Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/MINxqZH38G1piNGUv6iMClLklNI.roa
File:                     MINxqZH38G1piNGUv6iMClLklNI.roa (raw, json)
Hash identifier:          Ttk96DAJwGQUHRYRf32ndDFYljm/FfGXuQrRM6Bd+Aw=
Subject key identifier:   30:83:71:A9:91:F7:F0:6D:69:88:D1:94:BF:A8:8C:0A:52:E4:94:D2
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       018CC26D20C1103127B22F76ACAEADD2AFCC
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/MINxqZH38G1piNGUv6iMClLklNI.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     996
IP address blocks:        217.77.16.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:20:c1:10:31:27:b2:2f:76:ac:ae:ad:d2:af:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=308371a991f7f06d6988d194bfa88c0a52e494d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:89:72:5f:1a:f9:cf:5e:40:12:8a:3a:15:9d:
                    16:d6:40:65:92:7a:99:5e:f1:1b:b4:c1:a0:9f:6d:
                    de:4a:f5:e4:cc:82:ee:2f:e7:5f:64:39:db:31:55:
                    e6:e4:07:15:15:54:4f:9f:87:72:ef:36:fe:2a:43:
                    82:d9:54:de:d7:d1:91:6c:80:20:61:9f:74:bc:ff:
                    12:30:71:02:44:be:92:f7:62:30:93:4f:43:c6:10:
                    e5:af:17:8d:60:0f:7a:e1:23:98:6b:f5:7c:d8:60:
                    ca:a5:d2:e7:c6:57:f2:68:f3:b0:54:42:7d:64:91:
                    eb:db:59:f3:e6:a0:98:57:05:12:26:0f:8f:57:1e:
                    ab:ad:86:d9:a3:cf:24:09:f9:a5:c4:9d:7c:8e:ff:
                    fa:eb:fc:2f:49:54:57:4f:23:fe:84:c6:1f:a5:94:
                    d6:20:2e:49:60:5d:23:11:ab:df:b1:b6:55:e0:35:
                    55:d3:1d:23:bf:c8:87:6d:d2:6e:05:fc:e3:fe:00:
                    6f:1f:d6:f8:7d:c0:15:d2:2e:dd:9c:ae:e3:ac:46:
                    7a:39:a1:00:20:40:8a:62:f5:58:b3:7a:5f:25:01:
                    0b:8b:37:c2:73:a3:07:40:37:7f:56:13:a3:10:46:
                    5c:b0:9f:d3:24:20:9b:ae:c9:22:dc:08:96:0c:a5:
                    53:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:83:71:A9:91:F7:F0:6D:69:88:D1:94:BF:A8:8C:0A:52:E4:94:D2
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/MINxqZH38G1piNGUv6iMClLklNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.77.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2d:b6:76:73:f0:7a:ed:d3:02:06:76:14:68:67:ce:87:d5:2e:
         df:4e:34:c6:5b:e3:47:84:27:be:b0:8a:bb:19:e4:5e:34:b8:
         8b:0f:1a:00:50:87:ab:2b:02:46:bf:a4:61:ce:fa:dc:31:c0:
         f8:22:d8:5a:5e:0a:2c:d4:ac:4c:74:0b:21:67:54:76:29:de:
         d3:b6:b0:95:3e:e4:9a:fc:a9:b8:21:0b:e3:fb:98:a0:9d:32:
         4b:63:95:ec:30:a1:1a:90:8b:fc:64:ef:2b:1d:56:a1:61:8f:
         8a:89:ee:1f:92:83:de:5b:ff:38:2a:d4:26:aa:a4:18:26:e0:
         de:77:3e:32:d0:bb:30:08:9c:05:5e:e6:95:6a:cf:2d:e4:1c:
         16:53:92:bb:58:71:2f:4f:21:b8:0c:73:a2:f6:29:62:0d:9e:
         98:64:0e:43:a4:f1:9d:4b:5a:aa:3b:9e:a4:ea:53:21:6d:58:
         26:9f:f8:5f:33:03:a4:d8:e9:2a:87:4b:99:8a:8a:de:3a:5a:
         ab:d7:87:c0:fb:72:e3:6d:90:80:5e:53:79:92:7e:05:ab:12:
         8e:7a:ef:f7:5d:da:0b:6b:48:cd:fd:ac:be:c7:f1:7c:f3:18:
         37:d6:83:60:b0:80:cd:c2:f4:df:be:69:ce:c3:e9:49:4e:98:
         a1:d8:3b:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSDBEDEnsi92rK6t0q/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDgzNzFhOTkxZjdmMDZkNjk4OGQxOTRiZmE4OGMwYTUyZTQ5NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIlyXxr5z15AEoo6FZ0W1kBlknqZ
XvEbtMGgn23eSvXkzILuL+dfZDnbMVXm5AcVFVRPn4dy7zb+KkOC2VTe19GRbIAg
YZ90vP8SMHECRL6S92Iwk09DxhDlrxeNYA964SOYa/V82GDKpdLnxlfyaPOwVEJ9
ZJHr21nz5qCYVwUSJg+PVx6rrYbZo88kCfmlxJ18jv/66/wvSVRXTyP+hMYfpZTW
IC5JYF0jEavfsbZV4DVV0x0jv8iHbdJuBfzj/gBvH9b4fcAV0i7dnK7jrEZ6OaEA
IECKYvVYs3pfJQELizfCc6MHQDd/VhOjEEZcsJ/TJCCbrski3AiWDKVTNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCDcamR9/BtaYjRlL+ojApS5JTSMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvTUlOeHFaSDM4RzFwaU5HVXY2aU1DbExrbE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2U0QMA0G
CSqGSIb3DQEBCwUAA4IBAQAttnZz8Hrt0wIGdhRoZ86H1S7fTjTGW+NHhCe+sIq7
GeReNLiLDxoAUIerKwJGv6RhzvrcMcD4IthaXgos1KxMdAshZ1R2Kd7TtrCVPuSa
/Km4IQvj+5ignTJLY5XsMKEakIv8ZO8rHVahYY+Kie4fkoPeW/84KtQmqqQYJuDe
dz4y0LswCJwFXuaVas8t5BwWU5K7WHEvTyG4DHOi9iliDZ6YZA5DpPGdS1qqO56k
6lMhbVgmn/hfMwOk2Okqh0uZioreOlqr14fA+3LjbZCAXlN5kn4FqxKOeu/3XdoL
a0jN/ay+x/F88xg31oNgsIDNwvTfvmnOw+lJTpih2DtH
-----END CERTIFICATE-----
Generated at Fri Nov 22 08:16:35 2024 by rpki-client on console-fra.rpki-client.org