Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/w3dSY8E242uK1E5wvfOn6BH0l5I.roa
File:                     w3dSY8E242uK1E5wvfOn6BH0l5I.roa (raw, json)
Hash identifier:          Fo/irukysXgrD3dDC+3R3PLFRX3CZGWuKFlfdPGZVD4=
Subject key identifier:   C3:77:52:63:C1:36:E3:6B:8A:D4:4E:70:BD:F3:A7:E8:11:F4:97:92
Certificate issuer:       /CN=af036816a317dd99d25383a32a681859c047b5ff
Certificate serial:       018CC424C225DC1D3BD47EC06A31CFD878A1
Authority key identifier: AF:03:68:16:A3:17:DD:99:D2:53:83:A3:2A:68:18:59:C0:47:B5:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/w3dSY8E242uK1E5wvfOn6BH0l5I.roa
Signing time:             Mon 01 Jan 2024 08:29:52 +0000
ROA not before:           Mon 01 Jan 2024 08:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        194.187.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c2:25:dc:1d:3b:d4:7e:c0:6a:31:cf:d8:78:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af036816a317dd99d25383a32a681859c047b5ff
        Validity
            Not Before: Jan  1 08:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3775263c136e36b8ad44e70bdf3a7e811f49792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e0:5c:9f:32:32:aa:5e:da:5b:c5:79:95:ba:
                    27:21:99:d8:4a:50:85:7e:91:79:14:d8:90:ef:28:
                    bb:45:99:98:af:43:0a:11:9c:7a:e8:4f:2d:2b:ea:
                    2e:6b:10:a3:ca:08:12:09:31:1d:57:be:3f:cf:57:
                    07:6e:0c:c1:d5:8a:f6:e9:4f:79:30:b4:b0:72:f2:
                    b3:ba:a4:5f:5f:a2:c9:90:44:7e:e0:5d:df:b7:47:
                    bc:bd:85:2f:3b:8f:e8:d2:31:11:bb:85:d8:91:81:
                    08:6c:e0:37:96:98:18:ca:87:9b:db:7f:55:46:6f:
                    a4:43:6f:5e:d8:51:36:7a:2d:2d:b5:0a:fc:a3:25:
                    dc:97:50:5c:f5:78:55:51:37:9a:cd:43:ae:89:04:
                    b8:c4:1d:92:cd:f3:ff:cb:e0:55:33:c0:99:77:da:
                    15:e3:4d:20:53:77:8d:6b:54:e2:c3:c8:16:5e:af:
                    60:d6:89:6b:66:94:0b:12:3c:e6:20:a9:e6:96:ac:
                    b7:25:e3:98:67:f8:52:7a:fd:8e:38:7a:de:1c:f1:
                    ee:fe:68:00:1e:a5:29:bf:95:f0:a4:84:8d:83:a0:
                    e3:bd:22:86:c4:a3:b8:c0:a2:24:36:2a:b9:e9:50:
                    54:69:cd:a2:cf:e2:5c:91:b5:cb:58:93:20:14:04:
                    d2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:77:52:63:C1:36:E3:6B:8A:D4:4E:70:BD:F3:A7:E8:11:F4:97:92
            X509v3 Authority Key Identifier:
                keyid:AF:03:68:16:A3:17:DD:99:D2:53:83:A3:2A:68:18:59:C0:47:B5:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/w3dSY8E242uK1E5wvfOn6BH0l5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:d2:be:55:34:e9:d7:5c:7a:1d:08:f7:b2:f3:cb:01:39:65:
         fb:8c:5a:aa:ca:25:3d:02:06:30:8c:9b:c5:70:1c:7f:16:5b:
         27:cb:ed:a0:e2:b9:35:d5:51:87:4e:43:c3:8a:95:45:60:90:
         fa:a7:ce:0b:66:38:d5:d0:71:da:7c:02:9d:7c:47:4b:82:18:
         b6:32:e0:0d:fd:47:d3:21:29:68:05:1c:f6:98:c7:b6:b5:5a:
         64:bc:5c:7b:bb:53:da:37:d5:2f:79:cf:bd:95:39:d2:ce:5a:
         8e:15:f2:a1:e1:f7:dd:1b:f4:ac:50:36:9b:da:85:c7:9f:13:
         d1:14:55:a4:7e:4c:25:30:3c:c5:7b:de:ad:28:e2:73:34:d8:
         4c:2b:73:a2:4d:ff:bf:08:9f:7d:1b:4b:eb:43:c5:33:6a:02:
         7d:70:7e:24:db:26:d4:ac:14:c1:c5:29:8f:1e:c2:f0:de:8b:
         dc:ab:8c:0c:33:b3:71:bd:ad:6c:b1:a5:85:42:7e:11:fc:ef:
         89:c5:fd:74:f5:9b:28:23:8f:b5:44:99:b8:72:37:86:58:ce:
         cb:bf:89:36:1f:10:3a:f0:87:50:4d:cd:0d:24:1e:5f:66:b1:
         cc:bb:c1:8b:7e:bf:0a:07:fc:a5:fb:37:86:d5:ce:cd:8a:4c:
         4d:c8:77:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJMIl3B071H7AajHP2HihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDM2ODE2YTMxN2RkOTlkMjUzODNhMzJhNjgxODU5YzA0
N2I1ZmYwHhcNMjQwMTAxMDgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzc3NTI2M2MxMzZlMzZiOGFkNDRlNzBiZGYzYTdlODExZjQ5NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+BcnzIyql7aW8V5lbonIZnYSlCF
fpF5FNiQ7yi7RZmYr0MKEZx66E8tK+ouaxCjyggSCTEdV74/z1cHbgzB1Yr26U95
MLSwcvKzuqRfX6LJkER+4F3ft0e8vYUvO4/o0jERu4XYkYEIbOA3lpgYyoeb239V
Rm+kQ29e2FE2ei0ttQr8oyXcl1Bc9XhVUTeazUOuiQS4xB2SzfP/y+BVM8CZd9oV
400gU3eNa1Tiw8gWXq9g1olrZpQLEjzmIKnmlqy3JeOYZ/hSev2OOHreHPHu/mgA
HqUpv5XwpISNg6DjvSKGxKO4wKIkNiq56VBUac2iz+JckbXLWJMgFATSxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMN3UmPBNuNritROcL3zp+gR9JeSMB8GA1UdIwQY
MBaAFK8DaBajF92Z0lODoypoGFnAR7X/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndOb0ZxTVgzWm5TVTRPakttZ1lXY0JIdGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81MmIxOTktOWUxZi00ZWM3LWIwYWEt
NGE0ZTBmNDI0ZjE3LzEvdzNkU1k4RTI0MnVLMUU1d3ZmT242QkgwbDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81MmIxOTktOWUxZi00ZWM3LWIwYWEtNGE0ZTBmNDI0ZjE3
LzEvcndOb0ZxTVgzWm5TVTRPakttZ1lXY0JIdGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrs4MA0G
CSqGSIb3DQEBCwUAA4IBAQA20r5VNOnXXHodCPey88sBOWX7jFqqyiU9AgYwjJvF
cBx/Flsny+2g4rk11VGHTkPDipVFYJD6p84LZjjV0HHafAKdfEdLghi2MuAN/UfT
ISloBRz2mMe2tVpkvFx7u1PaN9Uvec+9lTnSzlqOFfKh4ffdG/SsUDab2oXHnxPR
FFWkfkwlMDzFe96tKOJzNNhMK3OiTf+/CJ99G0vrQ8UzagJ9cH4k2ybUrBTBxSmP
HsLw3ovcq4wMM7Nxva1ssaWFQn4R/O+Jxf109ZsoI4+1RJm4cjeGWM7Lv4k2HxA6
8IdQTc0NJB5fZrHMu8GLfr8KB/yl+zeG1c7NikxNyHes
-----END CERTIFICATE-----
Generated at Mon May 6 09:47:13 2024 by rpki-client on console-fra.rpki-client.org