Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/RMde8GL3rOynsH01TAXXVp9JG2w.roa
File:                     RMde8GL3rOynsH01TAXXVp9JG2w.roa (raw, json)
Hash identifier:          6IwB7gXLgy3XhefDop3p6c9RYvWefpfKRtnhWhYyR4E=
Subject key identifier:   44:C7:5E:F0:62:F7:AC:EC:A7:B0:7D:35:4C:05:D7:56:9F:49:1B:6C
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       018EC28530D7728CA6D5C8DB89AB2AF3FA26
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/RMde8GL3rOynsH01TAXXVp9JG2w.roa
Signing time:             Tue 09 Apr 2024 11:01:32 +0000
ROA not before:           Tue 09 Apr 2024 11:01:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        45.157.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:85:30:d7:72:8c:a6:d5:c8:db:89:ab:2a:f3:fa:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Apr  9 11:01:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44c75ef062f7aceca7b07d354c05d7569f491b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4d:ad:9d:e9:9b:4b:ab:1b:46:56:1c:71:8c:
                    db:ab:6e:d4:90:0c:ea:3a:d1:e2:a9:c8:99:7b:9e:
                    b9:de:ce:08:2b:d9:3a:01:6b:aa:86:43:58:cd:23:
                    38:ea:e6:69:b8:b4:02:98:8f:d7:f6:1b:58:82:2b:
                    14:be:eb:9a:f1:1e:4c:e4:bb:9c:33:a7:85:7d:5a:
                    71:9d:3f:b6:06:7f:17:5f:be:98:e8:d4:98:b2:f1:
                    4f:86:2b:73:44:f6:fe:93:aa:fb:d6:85:78:46:88:
                    83:f3:d6:78:8a:74:99:5b:5f:d0:e1:97:69:96:5d:
                    8e:40:35:fe:ab:60:94:7b:a6:33:2b:97:dd:3b:ca:
                    c5:e4:f0:bb:d1:d9:87:b6:17:4f:f6:ee:7d:d6:36:
                    04:61:e0:f8:fa:9a:13:40:e3:fa:18:0f:f1:ce:05:
                    bb:5e:f1:5c:5b:5f:df:66:c5:7f:6d:12:ea:59:0e:
                    f8:9d:a9:cc:30:8d:6b:5c:c0:91:d1:db:67:43:cc:
                    c5:18:94:86:95:ee:62:ba:17:0f:cf:86:37:9a:93:
                    1c:ed:46:a7:d2:cc:8e:a7:93:79:9d:3c:f4:bc:25:
                    f4:94:0c:f2:56:05:c3:81:55:bc:4a:7d:ee:e1:6e:
                    4f:99:2a:69:fa:4f:17:28:cb:d1:7c:ed:0c:e5:af:
                    76:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C7:5E:F0:62:F7:AC:EC:A7:B0:7D:35:4C:05:D7:56:9F:49:1B:6C
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/RMde8GL3rOynsH01TAXXVp9JG2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:bb:b0:d6:98:9b:83:d5:f8:d8:da:d4:95:65:e7:90:4b:34:
         d3:c7:cb:a5:50:e9:13:32:05:7d:3b:65:9b:41:af:56:d3:43:
         3b:50:be:25:55:ca:59:a3:be:06:53:b1:6f:1d:97:2d:8f:35:
         ab:3d:b9:31:65:7f:7f:9f:b9:58:17:87:2e:00:5d:a0:ee:ac:
         22:77:42:41:3e:0b:aa:e5:2b:a4:b9:d2:83:8b:e9:9f:5f:61:
         17:ca:e4:66:7d:81:49:69:35:66:1f:0c:51:f4:79:1b:d0:66:
         4b:98:cf:01:21:8b:07:97:ec:73:34:04:3b:1f:a0:f3:f3:1d:
         0d:2f:88:09:c1:71:82:d5:7b:b6:f1:d2:6b:8a:de:26:70:76:
         af:a6:87:10:cb:7c:27:da:40:d7:e7:0a:69:72:b9:be:59:5d:
         9c:a2:0b:c8:3f:f4:48:cf:23:7c:61:d0:3d:3a:af:b3:37:d7:
         77:0b:f7:4f:7f:33:6a:e2:81:3a:db:b9:95:dc:76:6b:b2:59:
         2f:ae:2d:90:c4:03:5d:03:d2:62:ae:2e:ef:89:d8:16:bb:65:
         92:46:52:89:20:7a:c3:4c:37:0b:32:8d:8a:46:e6:c5:ac:80:
         71:62:5c:90:59:13:38:dc:ba:77:66:0b:fe:8f:a4:ec:04:58:
         20:db:08:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7ChTDXcoym1cjbiasq8/omMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjQwNDA5MTEwMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGM3NWVmMDYyZjdhY2VjYTdiMDdkMzU0YzA1ZDc1NjlmNDkxYjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlU2tnembS6sbRlYccYzbq27UkAzq
OtHiqciZe5653s4IK9k6AWuqhkNYzSM46uZpuLQCmI/X9htYgisUvuua8R5M5Luc
M6eFfVpxnT+2Bn8XX76Y6NSYsvFPhitzRPb+k6r71oV4RoiD89Z4inSZW1/Q4Zdp
ll2OQDX+q2CUe6YzK5fdO8rF5PC70dmHthdP9u591jYEYeD4+poTQOP6GA/xzgW7
XvFcW1/fZsV/bRLqWQ74nanMMI1rXMCR0dtnQ8zFGJSGle5iuhcPz4Y3mpMc7Uan
0syOp5N5nTz0vCX0lAzyVgXDgVW8Sn3u4W5PmSpp+k8XKMvRfO0M5a92KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETHXvBi96zsp7B9NUwF11afSRtsMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvUk1kZThHTDNyT3luc0gwMVRBWFhWcDlKRzJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ1IMA0G
CSqGSIb3DQEBCwUAA4IBAQBIu7DWmJuD1fjY2tSVZeeQSzTTx8ulUOkTMgV9O2Wb
Qa9W00M7UL4lVcpZo74GU7FvHZctjzWrPbkxZX9/n7lYF4cuAF2g7qwid0JBPguq
5SukudKDi+mfX2EXyuRmfYFJaTVmHwxR9Hkb0GZLmM8BIYsHl+xzNAQ7H6Dz8x0N
L4gJwXGC1Xu28dJrit4mcHavpocQy3wn2kDX5wppcrm+WV2cogvIP/RIzyN8YdA9
Oq+zN9d3C/dPfzNq4oE627mV3HZrslkvri2QxANdA9Jiri7vidgWu2WSRlKJIHrD
TDcLMo2KRubFrIBxYlyQWRM43Lp3Zgv+j6TsBFgg2wgH
-----END CERTIFICATE-----
Generated at Fri Nov 22 05:51:00 2024 by rpki-client on console-fra.rpki-client.org