Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/UB301w9WFL5D4YiK7LdWeUoJGDQ.roa
File:                     UB301w9WFL5D4YiK7LdWeUoJGDQ.roa (raw, json)
Hash identifier:          /MRMKAwnROO9De2sQGqOIZc69C5bEUU4VK4NSH+P0FY=
Subject key identifier:   50:1D:F4:D7:0F:56:14:BE:43:E1:88:8A:EC:B7:56:79:4A:09:18:34
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       018CC3B6F4F48EB4B766697C54D787AC1FCE
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/UB301w9WFL5D4YiK7LdWeUoJGDQ.roa
Signing time:             Mon 01 Jan 2024 06:29:56 +0000
ROA not before:           Mon 01 Jan 2024 06:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203436
IP address blocks:        185.224.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f4:f4:8e:b4:b7:66:69:7c:54:d7:87:ac:1f:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=501df4d70f5614be43e1888aecb756794a091834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:83:a2:6f:cc:c6:94:fd:cc:c6:75:3e:53:28:
                    d9:70:ce:ac:a8:70:fd:aa:01:08:85:7f:c5:c7:82:
                    e0:8c:49:2c:1e:04:30:9a:e8:8b:24:4f:c8:da:e9:
                    44:bc:49:c0:51:76:43:a1:c4:10:91:29:19:76:29:
                    a9:a9:8c:fc:c1:e4:f8:5f:8f:fa:7c:68:41:4f:63:
                    65:5d:a5:02:dc:f8:9a:2e:cc:63:0c:05:52:cd:e8:
                    0b:34:9e:b0:d3:ef:53:3a:5c:3b:47:ef:8a:4d:3e:
                    22:ef:bc:eb:e1:0c:ed:14:60:dc:35:1e:86:b4:98:
                    d2:ae:1a:75:eb:fe:6a:69:40:b6:88:a3:3d:e9:6a:
                    af:68:35:8d:d2:30:97:9c:e4:96:2f:0d:88:b0:97:
                    de:72:cd:b7:b5:ce:3a:6d:d3:bc:f2:00:ad:25:c1:
                    45:19:f8:f3:27:3e:a2:4e:fa:b8:95:27:96:a2:95:
                    e0:0c:42:11:ae:ad:33:31:b9:da:0e:02:01:a0:ba:
                    33:30:dc:95:e6:d3:96:5f:d7:c3:1d:84:b6:72:1b:
                    44:11:86:62:4b:6d:a7:dd:03:8c:41:3c:55:01:da:
                    12:22:20:7f:de:5a:62:76:97:91:56:fd:ef:ad:c1:
                    37:f4:bc:6b:bc:7f:2b:cc:ce:46:2e:ed:91:e1:1d:
                    4c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:1D:F4:D7:0F:56:14:BE:43:E1:88:8A:EC:B7:56:79:4A:09:18:34
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/UB301w9WFL5D4YiK7LdWeUoJGDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:c9:87:db:54:fa:18:65:11:3e:23:3e:b5:5f:7d:e7:a7:ff:
         50:65:f0:57:43:42:5c:d3:99:42:83:d2:68:9d:cc:e8:cf:5c:
         df:6e:b4:50:b6:d0:80:6b:70:e2:28:40:b4:73:50:f8:c7:1e:
         02:54:4d:17:23:36:2f:ac:d0:dd:b3:b0:38:4b:7c:44:fa:2d:
         53:8f:ec:7e:41:d0:6d:b4:f3:4d:79:74:88:5c:11:ec:20:22:
         e8:d9:37:02:79:e3:48:2b:95:d1:28:52:ab:73:50:04:e8:fb:
         b1:47:6d:c5:56:50:cc:e6:52:b2:1d:b0:e8:99:59:c2:b1:6f:
         43:0c:63:59:08:1b:4b:c3:51:3e:aa:c8:cc:a9:a2:64:4c:3f:
         57:12:c1:67:8f:48:44:bd:4e:a3:63:52:88:d1:64:e8:da:1f:
         45:81:ea:d2:73:80:51:e9:a9:39:52:af:6c:18:60:10:8d:50:
         5c:1a:07:7e:e1:ed:d6:65:ea:27:6e:f0:1a:d1:34:af:ea:ac:
         0f:8a:a2:a5:36:1e:68:24:88:1c:d3:fd:f4:a6:54:e5:75:73:
         25:67:57:fc:70:7d:12:31:da:54:ee:8b:69:e9:06:7f:48:db:
         68:26:48:b3:cc:6e:13:8e:56:ce:a8:21:f3:5b:87:19:11:38:
         38:a1:a2:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvT0jrS3Zml8VNeHrB/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDFkZjRkNzBmNTYxNGJlNDNlMTg4OGFlY2I3NTY3OTRhMDkxODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoOib8zGlP3MxnU+UyjZcM6sqHD9
qgEIhX/Fx4LgjEksHgQwmuiLJE/I2ulEvEnAUXZDocQQkSkZdimpqYz8weT4X4/6
fGhBT2NlXaUC3PiaLsxjDAVSzegLNJ6w0+9TOlw7R++KTT4i77zr4QztFGDcNR6G
tJjSrhp16/5qaUC2iKM96WqvaDWN0jCXnOSWLw2IsJfecs23tc46bdO88gCtJcFF
GfjzJz6iTvq4lSeWopXgDEIRrq0zMbnaDgIBoLozMNyV5tOWX9fDHYS2chtEEYZi
S22n3QOMQTxVAdoSIiB/3lpidpeRVv3vrcE39LxrvH8rzM5GLu2R4R1MOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAd9NcPVhS+Q+GIiuy3VnlKCRg0MB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvVUIzMDF3OVdGTDVENFlpSzdMZFdlVW9KR0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueDZMA0G
CSqGSIb3DQEBCwUAA4IBAQCjyYfbVPoYZRE+Iz61X33np/9QZfBXQ0Jc05lCg9Jo
nczoz1zfbrRQttCAa3DiKEC0c1D4xx4CVE0XIzYvrNDds7A4S3xE+i1Tj+x+QdBt
tPNNeXSIXBHsICLo2TcCeeNIK5XRKFKrc1AE6PuxR23FVlDM5lKyHbDomVnCsW9D
DGNZCBtLw1E+qsjMqaJkTD9XEsFnj0hEvU6jY1KI0WTo2h9FgerSc4BR6ak5Uq9s
GGAQjVBcGgd+4e3WZeonbvAa0TSv6qwPiqKlNh5oJIgc0/30plTldXMlZ1f8cH0S
MdpU7otp6QZ/SNtoJkizzG4TjlbOqCHzW4cZETg4oaKI
-----END CERTIFICATE-----
Generated at Sat Jun 1 20:01:08 2024 by rpki-client on console-ams.rpki-client.org