Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/BDlfbSMWPzA9ZVOkRFdHi5Jm0po.roa
File:                     BDlfbSMWPzA9ZVOkRFdHi5Jm0po.roa (raw, json)
Hash identifier:          NqJHciQJl8B2y+ahWwPWFdvC5+NCnLzgWwxWPlwq3Yo=
Subject key identifier:   04:39:5F:6D:23:16:3F:30:3D:65:53:A4:44:57:47:8B:92:66:D2:9A
Certificate issuer:       /CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
Certificate serial:       018CC26D6A9FAF182BD95DFC96C24E2559B4
Authority key identifier: 10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/BDlfbSMWPzA9ZVOkRFdHi5Jm0po.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        195.245.86.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6a:9f:af:18:2b:d9:5d:fc:96:c2:4e:25:59:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04395f6d23163f303d6553a44457478b9266d29a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c1:2b:d0:5b:1a:c4:1d:ea:8e:c2:d4:64:0d:
                    57:15:a3:21:18:8c:56:ed:28:8c:96:4f:56:e8:88:
                    83:73:02:80:a6:cf:e4:36:cc:d4:1a:70:aa:42:e0:
                    ca:5b:01:32:2d:69:59:88:f6:9a:e7:3c:0a:da:02:
                    ee:fe:0d:f3:58:cd:78:5d:d7:58:85:98:97:ab:26:
                    ac:a5:0b:1d:6a:ca:e4:65:d5:a3:50:4d:13:39:ca:
                    39:30:4a:05:0c:85:d0:05:cf:40:af:0a:55:5e:27:
                    bf:d1:c9:4e:3f:35:a1:bb:d2:b6:47:c5:95:29:e6:
                    ca:38:31:75:eb:ed:fd:73:38:ca:e7:70:8a:38:df:
                    a3:24:34:31:89:7e:49:34:55:93:91:44:69:a5:f4:
                    ce:c3:09:25:9b:94:6f:a5:5e:d4:73:83:4a:12:58:
                    80:26:08:46:3f:20:01:1a:b1:2b:d1:04:dd:2b:1e:
                    b4:dc:78:c4:ac:fc:ba:07:9e:15:3f:86:c1:1c:f8:
                    f3:fd:00:21:20:ba:76:ba:a5:66:7b:71:a2:d3:03:
                    14:45:63:95:01:ab:6b:33:dc:be:44:c1:43:96:f1:
                    72:88:61:52:3d:ae:2f:ae:77:33:97:b8:23:41:1e:
                    df:98:92:46:57:3b:f8:ea:16:fa:bc:a4:8f:35:d4:
                    d8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:39:5F:6D:23:16:3F:30:3D:65:53:A4:44:57:47:8B:92:66:D2:9A
            X509v3 Authority Key Identifier:
                keyid:10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/BDlfbSMWPzA9ZVOkRFdHi5Jm0po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:16:11:01:0a:09:3a:a3:3f:0d:30:f6:2e:41:c4:da:a6:cb:
         1d:18:a1:63:87:f2:18:67:fa:d5:53:bd:5d:2c:c5:09:7d:53:
         51:05:38:09:d8:03:28:6c:6e:01:55:7e:4a:d4:ea:d5:0a:b2:
         6d:3f:4a:9c:33:f3:a3:13:10:26:5d:71:80:58:3b:dd:cb:88:
         32:a2:60:6c:3b:c3:13:76:75:02:50:63:53:82:7b:99:c5:4b:
         e4:5a:32:b9:6c:b0:bd:05:b2:34:dd:21:ef:3b:5b:2a:17:b2:
         06:e7:5e:e4:7d:09:97:4d:a7:80:1c:06:cd:35:c9:fe:89:02:
         57:34:f0:fb:ec:72:cc:11:6e:c3:e4:80:a4:72:cf:06:b3:1b:
         84:d5:6a:58:6c:30:5e:f4:c2:6b:b5:22:c9:43:d5:74:75:ac:
         cd:bb:31:c1:24:78:0a:81:39:a3:c6:3d:eb:76:c1:0e:7c:d5:
         23:18:ee:87:76:f4:64:3e:14:f8:e2:85:3f:16:14:65:1e:7c:
         f3:77:8f:0c:5e:66:1a:4d:b5:8b:e1:49:87:69:fa:64:1b:bf:
         6b:16:77:96:04:54:3c:07:bf:29:10:3d:2d:e8:85:ec:db:51:
         8c:e4:78:36:34:1b:a5:f7:32:71:c1:35:8a:0a:3d:72:7f:4b:
         8c:3f:21:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWqfrxgr2V38lsJOJVm0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNjJiYzM2NTEyNjU4YTBmN2QzZjk2YmMxZDhlNjdkOWZk
NDkxOGIwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM5NWY2ZDIzMTYzZjMwM2Q2NTUzYTQ0NDU3NDc4YjkyNjZkMjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMEr0FsaxB3qjsLUZA1XFaMhGIxW
7SiMlk9W6IiDcwKAps/kNszUGnCqQuDKWwEyLWlZiPaa5zwK2gLu/g3zWM14XddY
hZiXqyaspQsdasrkZdWjUE0TOco5MEoFDIXQBc9ArwpVXie/0clOPzWhu9K2R8WV
KebKODF16+39czjK53CKON+jJDQxiX5JNFWTkURppfTOwwklm5RvpV7Uc4NKEliA
JghGPyABGrEr0QTdKx603HjErPy6B54VP4bBHPjz/QAhILp2uqVme3Gi0wMURWOV
AatrM9y+RMFDlvFyiGFSPa4vrnczl7gjQR7fmJJGVzv46hb6vKSPNdTYkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQ5X20jFj8wPWVTpERXR4uSZtKaMB8GA1UdIwQY
MBaAFBBivDZRJlig99P5a8HY5n2f1JGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYt
OTVhZDkyYWM4Njk4LzEvQkRsZmJTTVdQekE5WlZPa1JGZEhpNUptMHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYtOTVhZDkyYWM4Njk4
LzEvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/VWMA0G
CSqGSIb3DQEBCwUAA4IBAQAUFhEBCgk6oz8NMPYuQcTapssdGKFjh/IYZ/rVU71d
LMUJfVNRBTgJ2AMobG4BVX5K1OrVCrJtP0qcM/OjExAmXXGAWDvdy4gyomBsO8MT
dnUCUGNTgnuZxUvkWjK5bLC9BbI03SHvO1sqF7IG517kfQmXTaeAHAbNNcn+iQJX
NPD77HLMEW7D5ICkcs8GsxuE1WpYbDBe9MJrtSLJQ9V0dazNuzHBJHgKgTmjxj3r
dsEOfNUjGO6HdvRkPhT44oU/FhRlHnzzd48MXmYaTbWL4UmHafpkG79rFneWBFQ8
B78pED0t6IXs21GM5Hg2NBul9zJxwTWKCj1yf0uMPyG/
-----END CERTIFICATE-----
Generated at Mon May 6 04:14:31 2024 by rpki-client on console-fra.rpki-client.org