58QelNg0+gQnGtEy9yY7OZAEzBMB8GA1UdIwQY
MBaAFGdfvksfACM+12eZAHHwRZDJDIh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjEtLVN4OEFJejdYWjVrQWNmQkZrTWtNaUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81NWMyYTAtNDlkZi00ZDk2LTk4OGYt
NGY5ZDA0MDEwNzEwLzEvWG54QjZVMkRUNkJDY2EwVEwzSmpzNWtBVE1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81NWMyYTAtNDlkZi00ZDk2LTk4OGYtNGY5ZDA0MDEwNzEw
LzEvWjEtLVN4OEFJejdYWjVrQWNmQkZrTWtNaUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYCoMA0G
CSqGSIb3DQEBCwUAA4IBAQAykpZZxDYIFH9P/UIuWu0z8Tc6tDIUfFNlYPqxTEtT
pF2IicpzZKZGJkF63JdU2co1gs8kxrFIn54+Bhfj2wMfFsiEyjeDIlwcbZfjaiBk
J6/e7sW6iPR9NKxvQWiJEv79C7Mh6y2HV+mOnAfXrPbYmm9LQhTWkRLO2l2TKRqx
Hsd08wnfzprlEqWImiDkukNFgTY0JhFwyTONwpjwlrNioysKC9uL6V5mF+SBNDH6
2spxTdbDDnhtNCsR2NlvL3anpsF43kBCathXSCiZR+ElrQQQ0gLaW2VyvBMRP9qM
K2ZKp5mD3t3qLfmAWR+P1NGwhk05U40Jq+sLhckONF8G
-----END CERTIFICATE-----
Generated at Mon Jun 24 11:50:42 2024 by rpki-client on console-fra.rpki-client.org