Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/O2Hs0I0LS3Ki2yczQMImoYKH1IQ.roa
File:                     O2Hs0I0LS3Ki2yczQMImoYKH1IQ.roa (raw, json)
Hash identifier:          8jEqv1SbEeNtm9dYhLVErWC8zZhTZWusBWqSApONflo=
Subject key identifier:   3B:61:EC:D0:8D:0B:4B:72:A2:DB:27:33:40:C2:26:A1:82:87:D4:84
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       0192DCC0366B1DDA3EB419C2A175E8A30656
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/O2Hs0I0LS3Ki2yczQMImoYKH1IQ.roa
Signing time:             Wed 30 Oct 2024 09:27:17 +0000
ROA not before:           Wed 30 Oct 2024 09:27:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55154
IP address blocks:        109.104.134.0/24 maxlen: 24
                          109.104.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dc:c0:36:6b:1d:da:3e:b4:19:c2:a1:75:e8:a3:06:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Oct 30 09:27:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b61ecd08d0b4b72a2db273340c226a18287d484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:5c:29:7b:12:dc:38:8a:1a:4e:cb:f3:09:ea:
                    16:ec:33:ad:dc:2a:81:fc:6f:90:7f:b3:40:b7:35:
                    3b:96:53:f6:08:60:31:bf:63:b7:29:b9:ad:a6:28:
                    d9:5e:68:9e:4c:39:13:2b:39:8a:8c:97:1c:e6:3d:
                    2c:4b:4a:26:6c:35:6f:c8:58:f8:93:23:cc:4e:b8:
                    46:1e:7b:e3:8d:07:af:ad:42:89:ed:99:88:8a:5a:
                    ac:df:66:1c:a5:07:0b:6b:5a:11:b2:17:63:d1:48:
                    92:cc:d8:8a:e1:20:e0:57:f0:0d:b0:46:74:e6:9c:
                    51:5b:d6:bd:c8:34:80:92:06:b5:a6:77:18:ac:33:
                    d6:d2:f7:05:3c:bd:01:84:cb:5c:7b:c1:65:52:02:
                    b8:fa:04:02:64:56:06:6c:22:00:0c:a6:ef:82:a1:
                    69:4c:ff:5c:31:0f:5b:4d:29:ee:80:a1:4a:02:00:
                    ba:97:5e:f0:b4:7a:f2:3a:89:c7:9d:dc:f1:82:1e:
                    8f:5b:bd:83:48:d2:74:49:64:b4:96:e2:ff:a4:13:
                    34:4f:2d:0d:d8:13:2e:5d:41:a8:5e:ce:e2:37:89:
                    4b:24:01:86:63:4e:c9:37:fb:42:27:bd:da:2d:47:
                    59:cc:b6:39:d9:d5:0e:2a:87:7f:ec:9f:43:06:96:
                    93:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:61:EC:D0:8D:0B:4B:72:A2:DB:27:33:40:C2:26:A1:82:87:D4:84
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/O2Hs0I0LS3Ki2yczQMImoYKH1IQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.134.0/24
                  109.104.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:9a:af:29:bc:98:90:ec:ab:5b:e7:f3:74:9d:cd:73:d6:cb:
         da:5e:26:86:de:ba:56:7d:d3:6d:96:a9:87:e8:f0:19:a8:fa:
         e7:99:21:c2:3b:0e:62:0a:75:4a:b1:3b:df:52:3f:1d:29:e2:
         97:df:e0:99:c1:21:69:f5:9d:bb:c4:d4:72:f3:63:12:6b:06:
         da:6a:a3:00:fb:57:bb:ba:23:0f:da:48:e7:75:a8:56:ca:39:
         ea:07:01:c6:6e:60:e9:df:64:24:92:62:e1:e0:4e:41:6e:fc:
         62:76:62:4d:25:fc:ce:76:52:7f:ca:1f:3f:ef:b1:90:ff:82:
         6a:ea:75:d8:a5:99:32:49:4b:ce:89:fe:3f:4f:b8:25:7c:23:
         15:52:e2:51:c0:0b:36:bd:78:8c:7e:b0:d9:3f:b8:cb:cf:66:
         c4:04:66:c3:fb:24:7a:ab:bf:11:1d:1a:4b:eb:e8:3a:4d:93:
         a5:7a:bb:d6:b2:f2:fc:94:ac:ae:1a:f0:09:18:c6:5d:ea:42:
         cc:cc:7d:13:81:f3:33:98:c1:5a:85:d9:c5:a4:61:93:f4:40:
         fe:a3:ad:b5:3f:79:a8:f5:7e:11:08:3d:67:c1:10:09:08:98:
         79:27:d5:14:8c:49:7a:8f:71:24:78:47:3e:78:db:b6:7d:3d:
         48:77:27:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLcwDZrHdo+tBnCoXXoowZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjQxMDMwMDkyNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjYxZWNkMDhkMGI0YjcyYTJkYjI3MzM0MGMyMjZhMTgyODdkNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31wpexLcOIoaTsvzCeoW7DOt3CqB
/G+Qf7NAtzU7llP2CGAxv2O3KbmtpijZXmieTDkTKzmKjJcc5j0sS0ombDVvyFj4
kyPMTrhGHnvjjQevrUKJ7ZmIilqs32YcpQcLa1oRshdj0UiSzNiK4SDgV/ANsEZ0
5pxRW9a9yDSAkga1pncYrDPW0vcFPL0BhMtce8FlUgK4+gQCZFYGbCIADKbvgqFp
TP9cMQ9bTSnugKFKAgC6l17wtHryOonHndzxgh6PW72DSNJ0SWS0luL/pBM0Ty0N
2BMuXUGoXs7iN4lLJAGGY07JN/tCJ73aLUdZzLY52dUOKod/7J9DBpaT5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDth7NCNC0tyotsnM0DCJqGCh9SEMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvTzJIczBJMExTM0tpMnljelFNSW1vWUtIMUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWiGAwQA
bWiIMA0GCSqGSIb3DQEBCwUAA4IBAQAsmq8pvJiQ7Ktb5/N0nc1z1svaXiaG3rpW
fdNtlqmH6PAZqPrnmSHCOw5iCnVKsTvfUj8dKeKX3+CZwSFp9Z27xNRy82MSawba
aqMA+1e7uiMP2kjndahWyjnqBwHGbmDp32QkkmLh4E5BbvxidmJNJfzOdlJ/yh8/
77GQ/4Jq6nXYpZkySUvOif4/T7glfCMVUuJRwAs2vXiMfrDZP7jLz2bEBGbD+yR6
q78RHRpL6+g6TZOlervWsvL8lKyuGvAJGMZd6kLMzH0TgfMzmMFahdnFpGGT9ED+
o621P3mo9X4RCD1nwRAJCJh5J9UUjEl6j3EkeEc+eNu2fT1IdyeM
-----END CERTIFICATE-----
Generated at Mon Nov 25 13:56:39 2024 by rpki-client on console-ams.rpki-client.org