Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/QFDEnmyVVreGiXPWhW9NPGB02W4.roa
File:                     QFDEnmyVVreGiXPWhW9NPGB02W4.roa (raw, json)
Hash identifier:          GlMlSvFaoxwUlk1n2LyvA+Mv98sMsgtOYxAF7sNysSM=
Subject key identifier:   40:50:C4:9E:6C:95:56:B7:86:89:73:D6:85:6F:4D:3C:60:74:D9:6E
Certificate issuer:       /CN=a430942203aa2f8d390a8dae50b85a984504fd9c
Certificate serial:       018CC5DC355FD7A6FDFFFAC9CD1A4A7CCA9E
Authority key identifier: A4:30:94:22:03:AA:2F:8D:39:0A:8D:AE:50:B8:5A:98:45:04:FD:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDCUIgOqL405Co2uULhamEUE_Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/QFDEnmyVVreGiXPWhW9NPGB02W4.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197843
IP address blocks:        195.216.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/pDCUIgOqL405Co2uULhamEUE_Zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/pDCUIgOqL405Co2uULhamEUE_Zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pDCUIgOqL405Co2uULhamEUE_Zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:35:5f:d7:a6:fd:ff:fa:c9:cd:1a:4a:7c:ca:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a430942203aa2f8d390a8dae50b85a984504fd9c
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4050c49e6c9556b7868973d6856f4d3c6074d96e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:62:03:f0:00:71:a6:d8:84:78:b7:24:86:a4:
                    d9:c1:44:6c:d6:6b:88:6c:bc:14:6f:0c:9f:c4:68:
                    20:e2:7a:3a:4c:a2:aa:d4:54:a9:4b:0e:da:14:46:
                    88:67:4b:94:c0:12:93:b0:db:54:5c:8c:c6:c3:1d:
                    77:d4:f8:26:91:72:06:a7:35:e2:63:3a:4a:ab:62:
                    d5:5b:02:20:dc:e5:26:3a:a5:73:b4:5f:4d:f6:ca:
                    fd:b0:01:0f:34:4b:67:af:76:93:3a:10:30:d7:0e:
                    ed:3d:19:46:fa:f9:5d:a1:90:6a:06:a6:71:02:b4:
                    ed:52:c8:fb:d7:ad:3d:4d:40:eb:be:b8:e9:93:36:
                    2c:92:41:02:d9:b1:c7:79:6d:d1:50:ef:98:88:a8:
                    d6:44:ed:56:84:68:fb:aa:03:a5:22:f9:3a:97:52:
                    ae:47:c8:a5:90:92:ff:bd:67:a7:ff:a1:75:3f:ec:
                    5a:6b:b9:a4:f8:ad:51:c7:d2:c1:49:fd:9d:4c:d5:
                    b1:ce:e7:81:ff:ff:49:9b:2a:76:b6:72:a6:43:62:
                    1d:cd:6d:4b:88:7c:bd:08:dd:dc:86:2e:d0:92:db:
                    ac:e3:05:f8:ca:83:18:e9:c1:83:c7:01:f3:76:b6:
                    b3:12:33:46:fa:db:de:f9:4a:0e:9f:1f:80:d5:6d:
                    bf:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:50:C4:9E:6C:95:56:B7:86:89:73:D6:85:6F:4D:3C:60:74:D9:6E
            X509v3 Authority Key Identifier:
                keyid:A4:30:94:22:03:AA:2F:8D:39:0A:8D:AE:50:B8:5A:98:45:04:FD:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDCUIgOqL405Co2uULhamEUE_Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/QFDEnmyVVreGiXPWhW9NPGB02W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/pDCUIgOqL405Co2uULhamEUE_Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:11:35:d8:ef:6d:30:1e:28:ef:6d:10:83:70:3d:8e:e4:af:
         b2:f8:9e:a4:7a:66:9f:ec:c8:b2:fe:93:af:24:f2:2b:22:e9:
         e0:d4:6a:1c:f7:cf:29:74:ea:f5:71:f3:08:17:c4:7b:68:f5:
         05:fa:a9:01:d9:d9:cf:3e:84:43:03:4e:21:64:be:90:f6:7b:
         33:d1:a9:54:ea:2d:f8:f1:dd:b1:ab:14:db:53:dd:60:25:ca:
         c0:f2:d9:0d:de:3f:61:ef:a4:41:13:92:ed:00:a6:11:3e:a9:
         ba:49:89:4c:87:30:a1:69:3a:dc:43:42:45:5d:cb:ed:83:7d:
         70:10:06:7f:05:af:77:20:d2:93:d1:26:68:9a:14:49:75:2c:
         b7:d4:93:b5:03:04:51:5e:b9:9e:54:3e:d1:83:e0:30:a4:d8:
         b6:54:b4:67:2e:7f:26:cf:29:33:fc:61:1b:39:10:ad:df:40:
         63:4e:4d:96:f3:07:10:05:24:f4:4e:36:b2:5f:e1:2f:ba:1d:
         b2:af:92:ba:2b:cf:ef:b6:9c:29:3b:a8:7a:09:6f:66:8c:47:
         81:c6:44:c0:29:64:6b:7b:7a:75:4c:a6:b3:ca:8f:9e:9e:a2:
         9b:aa:ed:fb:53:f5:e0:ed:6b:d9:d2:1f:90:8b:53:7d:06:7d:
         3e:53:e0:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DVf16b9//rJzRpKfMqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzA5NDIyMDNhYTJmOGQzOTBhOGRhZTUwYjg1YTk4NDUw
NGZkOWMwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDUwYzQ5ZTZjOTU1NmI3ODY4OTczZDY4NTZmNGQzYzYwNzRkOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGID8ABxptiEeLckhqTZwURs1muI
bLwUbwyfxGgg4no6TKKq1FSpSw7aFEaIZ0uUwBKTsNtUXIzGwx131PgmkXIGpzXi
YzpKq2LVWwIg3OUmOqVztF9N9sr9sAEPNEtnr3aTOhAw1w7tPRlG+vldoZBqBqZx
ArTtUsj71609TUDrvrjpkzYskkEC2bHHeW3RUO+YiKjWRO1WhGj7qgOlIvk6l1Ku
R8ilkJL/vWen/6F1P+xaa7mk+K1Rx9LBSf2dTNWxzueB//9Jmyp2tnKmQ2IdzW1L
iHy9CN3chi7Qktus4wX4yoMY6cGDxwHzdrazEjNG+tve+UoOnx+A1W2/GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBQxJ5slVa3holz1oVvTTxgdNluMB8GA1UdIwQY
MBaAFKQwlCIDqi+NOQqNrlC4WphFBP2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERDVUlnT3FMNDA1Q28ydVVMaGFtRVVFX1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9jNTI5NTMtZjk2ZC00ZTRjLThkZGIt
MWJmMGY3YjRkZjMwLzEvUUZERW5teVZWcmVHaVhQV2hXOU5QR0IwMlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9jNTI5NTMtZjk2ZC00ZTRjLThkZGItMWJmMGY3YjRkZjMw
LzEvcERDVUlnT3FMNDA1Q28ydVVMaGFtRVVFX1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9j9MA0G
CSqGSIb3DQEBCwUAA4IBAQCoETXY720wHijvbRCDcD2O5K+y+J6kemaf7Miy/pOv
JPIrIung1Goc988pdOr1cfMIF8R7aPUF+qkB2dnPPoRDA04hZL6Q9nsz0alU6i34
8d2xqxTbU91gJcrA8tkN3j9h76RBE5LtAKYRPqm6SYlMhzChaTrcQ0JFXcvtg31w
EAZ/Ba93INKT0SZomhRJdSy31JO1AwRRXrmeVD7Rg+AwpNi2VLRnLn8mzykz/GEb
ORCt30BjTk2W8wcQBST0TjayX+Evuh2yr5K6K8/vtpwpO6h6CW9mjEeBxkTAKWRr
e3p1TKazyo+enqKbqu37U/Xg7WvZ0h+Qi1N9Bn0+U+Ci
-----END CERTIFICATE-----
Generated at Sun Jun 23 18:58:25 2024 by rpki-client on console-fra.rpki-client.org