Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ZDc0AWryd0N23mvpglmBCLEN4Lk.roa
File:                     ZDc0AWryd0N23mvpglmBCLEN4Lk.roa (raw, json)
Hash identifier:          2C5zLKbWNcVE/QahU4Tcfi09JHTx71B7+rAA8rvfyOU=
Subject key identifier:   64:37:34:01:6A:F2:77:43:76:DE:6B:E9:82:59:81:08:B1:0D:E0:B9
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018F616D311A85A099396820476090498693
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ZDc0AWryd0N23mvpglmBCLEN4Lk.roa
Signing time:             Fri 10 May 2024 07:34:56 +0000
ROA not before:           Fri 10 May 2024 07:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47504
IP address blocks:        2.58.196.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:6d:31:1a:85:a0:99:39:68:20:47:60:90:49:86:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: May 10 07:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=643734016af2774376de6be982598108b10de0b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f9:b4:c6:b6:66:48:71:7c:a2:57:0e:14:99:
                    29:3d:3e:6d:b9:46:23:f7:62:54:14:ea:e0:ac:37:
                    8e:1d:17:fa:14:a5:22:c0:b1:00:c5:99:7c:ef:d3:
                    3e:fe:fe:39:fe:18:87:9c:df:f9:75:75:81:9f:64:
                    05:7e:27:51:28:e6:44:43:5e:f4:03:67:fc:d0:08:
                    9d:5f:30:8e:27:dd:02:19:19:03:9c:b7:b6:76:9e:
                    1d:27:90:f1:c3:e2:61:70:82:d5:40:c7:8b:aa:ad:
                    67:e2:f4:e7:66:8d:9b:5d:1e:43:06:c5:ce:0f:5e:
                    d6:f9:3f:e7:ed:1e:c2:5a:20:94:9b:c0:ff:9b:c2:
                    89:7e:b5:e9:d6:cd:24:6a:ab:d0:bd:28:44:ef:0e:
                    a0:fa:d5:2e:12:6a:d6:ce:16:65:82:a6:14:93:83:
                    3d:9b:6d:b2:35:c1:e4:85:df:29:97:ad:df:05:f4:
                    b3:a4:b9:f0:fc:82:4d:d6:29:03:35:c8:87:db:87:
                    a4:f7:56:74:62:bd:24:be:22:a7:a8:cd:ae:7d:68:
                    ea:66:fd:07:ac:db:49:21:b6:00:f5:e6:01:7a:44:
                    18:56:a1:12:34:c1:06:18:75:0f:f3:74:fe:65:bf:
                    a0:bd:3a:87:9a:8a:75:e5:ae:14:1d:11:6a:12:4d:
                    b1:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:37:34:01:6A:F2:77:43:76:DE:6B:E9:82:59:81:08:B1:0D:E0:B9
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ZDc0AWryd0N23mvpglmBCLEN4Lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:c8:a1:e9:0a:10:d0:f5:97:fe:6f:aa:3a:fd:da:55:21:38:
         85:ac:05:77:06:de:5f:b7:07:95:13:9a:5a:5e:07:21:22:d8:
         3a:a1:be:3e:44:54:5b:d4:0d:e6:b5:24:7a:f1:ce:5c:fd:ea:
         95:33:25:09:ad:40:1b:3b:9b:9c:15:2e:a5:70:e4:d0:f0:e3:
         b5:d6:b8:f8:b8:66:6e:db:43:3f:79:c8:20:0b:57:02:7c:78:
         7b:16:ad:6e:06:ac:64:a1:19:5b:fb:84:ba:46:e9:c2:3b:7c:
         1c:9e:35:82:0a:a5:79:f9:c7:c6:97:8a:1a:c0:2a:d6:c8:8d:
         f5:25:07:2b:ef:ad:81:f3:d7:f5:3f:b6:e1:3e:e0:61:5e:46:
         91:d9:0e:00:d0:60:6d:8a:0a:66:c5:32:36:ce:d0:23:94:14:
         46:84:89:37:34:97:06:16:05:ec:52:89:16:6b:5c:10:51:de:
         b0:1c:71:b7:81:47:57:08:52:6a:22:a5:ad:9a:a3:74:13:36:
         d2:e8:6f:26:87:7f:b2:3a:22:64:00:8a:f3:82:19:81:a1:17:
         12:b2:ad:5b:42:43:92:6e:b0:d9:fe:b5:b0:dc:3f:95:60:ac:
         36:b1:eb:48:fb:38:85:2a:47:e7:cb:b7:81:48:24:b0:8d:7e:
         72:f4:c7:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9hbTEahaCZOWggR2CQSYaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwNTEwMDczNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDM3MzQwMTZhZjI3NzQzNzZkZTZiZTk4MjU5ODEwOGIxMGRlMGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fm0xrZmSHF8olcOFJkpPT5tuUYj
92JUFOrgrDeOHRf6FKUiwLEAxZl879M+/v45/hiHnN/5dXWBn2QFfidRKOZEQ170
A2f80AidXzCOJ90CGRkDnLe2dp4dJ5Dxw+JhcILVQMeLqq1n4vTnZo2bXR5DBsXO
D17W+T/n7R7CWiCUm8D/m8KJfrXp1s0kaqvQvShE7w6g+tUuEmrWzhZlgqYUk4M9
m22yNcHkhd8pl63fBfSzpLnw/IJN1ikDNciH24ek91Z0Yr0kviKnqM2ufWjqZv0H
rNtJIbYA9eYBekQYVqESNMEGGHUP83T+Zb+gvTqHmop15a4UHRFqEk2xewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQ3NAFq8ndDdt5r6YJZgQixDeC5MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvWkRjMEFXcnlkME4yM212cGdsbUJDTEVONExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAjrEMA0G
CSqGSIb3DQEBCwUAA4IBAQB3yKHpChDQ9Zf+b6o6/dpVITiFrAV3Bt5ftweVE5pa
XgchItg6ob4+RFRb1A3mtSR68c5c/eqVMyUJrUAbO5ucFS6lcOTQ8OO11rj4uGZu
20M/ecggC1cCfHh7Fq1uBqxkoRlb+4S6RunCO3wcnjWCCqV5+cfGl4oawCrWyI31
JQcr762B89f1P7bhPuBhXkaR2Q4A0GBtigpmxTI2ztAjlBRGhIk3NJcGFgXsUokW
a1wQUd6wHHG3gUdXCFJqIqWtmqN0EzbS6G8mh3+yOiJkAIrzghmBoRcSsq1bQkOS
brDZ/rWw3D+VYKw2setI+ziFKkfny7eBSCSwjX5y9McP
-----END CERTIFICATE-----
Generated at Sun Nov 24 17:25:09 2024 by rpki-client on console-fra.rpki-client.org