Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/0Jx4AxPlA8XktmLUzsz0CbTmDO4.roa
File:                     0Jx4AxPlA8XktmLUzsz0CbTmDO4.roa (raw, json)
Hash identifier:          eHl9zbZt7e0XAhoeHgKEdNo0r7F5RBaNa+L7o8ifwGo=
Subject key identifier:   D0:9C:78:03:13:E5:03:C5:E4:B6:62:D4:CE:CC:F4:09:B4:E6:0C:EE
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD0366DCC74B7AE81639A64A1B4CA
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/0Jx4AxPlA8XktmLUzsz0CbTmDO4.roa
Signing time:             Tue 02 Jan 2024 10:34:03 +0000
ROA not before:           Tue 02 Jan 2024 10:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34590
IP address blocks:        2a02:2698:1c00::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d0:36:6d:cc:74:b7:ae:81:63:9a:64:a1:b4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d09c780313e503c5e4b662d4ceccf409b4e60cee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3c:40:ec:ee:7d:f2:cb:03:fd:51:51:c4:18:
                    b4:fd:66:dc:0c:8f:e1:c9:6b:77:3f:66:d9:1d:f2:
                    a2:d6:b0:5f:b1:ed:43:ef:a9:ef:40:9d:a0:88:86:
                    b4:bf:e5:1a:b5:9b:8c:a3:dd:77:4a:b8:e5:78:f0:
                    9e:15:fb:e5:6f:64:36:c3:ca:e2:f1:dd:1c:f2:91:
                    44:1e:08:02:39:d5:54:da:38:61:82:99:72:c5:66:
                    4b:ee:20:89:b0:e1:1f:6d:d4:a3:99:1e:f6:5e:ea:
                    c0:73:f0:a9:52:48:f3:54:ca:8d:55:a7:68:0c:97:
                    07:b6:ca:9e:c6:d2:01:cf:12:c8:2e:51:a6:1d:f8:
                    99:37:5d:02:e8:5d:ef:70:a6:8e:f5:9e:75:94:76:
                    01:8f:58:5e:5a:cf:3d:da:f7:2f:c5:77:0d:70:e8:
                    73:49:96:b3:da:23:8a:c5:54:32:71:cf:99:4b:26:
                    ed:02:d8:8e:a0:fc:ea:17:f8:2e:73:2b:a9:55:f3:
                    5a:6c:ce:c4:4a:9e:24:22:aa:0d:bf:16:68:72:33:
                    bb:e4:47:6e:04:e2:22:92:61:c6:17:53:6f:25:a7:
                    f9:e4:be:20:cc:97:6a:f3:fa:13:57:99:1f:90:c8:
                    99:73:ab:3d:03:45:43:0d:04:69:e3:a6:f4:e3:f0:
                    2e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9C:78:03:13:E5:03:C5:E4:B6:62:D4:CE:CC:F4:09:B4:E6:0C:EE
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/0Jx4AxPlA8XktmLUzsz0CbTmDO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:1c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         05:2b:f1:23:cd:46:ec:08:a8:37:23:db:b5:10:45:f2:f2:04:
         9a:f2:cc:68:62:27:d8:46:b5:da:84:c7:21:55:a3:f8:a9:95:
         ea:f1:6c:cd:a1:bb:48:83:62:ae:42:35:7f:a7:2c:d8:6d:05:
         b3:13:00:3a:2a:20:65:88:6f:21:45:5d:99:07:72:3a:61:fb:
         b7:c5:69:76:81:93:0d:f0:d2:e7:3f:bb:5c:5f:7e:a9:5c:4d:
         11:7c:f5:55:6b:f7:4f:21:f5:1a:89:9f:c4:8d:ea:bc:8b:ea:
         f3:e5:5c:d1:8d:20:ea:7f:35:2d:24:6e:de:83:d5:45:78:23:
         b6:92:1f:91:f2:b0:76:c7:b6:4b:5a:c4:55:6c:10:46:82:a2:
         04:bf:7e:ba:1f:fc:e5:0b:0c:f7:ed:73:6e:6f:79:04:ec:3e:
         7b:61:6f:87:9a:ee:c6:65:08:7c:a4:bc:20:0c:53:d5:38:76:
         8c:92:0b:e2:c0:be:2e:3d:d2:b8:d5:5e:3f:e9:e1:46:93:58:
         26:e0:58:1d:d3:a8:e1:32:ac:b6:87:17:70:43:67:f8:23:2c:
         66:8a:04:97:b7:fe:5e:1f:83:54:5c:45:15:94:d3:9d:12:45:
         45:7c:43:d4:c7:9f:75:6a:cb:60:a9:d7:0c:3a:45:ed:e6:00:
         db:ba:e3:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNA2bcx0t66BY5pkobTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDljNzgwMzEzZTUwM2M1ZTRiNjYyZDRjZWNjZjQwOWI0ZTYwY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTxA7O598ssD/VFRxBi0/WbcDI/h
yWt3P2bZHfKi1rBfse1D76nvQJ2giIa0v+UatZuMo913SrjlePCeFfvlb2Q2w8ri
8d0c8pFEHggCOdVU2jhhgplyxWZL7iCJsOEfbdSjmR72XurAc/CpUkjzVMqNVado
DJcHtsqextIBzxLILlGmHfiZN10C6F3vcKaO9Z51lHYBj1heWs892vcvxXcNcOhz
SZaz2iOKxVQycc+ZSybtAtiOoPzqF/gucyupVfNabM7ESp4kIqoNvxZocjO75Edu
BOIikmHGF1NvJaf55L4gzJdq8/oTV5kfkMiZc6s9A0VDDQRp46b04/Au+QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNCceAMT5QPF5LZi1M7M9Am05gzuMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvMEp4NEF4UGxBOFhrdG1MVXpzejBDYlRtRE80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmBww
DQYJKoZIhvcNAQELBQADggEBAAUr8SPNRuwIqDcj27UQRfLyBJryzGhiJ9hGtdqE
xyFVo/iplerxbM2hu0iDYq5CNX+nLNhtBbMTADoqIGWIbyFFXZkHcjph+7fFaXaB
kw3w0uc/u1xffqlcTRF89VVr908h9RqJn8SN6ryL6vPlXNGNIOp/NS0kbt6D1UV4
I7aSH5HysHbHtktaxFVsEEaCogS/frof/OULDPftc25veQTsPnthb4ea7sZlCHyk
vCAMU9U4doySC+LAvi490rjVXj/p4UaTWCbgWB3TqOEyrLaHF3BDZ/gjLGaKBJe3
/l4fg1RcRRWU050SRUV8Q9THn3Vqy2Cp1ww6Re3mANu64+A=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:13:54 2024 by rpki-client on console-ams.rpki-client.org