Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/9hamjLmK2l3r39mG00TR2Z5btdw.roa
File:                     9hamjLmK2l3r39mG00TR2Z5btdw.roa (raw, json)
Hash identifier:          LwEgCD5LCkfabGRyrpd3P2MSWdWYU++X00mI1M/gO4c=
Subject key identifier:   F6:16:A6:8C:B9:8A:DA:5D:EB:DF:D9:86:D3:44:D1:D9:9E:5B:B5:DC
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       018CC2DAC78E336DEC135B13210DDCF6C19B
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/9hamjLmK2l3r39mG00TR2Z5btdw.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136557
IP address blocks:        91.217.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c7:8e:33:6d:ec:13:5b:13:21:0d:dc:f6:c1:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f616a68cb98ada5debdfd986d344d1d99e5bb5dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:7c:5d:1b:b1:6e:a6:10:02:a4:91:4c:ec:23:
                    9a:4a:4a:7a:5a:83:1d:a0:cc:69:73:8a:78:ff:7c:
                    4c:3a:b8:ca:b2:13:4e:1d:c3:aa:89:2b:c9:89:1e:
                    7c:09:81:61:00:13:56:08:16:e7:67:6a:19:8b:57:
                    0f:7e:ab:54:9f:bd:eb:6a:0a:ba:cc:39:7f:9d:e7:
                    db:d1:75:ed:63:6b:f8:46:0e:05:b9:74:25:a8:7e:
                    2e:7e:4c:60:8d:f3:e7:81:78:cf:77:d5:e6:d9:9c:
                    98:46:aa:5b:17:87:bb:92:98:76:6b:32:d9:1f:b7:
                    1a:99:b6:4c:cc:79:e4:d0:40:2d:78:4f:b3:08:f6:
                    89:1e:b9:b2:2f:70:0e:7b:c6:25:9e:0a:fa:38:8e:
                    a5:86:65:ff:92:ae:32:99:59:7f:17:e2:6c:bf:52:
                    9d:8d:6c:54:7a:ae:4d:e9:7d:c9:6a:1b:8d:f8:43:
                    b2:24:8a:74:03:1f:d0:c4:1e:74:92:13:9e:0d:f5:
                    53:25:53:28:d2:ea:cf:75:f2:da:7a:bb:0e:12:2b:
                    f2:72:0e:13:7e:51:e3:34:8e:df:ea:df:94:72:01:
                    f9:fc:86:87:50:f6:67:48:4a:c8:a0:77:d0:f6:5d:
                    02:e8:f6:16:c6:da:3e:b6:ea:53:6f:ad:6c:a1:67:
                    d3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:16:A6:8C:B9:8A:DA:5D:EB:DF:D9:86:D3:44:D1:D9:9E:5B:B5:DC
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/9hamjLmK2l3r39mG00TR2Z5btdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:b3:c6:c5:f5:ca:b7:63:60:1d:ff:65:6f:fd:cf:9f:79:33:
         f9:2d:ee:0c:67:3d:c5:3c:96:dd:0c:ae:b9:51:83:5f:3a:a7:
         c7:a8:c2:1d:95:08:58:64:d0:d6:b0:64:0d:ef:03:17:3f:71:
         0a:fe:28:ae:c2:d9:83:74:20:20:c2:28:33:95:da:3d:7a:60:
         37:85:c4:24:82:76:d5:4f:6f:64:20:be:9f:a3:68:a2:5a:22:
         0b:43:29:fa:b6:23:34:de:89:b9:9f:bf:f4:0b:47:c0:60:0a:
         18:bb:3b:53:7a:f9:45:4e:20:56:63:82:5f:41:03:6e:d8:b5:
         2b:30:1a:db:38:9d:f8:6b:ad:20:16:d7:6b:cd:c4:ff:2f:25:
         9b:77:8e:8c:3a:2d:10:fc:26:fd:be:d9:7b:b0:06:19:38:30:
         78:c0:0d:f0:d5:33:e3:4a:40:1d:d3:a1:0a:92:8c:fc:be:15:
         3c:66:23:76:5d:6d:83:a9:aa:b9:9b:92:2e:68:51:05:27:d3:
         f9:1f:d1:e1:a1:ba:d3:f0:96:3b:07:84:89:39:a5:80:17:fc:
         a9:cd:c7:98:70:47:bc:9c:d4:90:82:aa:48:57:f2:7b:41:b8:
         ae:59:56:eb:81:1f:8f:5c:de:8f:64:c4:ff:06:c3:15:a0:98:
         b6:63:ba:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2seOM23sE1sTIQ3c9sGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE2YTY4Y2I5OGFkYTVkZWJkZmQ5ODZkMzQ0ZDFkOTllNWJiNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nxdG7FuphACpJFM7COaSkp6WoMd
oMxpc4p4/3xMOrjKshNOHcOqiSvJiR58CYFhABNWCBbnZ2oZi1cPfqtUn73ragq6
zDl/nefb0XXtY2v4Rg4FuXQlqH4ufkxgjfPngXjPd9Xm2ZyYRqpbF4e7kph2azLZ
H7cambZMzHnk0EAteE+zCPaJHrmyL3AOe8Ylngr6OI6lhmX/kq4ymVl/F+Jsv1Kd
jWxUeq5N6X3JahuN+EOyJIp0Ax/QxB50khOeDfVTJVMo0urPdfLaersOEivycg4T
flHjNI7f6t+UcgH5/IaHUPZnSErIoHfQ9l0C6PYWxto+tupTb61soWfTAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYWpoy5itpd69/ZhtNE0dmeW7XcMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvOWhhbWpMbUsybDNyMzltRzAwVFIyWjVidGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9lIMA0G
CSqGSIb3DQEBCwUAA4IBAQCFs8bF9cq3Y2Ad/2Vv/c+feTP5Le4MZz3FPJbdDK65
UYNfOqfHqMIdlQhYZNDWsGQN7wMXP3EK/iiuwtmDdCAgwigzldo9emA3hcQkgnbV
T29kIL6fo2iiWiILQyn6tiM03om5n7/0C0fAYAoYuztTevlFTiBWY4JfQQNu2LUr
MBrbOJ34a60gFtdrzcT/LyWbd46MOi0Q/Cb9vtl7sAYZODB4wA3w1TPjSkAd06EK
koz8vhU8ZiN2XW2Dqaq5m5IuaFEFJ9P5H9HhobrT8JY7B4SJOaWAF/ypzceYcEe8
nNSQgqpIV/J7QbiuWVbrgR+PXN6PZMT/BsMVoJi2Y7rR
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:42:31 2024 by rpki-client on console-ams.rpki-client.org