Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/KTHu7svZGnUBnUHB54bKrAQGovM.roa
File:                     KTHu7svZGnUBnUHB54bKrAQGovM.roa (raw, json)
Hash identifier:          I+zCawFktzCalv6rBL0G7Ct/jK/Dr1Y/Xb7G3SvaOZg=
Subject key identifier:   29:31:EE:EE:CB:D9:1A:75:01:9D:41:C1:E7:86:CA:AC:04:06:A2:F3
Certificate issuer:       /CN=9f1bd9732e6cdd6e7494d79187fca855b5199909
Certificate serial:       018CC424DA149B98BE2369868E88A3022190
Authority key identifier: 9F:1B:D9:73:2E:6C:DD:6E:74:94:D7:91:87:FC:A8:55:B5:19:99:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nxvZcy5s3W50lNeRh_yoVbUZmQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/KTHu7svZGnUBnUHB54bKrAQGovM.roa
Signing time:             Mon 01 Jan 2024 08:29:58 +0000
ROA not before:           Mon 01 Jan 2024 08:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.33.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/nxvZcy5s3W50lNeRh_yoVbUZmQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/nxvZcy5s3W50lNeRh_yoVbUZmQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nxvZcy5s3W50lNeRh_yoVbUZmQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:da:14:9b:98:be:23:69:86:8e:88:a3:02:21:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f1bd9732e6cdd6e7494d79187fca855b5199909
        Validity
            Not Before: Jan  1 08:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2931eeeecbd91a75019d41c1e786caac0406a2f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6a:b3:8f:56:36:e9:af:28:29:b0:ac:eb:ca:
                    70:a8:89:6a:56:4b:2a:a1:92:b0:76:26:08:b6:2b:
                    8f:b7:18:f5:a8:68:44:0e:04:7c:c8:9f:18:ed:14:
                    58:b2:93:47:3d:01:fb:34:82:96:bf:47:37:54:1d:
                    ea:42:2c:84:5c:ba:60:77:a8:99:e6:ec:12:a7:31:
                    9e:20:60:4b:7e:1e:27:a8:70:fa:c1:6b:db:62:9e:
                    46:06:a2:63:ae:6d:99:07:0f:fa:f7:51:a5:de:de:
                    26:e6:1b:0d:07:1a:15:43:69:fd:ec:c5:c2:c2:2c:
                    46:ab:e2:32:9f:d7:3f:df:26:88:c8:e8:8e:9e:36:
                    77:b2:0a:a8:8e:58:12:99:7f:e4:8e:18:fc:3a:2e:
                    29:e1:4e:b5:b9:74:c2:8c:d0:f4:5b:bf:98:05:8c:
                    a2:6a:61:d9:1a:40:a5:1f:50:3b:31:9b:77:26:65:
                    40:3f:e3:b3:0f:a7:fb:e9:1d:3b:41:db:2d:52:88:
                    00:04:70:f5:65:ed:fc:33:4b:2f:a4:df:ea:37:44:
                    70:b5:e0:9e:bc:82:87:61:a9:5b:58:11:03:0d:02:
                    d7:aa:0f:b0:62:04:36:9b:af:a7:14:b4:93:d6:61:
                    3c:86:9f:36:24:62:91:83:94:61:c9:a7:66:51:ef:
                    a6:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:31:EE:EE:CB:D9:1A:75:01:9D:41:C1:E7:86:CA:AC:04:06:A2:F3
            X509v3 Authority Key Identifier:
                keyid:9F:1B:D9:73:2E:6C:DD:6E:74:94:D7:91:87:FC:A8:55:B5:19:99:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nxvZcy5s3W50lNeRh_yoVbUZmQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/KTHu7svZGnUBnUHB54bKrAQGovM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/nxvZcy5s3W50lNeRh_yoVbUZmQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:49:98:69:22:b5:c1:d3:f2:1f:a2:e0:ae:fc:1e:13:53:01:
         a9:d1:08:74:2e:4a:d6:24:5e:a8:8e:a5:14:48:75:23:00:d3:
         1a:a0:97:3b:f7:31:1e:51:fc:f5:c6:7b:d3:6d:e3:d7:55:f3:
         68:89:d9:38:21:73:6f:d3:6b:1d:43:07:85:85:b5:9d:66:eb:
         cc:f5:4a:d2:93:92:9a:20:80:9a:2d:95:02:5c:f5:4e:ef:a4:
         f6:b5:b4:ab:5a:eb:d2:da:c0:81:91:4a:e0:73:ab:04:9f:be:
         6e:db:96:45:96:02:33:b4:68:44:ef:83:9d:09:f6:0c:ec:56:
         ab:c4:f2:02:a4:ef:72:74:3c:99:1a:bf:b8:85:da:d0:68:31:
         38:2f:02:37:3b:c7:0b:36:fe:12:25:63:a8:52:77:31:be:bc:
         aa:c2:e7:9e:c1:54:18:b6:d3:d8:42:0b:e5:56:d4:50:4d:97:
         0d:4d:ba:af:88:21:c9:83:05:92:15:ad:49:6c:de:f7:82:a8:
         f5:21:e2:ba:f5:b6:b9:70:52:0c:c2:70:d6:6b:57:22:da:a8:
         ae:61:00:c9:70:86:b7:44:18:95:2c:61:07:33:04:9a:31:8a:
         71:e2:bd:92:ba:bd:66:a7:2f:90:7c:88:0e:31:44:15:f8:8e:
         33:21:54:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJNoUm5i+I2mGjoijAiGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMWJkOTczMmU2Y2RkNmU3NDk0ZDc5MTg3ZmNhODU1YjUx
OTk5MDkwHhcNMjQwMTAxMDgyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTMxZWVlZWNiZDkxYTc1MDE5ZDQxYzFlNzg2Y2FhYzA0MDZhMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGqzj1Y26a8oKbCs68pwqIlqVksq
oZKwdiYItiuPtxj1qGhEDgR8yJ8Y7RRYspNHPQH7NIKWv0c3VB3qQiyEXLpgd6iZ
5uwSpzGeIGBLfh4nqHD6wWvbYp5GBqJjrm2ZBw/691Gl3t4m5hsNBxoVQ2n97MXC
wixGq+Iyn9c/3yaIyOiOnjZ3sgqojlgSmX/kjhj8Oi4p4U61uXTCjND0W7+YBYyi
amHZGkClH1A7MZt3JmVAP+OzD6f76R07QdstUogABHD1Ze38M0svpN/qN0RwteCe
vIKHYalbWBEDDQLXqg+wYgQ2m6+nFLST1mE8hp82JGKRg5RhyadmUe+mUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkx7u7L2Rp1AZ1BweeGyqwEBqLzMB8GA1UdIwQY
MBaAFJ8b2XMubN1udJTXkYf8qFW1GZkJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnh2WmN5NXMzVzUwbE5lUmhfeW9WYlVabVFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8xNGVhZDktY2JiMS00NjM5LTgxYTct
ZDhiODIwMmQ3Nzg2LzEvS1RIdTdzdlpHblVCblVIQjU0YktyQVFHb3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8xNGVhZDktY2JiMS00NjM5LTgxYTctZDhiODIwMmQ3Nzg2
LzEvbnh2WmN5NXMzVzUwbE5lUmhfeW9WYlVabVFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSGJMA0G
CSqGSIb3DQEBCwUAA4IBAQDUSZhpIrXB0/IfouCu/B4TUwGp0Qh0LkrWJF6ojqUU
SHUjANMaoJc79zEeUfz1xnvTbePXVfNoidk4IXNv02sdQweFhbWdZuvM9UrSk5Ka
IICaLZUCXPVO76T2tbSrWuvS2sCBkUrgc6sEn75u25ZFlgIztGhE74OdCfYM7Far
xPICpO9ydDyZGr+4hdrQaDE4LwI3O8cLNv4SJWOoUncxvryqwueewVQYttPYQgvl
VtRQTZcNTbqviCHJgwWSFa1JbN73gqj1IeK69ba5cFIMwnDWa1ci2qiuYQDJcIa3
RBiVLGEHMwSaMYpx4r2Sur1mpy+QfIgOMUQV+I4zIVRb
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:04:00 2024 by rpki-client on console-ams.rpki-client.org