Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Y0l5UtKo6uM1I7AEolXnh2iTc8o.roa
File:                     Y0l5UtKo6uM1I7AEolXnh2iTc8o.roa (raw, json)
Hash identifier:          Itm9sWUE/drRHPOCynU3hIvmxOx7zli+fjhrtPaZuuo=
Subject key identifier:   63:49:79:52:D2:A8:EA:E3:35:23:B0:04:A2:55:E7:87:68:93:73:CA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CD49CB2E87F9E5627CE289895122B259A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Y0l5UtKo6uM1I7AEolXnh2iTc8o.roa
Signing time:             Thu 04 Jan 2024 13:14:48 +0000
ROA not before:           Thu 04 Jan 2024 13:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215780
IP address blocks:        194.87.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d4:9c:b2:e8:7f:9e:56:27:ce:28:98:95:12:2b:25:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  4 13:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63497952d2a8eae33523b004a255e787689373ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a2:c4:0c:a8:33:ac:9c:a4:b2:85:5c:00:e4:
                    36:25:ab:23:76:2f:3a:ef:fb:cd:9c:ee:0f:3c:0d:
                    38:7f:9b:e6:95:4d:a9:89:74:e0:ae:b8:85:11:a6:
                    bb:54:f1:f5:e7:f5:58:92:f3:bb:6c:95:b0:be:15:
                    4e:b9:8a:55:a9:43:fc:34:0e:21:2f:e7:b2:5e:66:
                    5d:a5:1e:e8:5d:1e:56:31:01:8f:31:d1:c6:6a:29:
                    8b:c6:b1:1d:b8:29:23:40:d2:68:fc:3d:1b:d9:93:
                    af:ea:05:ab:04:78:92:b6:4a:bc:b7:e1:9f:55:b5:
                    bd:38:e4:29:d9:17:8b:c1:91:ae:b0:89:2d:6e:0b:
                    7e:89:1f:13:89:78:ed:e3:83:f4:a2:25:f9:17:8f:
                    4d:13:db:44:a7:2a:18:3f:10:6e:5a:33:71:70:b8:
                    33:c3:eb:27:77:29:9f:f6:af:e1:98:4e:3a:29:7d:
                    2d:53:d8:aa:ee:b4:7f:30:df:97:c7:a3:0d:77:5d:
                    c7:66:1e:5d:ce:ed:63:b4:fb:b5:96:94:44:4b:30:
                    67:32:6a:77:e1:30:17:de:45:18:19:90:88:61:e5:
                    5d:76:dd:4d:eb:b3:6d:f7:14:dd:2e:30:cb:a8:ad:
                    39:0a:a1:7c:c3:0b:51:26:24:6b:60:14:62:7c:8b:
                    1f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:49:79:52:D2:A8:EA:E3:35:23:B0:04:A2:55:E7:87:68:93:73:CA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Y0l5UtKo6uM1I7AEolXnh2iTc8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:a2:78:f7:70:be:3d:af:b0:9c:17:af:d1:bc:e9:f7:66:e4:
         23:f7:4d:92:cd:cc:bd:ea:bc:e6:ce:78:08:93:2e:91:69:e2:
         92:52:1d:26:72:c6:c8:b5:24:49:61:f3:9b:85:a4:bb:2f:7d:
         8f:02:20:06:09:fb:35:f0:7f:f4:16:ab:1d:1b:50:0c:e2:8c:
         79:07:48:ba:f2:29:3c:e8:99:20:f9:bc:d9:c7:36:0a:7f:e2:
         4c:1e:72:84:62:c4:78:5c:43:22:af:7f:3e:69:42:9d:a3:8a:
         8f:17:c0:2e:68:e7:ce:91:6c:2b:cc:58:d0:7e:6a:98:78:33:
         be:a9:86:9a:a8:f2:49:3d:ed:a8:8c:bb:f7:e4:ee:9d:c1:94:
         9f:9e:55:ca:74:6e:5e:de:0b:9a:b9:a2:36:d6:a6:9a:01:67:
         30:a6:c7:4d:fe:c3:c5:25:da:0c:4b:22:84:3b:96:35:e4:33:
         66:90:1d:2b:c2:65:a6:c1:3b:a1:8f:28:33:72:93:c1:54:2c:
         dc:93:17:18:fb:e8:70:9c:68:69:b7:a5:c0:38:52:e9:bd:9c:
         e6:c6:2d:ab:5c:bf:67:29:e4:5f:d5:45:d1:db:f2:48:cb:6d:
         5b:57:c3:21:4b:19:b9:57:a4:42:b7:5a:52:06:8f:1e:cb:31:
         34:14:de:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzUnLLof55WJ84omJUSKyWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTA0MTMxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQ5Nzk1MmQyYThlYWUzMzUyM2IwMDRhMjU1ZTc4NzY4OTM3M2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaLEDKgzrJyksoVcAOQ2Jasjdi86
7/vNnO4PPA04f5vmlU2piXTgrriFEaa7VPH15/VYkvO7bJWwvhVOuYpVqUP8NA4h
L+eyXmZdpR7oXR5WMQGPMdHGaimLxrEduCkjQNJo/D0b2ZOv6gWrBHiStkq8t+Gf
VbW9OOQp2ReLwZGusIktbgt+iR8TiXjt44P0oiX5F49NE9tEpyoYPxBuWjNxcLgz
w+sndymf9q/hmE46KX0tU9iq7rR/MN+Xx6MNd13HZh5dzu1jtPu1lpRESzBnMmp3
4TAX3kUYGZCIYeVddt1N67Nt9xTdLjDLqK05CqF8wwtRJiRrYBRifIsf5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNJeVLSqOrjNSOwBKJV54dok3PKMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWTBsNVV0S282dU0xSTdBRW9sWG5oMmlUYzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlcCMA0G
CSqGSIb3DQEBCwUAA4IBAQCGonj3cL49r7CcF6/RvOn3ZuQj902Szcy96rzmzngI
ky6RaeKSUh0mcsbItSRJYfObhaS7L32PAiAGCfs18H/0FqsdG1AM4ox5B0i68ik8
6Jkg+bzZxzYKf+JMHnKEYsR4XEMir38+aUKdo4qPF8AuaOfOkWwrzFjQfmqYeDO+
qYaaqPJJPe2ojLv35O6dwZSfnlXKdG5e3guauaI21qaaAWcwpsdN/sPFJdoMSyKE
O5Y15DNmkB0rwmWmwTuhjygzcpPBVCzckxcY++hwnGhpt6XAOFLpvZzmxi2rXL9n
KeRf1UXR2/JIy21bV8MhSxm5V6RCt1pSBo8eyzE0FN4w
-----END CERTIFICATE-----
Generated at Fri May 17 23:34:11 2024 by rpki-client on console-fra.rpki-client.org