Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/AADwvNY11BeBRU1e2F5w9CVtQK8.roa
File:                     AADwvNY11BeBRU1e2F5w9CVtQK8.roa (raw, json)
Hash identifier:          eGOeV4eEjZyZ1fuqfedoPWOedvOSUsL+hDBiYwzo+OQ=
Subject key identifier:   00:00:F0:BC:D6:35:D4:17:81:45:4D:5E:D8:5E:70:F4:25:6D:40:AF
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD309F85BB9A5B7724D383DF1E2F1
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/AADwvNY11BeBRU1e2F5w9CVtQK8.roa
Signing time:             Tue 02 Jan 2024 10:34:04 +0000
ROA not before:           Tue 02 Jan 2024 10:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41682
IP address blocks:        2a02:2698:8000::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d3:09:f8:5b:b9:a5:b7:72:4d:38:3d:f1:e2:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0000f0bcd635d41781454d5ed85e70f4256d40af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:af:25:32:f2:15:90:09:e0:d9:51:a7:c0:35:
                    76:e9:a3:79:b8:53:30:e3:f6:0a:21:72:b8:50:e2:
                    9a:72:c7:94:16:e2:77:6a:49:c1:ec:96:34:13:6d:
                    a2:7c:e9:98:7a:6f:04:85:a2:8e:c3:15:b6:e2:09:
                    ab:f5:9c:e6:26:e3:10:06:c7:be:10:24:2e:20:de:
                    21:d7:e5:9f:e0:70:88:17:9e:2a:61:63:50:c5:e5:
                    66:68:ed:b7:00:3e:ec:c2:87:a7:26:07:49:53:7e:
                    6e:bd:3f:79:5a:36:58:cf:b0:26:4f:16:aa:d3:ea:
                    b2:52:42:2a:8d:5f:0b:86:e4:44:c8:fc:af:16:27:
                    9b:6c:53:32:e5:d9:77:31:f7:b7:1a:5f:47:e7:7c:
                    9f:6c:ff:8a:92:ae:d1:3f:84:b0:05:02:7e:ab:fc:
                    7d:a1:45:b0:50:c3:96:3f:51:e8:c0:ff:1b:c2:7f:
                    b0:58:2e:d1:cb:13:99:c8:08:e1:83:c4:af:0f:0c:
                    70:80:b3:c5:49:a1:66:48:6b:42:3d:44:32:6c:32:
                    68:e9:3a:1b:84:e7:8a:a2:ed:cb:54:e0:7d:1a:36:
                    4c:a9:70:88:36:dd:d0:cc:a2:24:ae:f4:8c:21:88:
                    75:28:68:e1:73:7f:07:72:41:6e:30:b8:b0:46:5a:
                    fe:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:00:F0:BC:D6:35:D4:17:81:45:4D:5E:D8:5E:70:F4:25:6D:40:AF
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/AADwvNY11BeBRU1e2F5w9CVtQK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:8000::/38

    Signature Algorithm: sha256WithRSAEncryption
         c9:aa:be:99:f9:f1:0b:9b:5c:57:82:a4:13:80:eb:46:61:87:
         24:68:d4:5e:f8:66:9a:5b:a4:7a:c7:f1:b8:ee:96:1b:a4:1f:
         9a:36:1a:bb:d3:f6:9f:87:0b:25:ed:c1:a2:4e:d6:35:3a:79:
         64:5d:b5:a9:71:8f:f1:19:1b:3e:e8:8b:43:67:9e:b8:49:1a:
         53:70:83:07:d4:de:58:ee:d9:57:6b:cf:0e:cf:34:76:4a:b3:
         c8:ae:8f:44:52:cf:93:c0:1f:62:61:9f:b1:19:c1:cb:34:e1:
         f0:2d:f4:38:8a:f1:0b:dc:88:40:2d:b5:6f:87:28:10:0f:fe:
         cf:58:30:30:08:ca:95:59:c2:ef:16:4f:88:78:86:9e:1d:87:
         23:c6:25:82:69:7d:08:a0:3d:7c:39:7f:82:32:b6:35:ed:ab:
         60:39:03:66:a9:36:86:50:a3:fe:98:29:e9:26:64:89:e0:f1:
         b7:38:d4:c5:7d:4c:bf:e1:b1:f2:9b:fc:c9:4c:3e:84:21:27:
         87:b7:87:0c:d5:41:79:a9:41:82:2f:a7:66:95:0b:e1:b9:15:
         03:88:51:cc:8c:42:de:1c:d2:f4:d4:34:6b:2f:2a:13:98:4b:
         3a:95:f6:aa:d6:54:cf:e5:bd:67:82:07:c2:e3:d7:65:a0:4d:
         91:f1:da:4f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNMJ+Fu5pbdyTTg98eLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDAwZjBiY2Q2MzVkNDE3ODE0NTRkNWVkODVlNzBmNDI1NmQ0MGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK8lMvIVkAng2VGnwDV26aN5uFMw
4/YKIXK4UOKacseUFuJ3aknB7JY0E22ifOmYem8EhaKOwxW24gmr9ZzmJuMQBse+
ECQuIN4h1+Wf4HCIF54qYWNQxeVmaO23AD7swoenJgdJU35uvT95WjZYz7AmTxaq
0+qyUkIqjV8LhuREyPyvFiebbFMy5dl3Mfe3Gl9H53yfbP+Kkq7RP4SwBQJ+q/x9
oUWwUMOWP1HowP8bwn+wWC7RyxOZyAjhg8SvDwxwgLPFSaFmSGtCPUQybDJo6Tob
hOeKou3LVOB9GjZMqXCINt3QzKIkrvSMIYh1KGjhc38HckFuMLiwRlr+bQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAAA8LzWNdQXgUVNXthecPQlbUCvMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvQUFEd3ZOWTExQmVCUlUxZTJGNXc5Q1Z0UUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmIAw
DQYJKoZIhvcNAQELBQADggEBAMmqvpn58QubXFeCpBOA60ZhhyRo1F74ZppbpHrH
8bjulhukH5o2GrvT9p+HCyXtwaJO1jU6eWRdtalxj/EZGz7oi0NnnrhJGlNwgwfU
3lju2Vdrzw7PNHZKs8iuj0RSz5PAH2Jhn7EZwcs04fAt9DiK8QvciEAttW+HKBAP
/s9YMDAIypVZwu8WT4h4hp4dhyPGJYJpfQigPXw5f4IytjXtq2A5A2apNoZQo/6Y
KekmZIng8bc41MV9TL/hsfKb/MlMPoQhJ4e3hwzVQXmpQYIvp2aVC+G5FQOIUcyM
Qt4c0vTUNGsvKhOYSzqV9qrWVM/lvWeCB8Lj12WgTZHx2k8=
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:58:31 2024 by rpki-client on console-fra.rpki-client.org