Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DkPaZvZeSz4XExDkF8scISKbR4g.roa
File:                     DkPaZvZeSz4XExDkF8scISKbR4g.roa (raw, json)
Hash identifier:          zZ55nwoZWzl2M7pGtu/Nrda1SwXcfv5EQPO8NKmx6lo=
Subject key identifier:   0E:43:DA:66:F6:5E:4B:3E:17:13:10:E4:17:CB:1C:21:22:9B:47:88
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018FD451E4E9B51E3F7B1BFF1CB062076185
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DkPaZvZeSz4XExDkF8scISKbR4g.roa
Signing time:             Sat 01 Jun 2024 15:01:27 +0000
ROA not before:           Sat 01 Jun 2024 15:01:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206505
IP address blocks:        163.5.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d4:51:e4:e9:b5:1e:3f:7b:1b:ff:1c:b0:62:07:61:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  1 15:01:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e43da66f65e4b3e171310e417cb1c21229b4788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:14:29:bc:fb:21:9e:9f:69:1c:8f:9f:c1:ac:
                    fd:2c:85:bd:74:7f:0d:22:50:91:27:bf:b4:0d:9b:
                    81:de:90:31:c5:e3:30:d8:04:0c:15:27:21:1c:6b:
                    d0:6f:c3:31:76:8c:d5:3c:3f:c5:94:cd:b1:bb:bf:
                    6c:f2:6d:5c:f3:74:76:09:2e:49:d6:88:fb:11:b5:
                    2c:68:c8:e9:03:97:04:00:b0:33:b4:92:4f:31:fe:
                    fb:35:74:8d:07:90:7f:63:8f:7f:75:d0:17:0d:cd:
                    09:3c:71:d4:5a:a6:02:45:11:29:ec:2e:85:3c:78:
                    4e:5e:1d:a1:f5:2a:24:63:92:e3:60:d5:44:b5:28:
                    6a:af:d4:48:6a:37:08:6d:ac:1c:63:45:cf:05:36:
                    73:91:2b:a8:b1:08:7c:38:ee:9e:49:92:1b:1a:e5:
                    f1:0f:13:6d:61:ac:42:4a:19:32:66:61:e6:14:51:
                    f0:94:ad:15:2a:fd:3f:2f:36:f8:c8:b6:fa:71:85:
                    5d:eb:2a:12:20:12:97:0a:f4:5c:8d:c8:6c:4a:8b:
                    de:73:06:5d:85:ca:90:e1:5f:09:f4:44:54:7e:e4:
                    f5:16:78:78:e5:1a:b4:fa:51:9c:85:af:af:8c:c6:
                    19:3a:41:34:be:8b:0e:9a:e1:6e:07:ea:5a:c4:65:
                    17:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:43:DA:66:F6:5E:4B:3E:17:13:10:E4:17:CB:1C:21:22:9B:47:88
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DkPaZvZeSz4XExDkF8scISKbR4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:83:60:1c:be:6f:dd:2d:5a:1c:2e:3e:bb:0c:1b:2a:e5:be:
         e9:8f:21:9a:74:67:14:90:57:e4:42:c1:b3:43:01:49:05:a7:
         53:0c:81:8c:ed:b9:c3:a6:0e:1e:c3:da:8a:08:c1:e1:b4:ec:
         89:31:1c:1b:e5:97:0c:92:be:03:5e:e3:25:47:34:9a:1b:41:
         9b:b5:a9:6e:6b:be:11:ba:f9:2e:0f:02:22:de:e2:cd:06:ec:
         69:f7:ee:28:91:b9:1d:32:e1:cb:a9:3c:b6:ea:1d:d3:08:db:
         25:54:ee:0d:93:56:70:92:e2:98:37:62:4f:df:c2:93:31:ce:
         bc:fb:39:6a:a2:7f:8f:3a:f0:e4:0c:fe:0b:92:b7:9e:87:f7:
         b0:71:bb:a5:57:fc:9f:46:bf:a5:f4:4d:4b:5e:ed:87:85:5b:
         97:b1:f7:0a:ec:85:29:f5:cb:bb:19:ee:47:3e:0c:02:0a:79:
         45:09:a7:26:bc:6d:36:a1:49:d2:3a:d6:5c:16:39:c4:df:9b:
         58:7f:0d:55:20:a4:07:3c:db:17:21:a8:71:6f:45:83:4a:86:
         28:c3:c8:56:ff:f6:2a:da:7f:85:e2:cb:b0:e5:3f:72:35:ab:
         f7:9a:6d:65:03:01:98:7b:a0:71:d1:34:bd:ea:54:36:9b:e4:
         fc:58:98:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/UUeTptR4/exv/HLBiB2GFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNjAxMTUwMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQzZGE2NmY2NWU0YjNlMTcxMzEwZTQxN2NiMWMyMTIyOWI0Nzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBQpvPshnp9pHI+fwaz9LIW9dH8N
IlCRJ7+0DZuB3pAxxeMw2AQMFSchHGvQb8MxdozVPD/FlM2xu79s8m1c83R2CS5J
1oj7EbUsaMjpA5cEALAztJJPMf77NXSNB5B/Y49/ddAXDc0JPHHUWqYCRREp7C6F
PHhOXh2h9SokY5LjYNVEtShqr9RIajcIbawcY0XPBTZzkSuosQh8OO6eSZIbGuXx
DxNtYaxCShkyZmHmFFHwlK0VKv0/Lzb4yLb6cYVd6yoSIBKXCvRcjchsSovecwZd
hcqQ4V8J9ERUfuT1Fnh45Rq0+lGcha+vjMYZOkE0vosOmuFuB+paxGUXSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5D2mb2Xks+FxMQ5BfLHCEim0eIMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRGtQYVp2WmVTejRYRXhEa0Y4c2NJU0tiUjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWkMA0G
CSqGSIb3DQEBCwUAA4IBAQAug2Acvm/dLVocLj67DBsq5b7pjyGadGcUkFfkQsGz
QwFJBadTDIGM7bnDpg4ew9qKCMHhtOyJMRwb5ZcMkr4DXuMlRzSaG0Gbtalua74R
uvkuDwIi3uLNBuxp9+4okbkdMuHLqTy26h3TCNslVO4Nk1ZwkuKYN2JP38KTMc68
+zlqon+POvDkDP4Lkreeh/ewcbulV/yfRr+l9E1LXu2HhVuXsfcK7IUp9cu7Ge5H
PgwCCnlFCacmvG02oUnSOtZcFjnE35tYfw1VIKQHPNsXIahxb0WDSoYow8hW//Yq
2n+F4suw5T9yNav3mm1lAwGYe6Bx0TS96lQ2m+T8WJgN
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:44:25 2024 by rpki-client on console-ams.rpki-client.org