Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/376e1f-96b1-4fe1-8b7a-13ff6a0ad441/1/hexmZvM0ceZ9ZCVORXluZvGHnS4.roa
File:                     hexmZvM0ceZ9ZCVORXluZvGHnS4.roa (raw, json)
Hash identifier:          EXbpEiOJikN2OoTE8ZqsQD+dAdvGtVK1qABtR5q/kTU=
Subject key identifier:   85:EC:66:66:F3:34:71:E6:7D:64:25:4E:45:79:6E:66:F1:87:9D:2E
Certificate issuer:       /CN=f96a6a2032f96d7023722239c9fa5edd5596f863
Certificate serial:       018CC7272924DADAF55C8C3FBA8E4D320B42
Authority key identifier: F9:6A:6A:20:32:F9:6D:70:23:72:22:39:C9:FA:5E:DD:55:96:F8:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-WpqIDL5bXAjciI5yfpe3VWW-GM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/376e1f-96b1-4fe1-8b7a-13ff6a0ad441/1/hexmZvM0ceZ9ZCVORXluZvGHnS4.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49843
IP address blocks:        91.213.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/376e1f-96b1-4fe1-8b7a-13ff6a0ad441/1/1-WpqIDL5bXAjciI5yfpe3VWW-GM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/376e1f-96b1-4fe1-8b7a-13ff6a0ad441/1/1-WpqIDL5bXAjciI5yfpe3VWW-GM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-WpqIDL5bXAjciI5yfpe3VWW-GM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:29:24:da:da:f5:5c:8c:3f:ba:8e:4d:32:0b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f96a6a2032f96d7023722239c9fa5edd5596f863
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85ec6666f33471e67d64254e45796e66f1879d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:34:65:d0:24:ea:e1:54:93:c6:58:20:20:d0:
                    37:8c:ee:54:ba:9d:e8:b7:5c:09:d6:a2:86:66:1e:
                    3c:1f:2e:da:87:94:64:26:5e:21:cf:0c:2f:54:2a:
                    f2:75:76:f3:fc:2d:9f:e6:bf:b1:0d:4b:47:53:03:
                    30:4e:01:d4:5a:6b:a1:d0:a8:58:22:82:6b:d1:e1:
                    bb:da:c3:e2:e3:41:db:87:a9:0e:8a:88:bd:5a:f0:
                    f3:8a:ea:1a:e7:c6:13:60:46:33:e9:6d:26:9c:3c:
                    56:1b:b0:44:30:ed:d3:52:83:cb:e4:33:dc:84:38:
                    b9:87:f6:c9:76:29:20:27:0f:d4:90:3e:d6:79:71:
                    a9:c8:3e:30:81:66:03:5f:83:9a:7a:1a:ef:6f:63:
                    e0:d6:33:8d:97:4a:df:2f:a4:2d:cb:a1:86:74:84:
                    da:e6:e9:f2:dd:d1:32:cc:24:ec:fb:7b:5a:eb:f5:
                    47:96:d7:96:f0:4b:0d:de:ca:56:e1:6e:22:3a:b7:
                    ce:16:ad:14:40:d8:d5:ce:9a:0d:41:34:2b:43:a9:
                    a1:0f:aa:57:9d:82:4e:20:91:bd:81:29:9c:81:51:
                    dc:88:cf:8c:74:5f:95:7a:d8:73:ed:27:fa:ad:25:
                    11:6f:a9:2a:5f:8f:67:ef:67:be:cc:c9:6e:2f:66:
                    29:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:EC:66:66:F3:34:71:E6:7D:64:25:4E:45:79:6E:66:F1:87:9D:2E
            X509v3 Authority Key Identifier:
                keyid:F9:6A:6A:20:32:F9:6D:70:23:72:22:39:C9:FA:5E:DD:55:96:F8:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-WpqIDL5bXAjciI5yfpe3VWW-GM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/376e1f-96b1-4fe1-8b7a-13ff6a0ad441/1/hexmZvM0ceZ9ZCVORXluZvGHnS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/376e1f-96b1-4fe1-8b7a-13ff6a0ad441/1/1-WpqIDL5bXAjciI5yfpe3VWW-GM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:55:88:b0:0f:e6:09:a0:55:21:ea:61:f2:64:82:89:fd:61:
         43:be:ee:e1:1f:c6:f9:45:c6:5c:23:8c:08:c3:1a:2f:d6:80:
         e9:7e:39:4d:12:d4:02:bb:26:00:a9:d8:3c:22:3a:d7:68:13:
         3e:c7:47:8e:e4:51:0b:5d:6e:47:b9:75:83:2c:d1:62:dd:ac:
         da:ad:4c:cb:2f:22:fa:cb:61:12:cf:f1:a9:9d:89:9e:34:9b:
         ea:15:04:48:83:1f:d5:45:b5:a6:0f:4a:c3:f5:5a:72:e0:35:
         20:73:39:e6:cf:65:b4:12:bd:db:09:e1:47:fa:5a:bd:92:d4:
         fd:40:e7:9e:8b:50:67:1e:1d:d4:a5:79:9a:7a:40:06:be:cc:
         9e:23:72:fc:6d:36:f0:62:30:a6:b0:d9:bb:79:66:51:dc:8d:
         ef:98:8b:08:35:2c:d5:8a:2f:32:5d:33:97:72:bb:72:c5:06:
         16:19:55:72:1d:91:d0:be:d6:d9:2c:f0:13:74:a7:29:80:4a:
         36:3c:05:59:91:9d:39:47:d1:79:eb:74:16:b0:88:44:66:42:
         29:d0:49:70:d5:60:bd:b0:9d:dc:17:c4:ba:8d:28:15:36:a2:
         ce:14:63:8e:7d:86:a8:ef:9d:b5:ea:f8:c4:93:de:3a:7f:27:
         ef:1d:84:7a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJykk2tr1XIw/uo5NMgtCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NmE2YTIwMzJmOTZkNzAyMzcyMjIzOWM5ZmE1ZWRkNTU5
NmY4NjMwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWVjNjY2NmYzMzQ3MWU2N2Q2NDI1NGU0NTc5NmU2NmYxODc5ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjRl0CTq4VSTxlggINA3jO5Uup3o
t1wJ1qKGZh48Hy7ah5RkJl4hzwwvVCrydXbz/C2f5r+xDUtHUwMwTgHUWmuh0KhY
IoJr0eG72sPi40Hbh6kOioi9WvDziuoa58YTYEYz6W0mnDxWG7BEMO3TUoPL5DPc
hDi5h/bJdikgJw/UkD7WeXGpyD4wgWYDX4Oaehrvb2Pg1jONl0rfL6Qty6GGdITa
5uny3dEyzCTs+3ta6/VHlteW8EsN3spW4W4iOrfOFq0UQNjVzpoNQTQrQ6mhD6pX
nYJOIJG9gSmcgVHciM+MdF+Vethz7Sf6rSURb6kqX49n72e+zMluL2YpfwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIXsZmbzNHHmfWQlTkV5bmbxh50uMB8GA1UdIwQY
MBaAFPlqaiAy+W1wI3IiOcn6Xt1VlvhjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1XcHFJREw1YlhBamNpSTV5ZnBlM1ZXVy1HTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTYvMzc2ZTFmLTk2YjEtNGZlMS04Yjdh
LTEzZmY2YTBhZDQ0MS8xL2hleG1adk0wY2VaOVpDVk9SWGx1WnZHSG5TNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTYvMzc2ZTFmLTk2YjEtNGZlMS04YjdhLTEzZmY2YTBhZDQ0
MS8xLzEtV3BxSURMNWJYQWpjaUk1eWZwZTNWV1ctR00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb1fUw
DQYJKoZIhvcNAQELBQADggEBAG1ViLAP5gmgVSHqYfJkgon9YUO+7uEfxvlFxlwj
jAjDGi/WgOl+OU0S1AK7JgCp2DwiOtdoEz7HR47kUQtdbke5dYMs0WLdrNqtTMsv
IvrLYRLP8amdiZ40m+oVBEiDH9VFtaYPSsP1WnLgNSBzOebPZbQSvdsJ4Uf6Wr2S
1P1A556LUGceHdSleZp6QAa+zJ4jcvxtNvBiMKaw2bt5ZlHcje+Yiwg1LNWKLzJd
M5dyu3LFBhYZVXIdkdC+1tks8BN0pymASjY8BVmRnTlH0XnrdBawiERmQinQSXDV
YL2wndwXxLqNKBU2os4UY459hqjvnbXq+MST3jp/J+8dhHo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:49 2024 by rpki-client on console-fra.rpki-client.org