Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/keSNqW0HmxHuMl2TAvvSyKAOilE.roa
File:                     keSNqW0HmxHuMl2TAvvSyKAOilE.roa (raw, json)
Hash identifier:          1aj0NjG3HFkz/OnLitnZdRIuNvi5Ol8QieHArNMGG1E=
Subject key identifier:   91:E4:8D:A9:6D:07:9B:11:EE:32:5D:93:02:FB:D2:C8:A0:0E:8A:51
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018CC86F37824750E6503DE82EBEE0351DB7
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/keSNqW0HmxHuMl2TAvvSyKAOilE.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200082
IP address blocks:        91.221.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:37:82:47:50:e6:50:3d:e8:2e:be:e0:35:1d:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91e48da96d079b11ee325d9302fbd2c8a00e8a51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0a:12:56:08:3f:45:90:02:fd:36:a7:27:70:
                    f1:6f:de:1d:fc:ad:f9:59:4d:c6:d7:c5:15:b6:cb:
                    c3:1c:9a:37:95:ea:cf:9c:8a:65:16:06:75:a9:ff:
                    41:a9:d4:30:df:36:f1:d6:a2:b3:06:2d:96:1e:f3:
                    ca:67:06:70:5e:ba:4e:47:da:74:18:cd:02:41:b4:
                    42:cc:4c:97:a0:55:50:bb:83:a3:0a:77:14:77:ce:
                    f1:e6:b0:b5:9f:57:71:5a:a6:b3:8f:01:8d:ad:ef:
                    c8:86:31:d9:0f:89:33:1e:c8:84:84:b5:2d:83:5d:
                    38:b1:63:fc:77:73:b8:8a:08:15:c8:fc:e1:64:65:
                    76:b8:b4:02:ab:ca:3e:67:15:82:86:33:ad:47:ab:
                    98:47:09:58:03:d6:66:11:6d:85:94:6e:e2:dd:4e:
                    f5:e4:f4:17:21:9b:e4:a6:af:73:98:2f:15:9d:2a:
                    4a:64:8d:4c:82:4d:57:e3:38:d5:06:35:84:d1:4b:
                    f8:ea:15:ed:76:9b:f8:6d:ae:7d:76:4e:9b:10:13:
                    ee:25:6d:4c:69:8f:22:89:30:2e:54:e0:05:9a:1d:
                    7d:6a:3b:c4:d6:b2:88:68:67:e1:59:5b:31:fa:25:
                    59:0a:23:25:99:27:ce:b3:57:6d:0f:40:aa:95:8e:
                    ae:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E4:8D:A9:6D:07:9B:11:EE:32:5D:93:02:FB:D2:C8:A0:0E:8A:51
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/keSNqW0HmxHuMl2TAvvSyKAOilE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c3:be:0a:1d:1d:64:1e:f9:dc:4a:82:d1:76:73:04:e5:a2:
         41:7f:d9:e1:4c:75:db:b7:86:90:81:96:c2:55:ef:2d:48:91:
         4c:6c:e6:8e:c6:c3:32:11:f3:f8:a8:e5:1a:24:15:63:a6:6d:
         76:36:02:e0:d4:2d:2f:55:35:7b:93:58:61:14:32:13:bc:27:
         c5:6f:3a:b9:2b:2e:cd:85:69:c3:8f:7b:26:f3:85:f6:e5:ad:
         12:8d:a9:62:83:4c:2e:38:20:c1:2e:2e:2b:5e:82:c3:00:40:
         06:72:63:9b:8e:12:ab:52:f2:35:5f:b6:d5:8e:44:78:b3:2c:
         9d:66:40:f2:91:99:99:47:c8:49:8b:a0:e2:77:8b:3f:9d:48:
         cc:08:8a:1b:96:d4:73:cf:da:31:76:6a:fd:c6:a2:7a:db:7d:
         8d:0b:77:1c:8c:68:51:0d:95:d8:22:e7:7f:4e:56:ca:22:63:
         29:37:6d:0d:2c:3b:f4:d0:59:f0:eb:41:fe:a5:f7:ea:12:87:
         5d:f5:29:bd:46:20:9a:de:f1:b8:6d:82:3c:1b:3a:59:9f:de:
         19:b9:02:8f:eb:49:56:4e:ef:3f:ba:2a:66:ba:fd:c6:3b:ea:
         7a:6c:b2:9b:b3:b2:1c:d8:f9:e8:0a:54:8b:22:49:a6:b3:2c:
         63:15:4a:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzeCR1DmUD3oLr7gNR23MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWU0OGRhOTZkMDc5YjExZWUzMjVkOTMwMmZiZDJjOGEwMGU4YTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAoSVgg/RZAC/TanJ3Dxb94d/K35
WU3G18UVtsvDHJo3lerPnIplFgZ1qf9BqdQw3zbx1qKzBi2WHvPKZwZwXrpOR9p0
GM0CQbRCzEyXoFVQu4OjCncUd87x5rC1n1dxWqazjwGNre/IhjHZD4kzHsiEhLUt
g104sWP8d3O4iggVyPzhZGV2uLQCq8o+ZxWChjOtR6uYRwlYA9ZmEW2FlG7i3U71
5PQXIZvkpq9zmC8VnSpKZI1Mgk1X4zjVBjWE0Uv46hXtdpv4ba59dk6bEBPuJW1M
aY8iiTAuVOAFmh19ajvE1rKIaGfhWVsx+iVZCiMlmSfOs1dtD0CqlY6uHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHkjaltB5sR7jJdkwL70sigDopRMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEva2VTTnFXMEhteEh1TWwyVEF2dlN5S0FPaWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW911MA0G
CSqGSIb3DQEBCwUAA4IBAQBjw74KHR1kHvncSoLRdnME5aJBf9nhTHXbt4aQgZbC
Ve8tSJFMbOaOxsMyEfP4qOUaJBVjpm12NgLg1C0vVTV7k1hhFDITvCfFbzq5Ky7N
hWnDj3sm84X25a0Sjalig0wuOCDBLi4rXoLDAEAGcmObjhKrUvI1X7bVjkR4syyd
ZkDykZmZR8hJi6Did4s/nUjMCIobltRzz9oxdmr9xqJ6232NC3ccjGhRDZXYIud/
TlbKImMpN20NLDv00Fnw60H+pffqEodd9Sm9RiCa3vG4bYI8GzpZn94ZuQKP60lW
Tu8/uipmuv3GO+p6bLKbs7Ic2PnoClSLIkmmsyxjFUqv
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:40:38 2024 by rpki-client on console-fra.rpki-client.org