Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/DxjkKXKyFsNLqufXTV9e1T82m6k.roa
File:                     DxjkKXKyFsNLqufXTV9e1T82m6k.roa (raw, json)
Hash identifier:          K6DnI96JZkzFOs1CX+AJMcGf78HS/hSb1fBbhc6f884=
Subject key identifier:   0F:18:E4:29:72:B2:16:C3:4B:AA:E7:D7:4D:5F:5E:D5:3F:36:9B:A9
Certificate issuer:       /CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
Certificate serial:       018CC5DC51D2BB2C3A41D3AF2E76FDF45397
Authority key identifier: 47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/DxjkKXKyFsNLqufXTV9e1T82m6k.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29137
IP address blocks:        195.234.250.0/23 maxlen: 23
                          195.234.248.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:51:d2:bb:2c:3a:41:d3:af:2e:76:fd:f4:53:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f18e42972b216c34baae7d74d5f5ed53f369ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ea:ff:fe:58:36:6a:f9:4f:94:25:90:01:96:
                    d4:10:19:07:91:84:8f:38:5f:5f:c6:8a:2b:5f:d2:
                    09:38:a1:bd:99:f8:25:e3:fa:96:ba:68:a7:c3:c8:
                    53:53:8e:f0:80:e2:97:8f:53:54:46:57:4c:2d:a7:
                    0a:6a:48:96:d7:08:f1:2b:7f:87:2f:22:1e:93:a5:
                    6a:15:d1:df:b9:6e:f3:cb:25:00:88:65:e1:5c:02:
                    90:2d:b8:85:9a:e9:92:cb:85:5e:90:c9:6b:3c:f2:
                    63:4e:20:c3:88:d0:4b:58:49:ac:87:ca:e6:39:64:
                    1f:a8:32:ac:44:56:50:73:2b:ba:6d:1f:49:c7:de:
                    9b:a8:f6:e4:b9:c4:41:3a:04:13:93:50:06:cd:65:
                    bf:41:14:d8:24:54:24:69:f2:56:08:0d:06:9a:8c:
                    50:a6:42:28:74:50:92:d9:56:03:3b:db:d2:b1:8e:
                    27:b3:58:25:0b:13:80:42:f7:78:3c:3d:3f:be:41:
                    b1:ba:02:fe:11:28:f0:6d:d0:e7:9e:11:7f:4e:32:
                    23:04:05:80:6d:95:69:df:54:54:95:e6:61:6d:e3:
                    8d:2e:f9:13:63:24:a3:86:75:b1:9c:8d:52:62:1f:
                    6e:34:fc:73:ee:46:cd:76:b5:84:d6:fb:3f:9a:56:
                    82:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:18:E4:29:72:B2:16:C3:4B:AA:E7:D7:4D:5F:5E:D5:3F:36:9B:A9
            X509v3 Authority Key Identifier:
                keyid:47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/DxjkKXKyFsNLqufXTV9e1T82m6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:81:89:a5:52:82:43:3f:12:b4:9d:74:ee:3d:2a:7d:fb:b1:
         34:b6:af:5c:16:fc:77:86:6b:15:e9:28:ad:4d:68:70:e2:19:
         50:d4:5c:b6:4c:14:4d:54:74:43:e4:50:52:f7:4c:7b:0f:6a:
         c2:21:84:f2:9e:7d:f2:e3:20:c7:02:b1:f0:ef:dd:a3:38:ce:
         a1:f5:32:39:c4:d2:48:c0:97:62:4e:7e:7b:c6:7a:99:08:11:
         e4:a0:b9:be:39:44:26:41:62:f3:59:50:f6:12:d4:b4:93:26:
         b6:7a:e0:2d:a1:40:1e:98:10:e7:30:d0:11:ff:b9:88:af:be:
         84:8c:2e:83:43:cf:96:73:6c:a2:26:53:32:97:7c:29:90:c5:
         ae:68:f1:98:e2:bd:b1:88:81:8b:7a:0a:35:c9:4c:5c:65:f7:
         87:cd:a7:82:1c:60:6b:7d:b6:06:20:0c:8a:02:ed:25:30:19:
         f1:a5:b9:71:6d:d3:b6:94:ec:fc:45:67:38:f3:a5:a1:84:3d:
         93:86:00:06:c3:19:c0:bb:05:b9:33:db:c2:87:6e:49:f8:7c:
         c7:e1:f9:2e:bd:fa:77:dc:cc:ee:81:84:d3:31:d4:68:ac:d8:
         a5:0e:b2:82:81:06:2d:0d:f3:3b:2a:30:56:a6:60:9b:76:84:
         f5:fd:85:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FHSuyw6QdOvLnb99FOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZTk0Y2NiN2I2MDFkYTBjYTA5NDY5ZjYwZjY1MzY0MGZl
ZDhjMWMwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjE4ZTQyOTcyYjIxNmMzNGJhYWU3ZDc0ZDVmNWVkNTNmMzY5YmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiur//lg2avlPlCWQAZbUEBkHkYSP
OF9fxoorX9IJOKG9mfgl4/qWuminw8hTU47wgOKXj1NURldMLacKakiW1wjxK3+H
LyIek6VqFdHfuW7zyyUAiGXhXAKQLbiFmumSy4VekMlrPPJjTiDDiNBLWEmsh8rm
OWQfqDKsRFZQcyu6bR9Jx96bqPbkucRBOgQTk1AGzWW/QRTYJFQkafJWCA0GmoxQ
pkIodFCS2VYDO9vSsY4ns1glCxOAQvd4PD0/vkGxugL+ESjwbdDnnhF/TjIjBAWA
bZVp31RUleZhbeONLvkTYySjhnWxnI1SYh9uNPxz7kbNdrWE1vs/mlaCdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8Y5ClyshbDS6rn101fXtU/NpupMB8GA1UdIwQY
MBaAFEfpTMt7YB2gyglGn2D2U2QP7YwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQt
YmQ5MGEzZjA2ZTE2LzEvRHhqa0tYS3lGc05McXVmWFRWOWUxVDgybTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQtYmQ5MGEzZjA2ZTE2
LzEvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+r4MA0G
CSqGSIb3DQEBCwUAA4IBAQCJgYmlUoJDPxK0nXTuPSp9+7E0tq9cFvx3hmsV6Sit
TWhw4hlQ1Fy2TBRNVHRD5FBS90x7D2rCIYTynn3y4yDHArHw792jOM6h9TI5xNJI
wJdiTn57xnqZCBHkoLm+OUQmQWLzWVD2EtS0kya2euAtoUAemBDnMNAR/7mIr76E
jC6DQ8+Wc2yiJlMyl3wpkMWuaPGY4r2xiIGLego1yUxcZfeHzaeCHGBrfbYGIAyK
Au0lMBnxpblxbdO2lOz8RWc486WhhD2ThgAGwxnAuwW5M9vCh25J+HzH4fkuvfp3
3MzugYTTMdRorNilDrKCgQYtDfM7KjBWpmCbdoT1/YVW
-----END CERTIFICATE-----
Generated at Mon Jun 24 09:14:01 2024 by rpki-client on console-ams.rpki-client.org