Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/DblGpmUomT2xpo9EEbovnP59Iu8.roa
File:                     DblGpmUomT2xpo9EEbovnP59Iu8.roa (raw, json)
Hash identifier:          GoKjG8M5yle8iW4IQ8PZznRMWvIIYF3mliWqS2nYz80=
Subject key identifier:   0D:B9:46:A6:65:28:99:3D:B1:A6:8F:44:11:BA:2F:9C:FE:7D:22:EF
Certificate issuer:       /CN=95b81f4e45d711da0c148dc2baad1504ddbb427b
Certificate serial:       018CC5DBE1F58D760A83DC03AD59EA293ADC
Authority key identifier: 95:B8:1F:4E:45:D7:11:DA:0C:14:8D:C2:BA:AD:15:04:DD:BB:42:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbgfTkXXEdoMFI3Cuq0VBN27Qns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/DblGpmUomT2xpo9EEbovnP59Iu8.roa
Signing time:             Mon 01 Jan 2024 16:29:30 +0000
ROA not before:           Mon 01 Jan 2024 16:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209189
IP address blocks:        2.57.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/lbgfTkXXEdoMFI3Cuq0VBN27Qns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/lbgfTkXXEdoMFI3Cuq0VBN27Qns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbgfTkXXEdoMFI3Cuq0VBN27Qns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e1:f5:8d:76:0a:83:dc:03:ad:59:ea:29:3a:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b81f4e45d711da0c148dc2baad1504ddbb427b
        Validity
            Not Before: Jan  1 16:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0db946a66528993db1a68f4411ba2f9cfe7d22ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:de:f8:06:a5:0d:97:0a:66:5c:d0:e4:c9:fc:
                    e1:ee:6e:94:91:98:5b:f8:9c:fc:aa:e4:89:ba:8d:
                    3a:a8:8a:97:c3:d8:eb:51:61:79:9d:5d:42:63:f9:
                    68:09:7a:31:69:c9:43:47:7c:b6:39:56:ef:5b:19:
                    2a:01:b4:1e:18:20:ed:eb:d6:ba:8d:1d:54:20:6b:
                    1e:d1:9a:3f:10:18:5a:5e:5b:a9:04:38:b4:f3:fd:
                    5c:f1:94:0d:14:89:f6:25:ae:9d:9a:16:c4:5b:6d:
                    27:29:66:18:51:e5:37:3f:53:d0:11:8c:38:e3:dc:
                    33:5a:91:99:50:9b:b4:44:ab:6a:f0:9d:28:e3:74:
                    2e:2b:28:c6:93:7c:4a:fb:01:1e:2b:71:53:e1:b1:
                    4a:53:30:cb:07:20:39:4a:8a:4d:78:7c:4b:c6:48:
                    8e:f6:5d:08:4c:da:d3:da:9b:65:8c:a0:18:78:95:
                    83:1e:1b:d0:74:4b:19:8d:83:66:1b:68:24:ee:89:
                    29:ce:d9:50:6d:e2:ae:66:86:2f:85:69:bc:3a:a3:
                    49:34:f4:94:1d:c5:74:a4:c4:ac:f7:23:90:c5:a1:
                    ef:2a:2e:c0:fd:ba:12:d2:0e:e8:76:e0:ba:39:af:
                    9e:60:2f:59:db:50:90:90:fe:58:0b:9c:0c:c3:4c:
                    cb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B9:46:A6:65:28:99:3D:B1:A6:8F:44:11:BA:2F:9C:FE:7D:22:EF
            X509v3 Authority Key Identifier:
                keyid:95:B8:1F:4E:45:D7:11:DA:0C:14:8D:C2:BA:AD:15:04:DD:BB:42:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbgfTkXXEdoMFI3Cuq0VBN27Qns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/DblGpmUomT2xpo9EEbovnP59Iu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/lbgfTkXXEdoMFI3Cuq0VBN27Qns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:04:5f:6f:96:6c:c4:69:e7:ed:6e:e2:a4:24:d8:de:23:6d:
         49:c7:f6:be:0c:1f:39:00:9a:9f:f6:1d:7d:c7:cd:d6:c6:9c:
         25:ac:11:00:b8:0b:dc:ab:d0:b5:6b:55:cf:2a:1b:b6:da:c0:
         b9:28:a3:0f:d0:de:7f:9b:f7:3d:19:2f:4f:26:4c:ce:09:20:
         cb:f0:76:2d:0b:a7:2b:cc:09:72:27:a6:b3:81:50:37:d3:d4:
         9c:ce:f8:d2:12:66:75:8a:2a:f6:45:ce:32:c5:b8:74:5e:02:
         83:35:06:7b:98:19:31:95:88:71:21:45:18:4d:e7:ce:c3:cf:
         17:5e:c8:1f:72:cc:11:77:15:a7:5f:0c:de:56:59:39:d3:69:
         d2:6f:a1:b9:7a:d1:fa:84:92:da:be:96:b7:20:1f:5e:20:be:
         04:15:8f:6d:9a:c2:40:64:5c:1e:68:af:cc:45:7d:f4:17:d1:
         09:8c:92:a3:88:bb:01:c2:06:84:ec:6c:93:74:a1:fd:03:aa:
         bd:b4:da:38:fd:a2:eb:4f:0f:18:fe:29:54:c0:06:7d:67:36:
         ed:69:61:42:d4:5d:db:07:60:24:fd:3f:e4:93:7b:15:a2:23:
         38:d3:b2:5f:24:56:51:da:77:d9:c2:9c:18:c7:d7:ee:01:4a:
         65:a8:82:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+H1jXYKg9wDrVnqKTrcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjgxZjRlNDVkNzExZGEwYzE0OGRjMmJhYWQxNTA0ZGRi
YjQyN2IwHhcNMjQwMTAxMTYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI5NDZhNjY1Mjg5OTNkYjFhNjhmNDQxMWJhMmY5Y2ZlN2QyMmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjd74BqUNlwpmXNDkyfzh7m6UkZhb
+Jz8quSJuo06qIqXw9jrUWF5nV1CY/loCXoxaclDR3y2OVbvWxkqAbQeGCDt69a6
jR1UIGse0Zo/EBhaXlupBDi08/1c8ZQNFIn2Ja6dmhbEW20nKWYYUeU3P1PQEYw4
49wzWpGZUJu0RKtq8J0o43QuKyjGk3xK+wEeK3FT4bFKUzDLByA5SopNeHxLxkiO
9l0ITNrT2ptljKAYeJWDHhvQdEsZjYNmG2gk7okpztlQbeKuZoYvhWm8OqNJNPSU
HcV0pMSs9yOQxaHvKi7A/boS0g7oduC6Oa+eYC9Z21CQkP5YC5wMw0zLwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA25RqZlKJk9saaPRBG6L5z+fSLvMB8GA1UdIwQY
MBaAFJW4H05F1xHaDBSNwrqtFQTdu0J7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJnZlRrWFhFZG9NRkkzQ3VxMFZCTjI3UW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8wYWFiNzgtNjZkZS00NDRjLWE4NDMt
MGIzY2I0YzZiNzlhLzEvRGJsR3BtVW9tVDJ4cG85RUVib3ZuUDU5SXU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8wYWFiNzgtNjZkZS00NDRjLWE4NDMtMGIzY2I0YzZiNzlh
LzEvbGJnZlRrWFhFZG9NRkkzQ3VxMFZCTjI3UW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjm8MA0G
CSqGSIb3DQEBCwUAA4IBAQBxBF9vlmzEaeftbuKkJNjeI21Jx/a+DB85AJqf9h19
x83WxpwlrBEAuAvcq9C1a1XPKhu22sC5KKMP0N5/m/c9GS9PJkzOCSDL8HYtC6cr
zAlyJ6azgVA309SczvjSEmZ1iir2Rc4yxbh0XgKDNQZ7mBkxlYhxIUUYTefOw88X
XsgfcswRdxWnXwzeVlk502nSb6G5etH6hJLavpa3IB9eIL4EFY9tmsJAZFweaK/M
RX30F9EJjJKjiLsBwgaE7GyTdKH9A6q9tNo4/aLrTw8Y/ilUwAZ9ZzbtaWFC1F3b
B2Ak/T/kk3sVoiM407JfJFZR2nfZwpwYx9fuAUplqIL/
-----END CERTIFICATE-----
Generated at Mon Jun 24 10:27:03 2024 by rpki-client on console-fra.rpki-client.org