Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/iWP0GoUuUXkkDZ6vHw3xIXc1UkQ.roa
File:                     iWP0GoUuUXkkDZ6vHw3xIXc1UkQ.roa (raw, json)
Hash identifier:          wcIzxAkZ/it4S7ejvN01dB3WMjK70yMHtJUgwrm/oWQ=
Subject key identifier:   89:63:F4:1A:85:2E:51:79:24:0D:9E:AF:1F:0D:F1:21:77:35:52:44
Certificate issuer:       /CN=79d0d856764a3fee64be14f0a49f59a6865285d1
Certificate serial:       018CC5004BB650F833E6805CFCFB896D5E57
Authority key identifier: 79:D0:D8:56:76:4A:3F:EE:64:BE:14:F0:A4:9F:59:A6:86:52:85:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/iWP0GoUuUXkkDZ6vHw3xIXc1UkQ.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208964
IP address blocks:        193.28.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4b:b6:50:f8:33:e6:80:5c:fc:fb:89:6d:5e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d0d856764a3fee64be14f0a49f59a6865285d1
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8963f41a852e5179240d9eaf1f0df12177355244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b8:5d:da:b6:99:c3:9b:85:eb:27:d8:f0:01:
                    70:1d:66:05:ec:54:9c:23:df:57:94:b9:43:7c:eb:
                    3c:ac:c6:77:1f:66:3f:00:8f:0c:d9:63:30:07:d5:
                    c8:55:ac:7c:b5:6e:26:b6:06:52:5b:e6:21:b9:6e:
                    3a:39:1b:7c:9c:de:c3:ad:9e:d4:29:e9:52:28:cd:
                    98:b4:7e:b6:c4:3a:80:d7:1e:d6:12:00:61:8d:61:
                    01:b0:97:11:0c:40:61:ca:fb:9c:91:ce:1b:d6:e7:
                    99:4b:25:94:49:55:5a:e1:ff:ea:4f:12:d1:5d:60:
                    42:11:03:c9:75:bd:61:85:0f:b3:ee:c9:1c:e4:3d:
                    df:6d:90:67:bc:7e:c4:9f:5a:9e:b6:4b:d6:aa:73:
                    da:21:f4:58:d8:63:8d:de:12:5f:d2:45:0a:45:a2:
                    86:d6:74:0e:06:60:17:04:db:e4:7a:b8:6a:d8:21:
                    fc:52:6a:03:af:e6:e4:0d:bc:1b:bb:cd:70:f8:e7:
                    6c:dc:b4:04:b0:d4:7a:58:95:f3:20:c7:27:fa:33:
                    76:14:87:11:ad:ef:4a:c6:cf:35:4e:cd:f7:9f:fe:
                    29:0b:4b:86:fc:4e:0f:3a:46:8d:43:01:f9:eb:c6:
                    dd:38:d7:17:e9:fa:1b:86:5a:36:5e:34:c8:d3:33:
                    91:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:63:F4:1A:85:2E:51:79:24:0D:9E:AF:1F:0D:F1:21:77:35:52:44
            X509v3 Authority Key Identifier:
                keyid:79:D0:D8:56:76:4A:3F:EE:64:BE:14:F0:A4:9F:59:A6:86:52:85:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/iWP0GoUuUXkkDZ6vHw3xIXc1UkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:a0:1a:f6:3e:b6:6e:71:0a:81:58:ee:c5:98:61:c1:7b:1a:
         a9:bc:c3:9c:2c:8c:2c:09:68:dd:d4:29:3c:e6:39:ce:52:a8:
         62:47:ca:4f:77:36:51:e4:64:7b:f5:f3:e2:01:a1:25:fd:3e:
         cd:12:4a:e6:67:11:cb:4d:09:26:10:0f:b1:b9:e0:d2:0d:67:
         e6:c0:62:42:77:00:df:99:30:d8:6d:c5:c2:df:8d:34:3c:78:
         75:29:d6:ef:64:ec:7e:e4:e8:d3:13:f1:e9:5c:26:c4:6c:5f:
         57:48:d6:50:74:16:e1:c0:49:0f:d1:19:71:11:33:46:e5:12:
         a2:a5:44:08:ed:eb:ad:ab:7b:82:50:c4:b6:a7:24:4f:fc:6b:
         e2:26:ef:a0:43:4d:c7:4a:55:ad:7d:61:38:ae:60:71:e1:65:
         b5:de:e7:54:e8:6e:f2:fc:e9:b4:cd:65:fc:8a:5e:1d:e6:5e:
         55:5e:b6:1e:30:56:74:9f:44:fc:3a:5c:cd:9b:fd:8d:10:26:
         ff:f1:ea:eb:4f:7d:3a:e2:85:ce:0c:20:2c:b2:31:61:48:38:
         fe:48:fd:96:76:96:c8:08:41:09:60:91:df:6d:9e:2f:2e:68:
         98:38:9f:1b:15:35:57:57:1c:f7:b9:11:7e:e5:6b:20:34:c1:
         e2:e2:11:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEu2UPgz5oBc/PuJbV5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDBkODU2NzY0YTNmZWU2NGJlMTRmMGE0OWY1OWE2ODY1
Mjg1ZDEwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTYzZjQxYTg1MmU1MTc5MjQwZDllYWYxZjBkZjEyMTc3MzU1MjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbhd2raZw5uF6yfY8AFwHWYF7FSc
I99XlLlDfOs8rMZ3H2Y/AI8M2WMwB9XIVax8tW4mtgZSW+YhuW46ORt8nN7DrZ7U
KelSKM2YtH62xDqA1x7WEgBhjWEBsJcRDEBhyvuckc4b1ueZSyWUSVVa4f/qTxLR
XWBCEQPJdb1hhQ+z7skc5D3fbZBnvH7En1qetkvWqnPaIfRY2GON3hJf0kUKRaKG
1nQOBmAXBNvkerhq2CH8UmoDr+bkDbwbu81w+Ods3LQEsNR6WJXzIMcn+jN2FIcR
re9Kxs81Ts33n/4pC0uG/E4POkaNQwH568bdONcX6fobhlo2XjTI0zOR2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlj9BqFLlF5JA2erx8N8SF3NVJEMB8GA1UdIwQY
MBaAFHnQ2FZ2Sj/uZL4U8KSfWaaGUoXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWREWVZuWktQLTVrdmhUd3BKOVpwb1pTaGRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS80M2UzMDktNzVjNS00ZjQwLTlkYjMt
ZjJiYjY5ZTc1ZTc0LzEvaVdQMEdvVXVVWGtrRFo2dkh3M3hJWGMxVWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS80M2UzMDktNzVjNS00ZjQwLTlkYjMtZjJiYjY5ZTc1ZTc0
LzEvZWREWVZuWktQLTVrdmhUd3BKOVpwb1pTaGRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRzzMA0G
CSqGSIb3DQEBCwUAA4IBAQAWoBr2PrZucQqBWO7FmGHBexqpvMOcLIwsCWjd1Ck8
5jnOUqhiR8pPdzZR5GR79fPiAaEl/T7NEkrmZxHLTQkmEA+xueDSDWfmwGJCdwDf
mTDYbcXC3400PHh1KdbvZOx+5OjTE/HpXCbEbF9XSNZQdBbhwEkP0RlxETNG5RKi
pUQI7eutq3uCUMS2pyRP/GviJu+gQ03HSlWtfWE4rmBx4WW13udU6G7y/Om0zWX8
il4d5l5VXrYeMFZ0n0T8OlzNm/2NECb/8errT3064oXODCAssjFhSDj+SP2WdpbI
CEEJYJHfbZ4vLmiYOJ8bFTVXVxz3uRF+5WsgNMHi4hGQ
-----END CERTIFICATE-----
Generated at Thu May 23 01:49:25 2024 by rpki-client on console-fra.rpki-client.org