Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/W3dKgJbzuIBZ82yY1LHsO5eUNq8.roa
File:                     W3dKgJbzuIBZ82yY1LHsO5eUNq8.roa (raw, json)
Hash identifier:          +nvMMA0NQ/6uahRlvXx0+I7fP0ImclGKhst1TucUxw4=
Subject key identifier:   5B:77:4A:80:96:F3:B8:80:59:F3:6C:98:D4:B1:EC:3B:97:94:36:AF
Certificate issuer:       /CN=4b9a3b9e10232095c18d2644440ce5c58a138b35
Certificate serial:       018CC6B8C17CD32583C2CD0B77ACF2D7511A
Authority key identifier: 4B:9A:3B:9E:10:23:20:95:C1:8D:26:44:44:0C:E5:C5:8A:13:8B:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/W3dKgJbzuIBZ82yY1LHsO5eUNq8.roa
Signing time:             Mon 01 Jan 2024 20:30:46 +0000
ROA not before:           Mon 01 Jan 2024 20:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20777
IP address blocks:        194.125.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c1:7c:d3:25:83:c2:cd:0b:77:ac:f2:d7:51:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9a3b9e10232095c18d2644440ce5c58a138b35
        Validity
            Not Before: Jan  1 20:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b774a8096f3b88059f36c98d4b1ec3b979436af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:80:2e:4d:df:96:ac:62:73:d1:a3:95:ad:c1:
                    78:db:0a:01:b3:93:ce:9c:a6:91:10:d4:63:ca:2d:
                    f9:e2:1b:51:77:d7:27:e0:bf:80:28:67:24:65:49:
                    ab:4d:b3:74:aa:01:b6:4c:d1:d5:43:fe:e0:56:7c:
                    1b:ce:2f:77:a9:40:be:a5:db:f3:7f:6a:9a:a5:55:
                    56:87:36:21:fa:fa:ae:94:73:66:3b:47:ab:82:22:
                    ce:af:07:76:80:4d:a9:98:5d:68:4b:c2:d1:f7:53:
                    e4:77:aa:00:b8:a3:bd:2e:64:37:e4:02:a5:2c:26:
                    9b:76:17:dd:ea:5d:8b:9e:4a:55:b5:71:2f:ef:5c:
                    22:34:35:ce:94:2e:90:d6:ef:19:f2:18:d3:38:fd:
                    44:01:72:15:f9:b1:43:4d:10:67:4a:18:d7:32:1e:
                    64:17:69:d9:e0:17:3f:65:4a:e0:3d:73:f7:02:4d:
                    2c:f3:a6:c7:5f:3d:ec:37:c0:44:8d:1f:05:78:61:
                    10:62:d2:f3:a0:48:b4:29:22:8d:1b:f4:73:8e:70:
                    c6:7c:26:45:8c:93:da:91:70:e3:cc:bb:46:08:9d:
                    6d:91:a3:ae:4e:4b:e4:35:2c:45:b7:e2:d7:af:63:
                    03:99:1b:dc:cb:b2:48:19:be:af:3f:b3:c9:65:da:
                    b8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:77:4A:80:96:F3:B8:80:59:F3:6C:98:D4:B1:EC:3B:97:94:36:AF
            X509v3 Authority Key Identifier:
                keyid:4B:9A:3B:9E:10:23:20:95:C1:8D:26:44:44:0C:E5:C5:8A:13:8B:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/W3dKgJbzuIBZ82yY1LHsO5eUNq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.125.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:f9:3f:c2:b8:42:3d:1e:1c:a2:03:56:4e:f9:97:d2:65:16:
         5d:d1:84:44:32:96:b6:17:4e:49:2a:27:78:a1:8f:90:8f:26:
         d9:e3:89:15:ab:dc:4d:1e:14:4e:85:95:ed:34:84:62:67:46:
         dd:e7:9c:53:88:f8:52:8f:3d:72:00:9c:17:ef:97:64:cb:a9:
         0e:c3:4d:6d:f8:ba:4d:08:c6:1a:a4:6d:d8:42:8f:b8:28:7f:
         1a:f8:97:d3:fb:8d:11:0b:56:94:e5:24:a5:2a:96:85:7b:36:
         19:92:3c:17:99:89:31:db:31:68:83:6c:86:79:17:93:92:1a:
         c7:ad:03:c0:21:1e:09:06:02:89:b3:80:2c:a3:bd:28:af:a6:
         82:c8:93:5c:bb:ed:79:7e:b6:a5:b6:cd:a4:e3:44:3a:d4:c4:
         ec:19:ea:9e:b8:07:d4:6e:ce:ac:d8:72:06:45:56:96:8f:ae:
         82:39:25:1d:20:a3:31:d8:3b:b0:19:27:4b:b3:2c:c2:bc:19:
         37:4d:bf:6c:4c:a2:2d:3d:2f:c0:fc:9f:ed:68:0b:92:ab:b6:
         5c:92:40:f3:90:6c:e2:80:57:b3:b6:87:e0:f5:18:5b:ed:a0:
         fa:25:51:6c:fc:46:e5:c9:0b:2a:cf:40:10:33:a6:68:11:be:
         b1:95:f8:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuMF80yWDws0Ld6zy11EaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOWEzYjllMTAyMzIwOTVjMThkMjY0NDQ0MGNlNWM1OGEx
MzhiMzUwHhcNMjQwMTAxMjAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjc3NGE4MDk2ZjNiODgwNTlmMzZjOThkNGIxZWMzYjk3OTQzNmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYAuTd+WrGJz0aOVrcF42woBs5PO
nKaRENRjyi354htRd9cn4L+AKGckZUmrTbN0qgG2TNHVQ/7gVnwbzi93qUC+pdvz
f2qapVVWhzYh+vqulHNmO0ergiLOrwd2gE2pmF1oS8LR91Pkd6oAuKO9LmQ35AKl
LCabdhfd6l2LnkpVtXEv71wiNDXOlC6Q1u8Z8hjTOP1EAXIV+bFDTRBnShjXMh5k
F2nZ4Bc/ZUrgPXP3Ak0s86bHXz3sN8BEjR8FeGEQYtLzoEi0KSKNG/RzjnDGfCZF
jJPakXDjzLtGCJ1tkaOuTkvkNSxFt+LXr2MDmRvcy7JIGb6vP7PJZdq46wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFt3SoCW87iAWfNsmNSx7DuXlDavMB8GA1UdIwQY
MBaAFEuaO54QIyCVwY0mREQM5cWKE4s1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVvN25oQWpJSlhCalNaRVJBemx4WW9UaXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mMjFlZTAtZDczMC00NWRiLTk3YmQt
YzM0YmUwM2MxNWRiLzEvVzNkS2dKYnp1SUJaODJ5WTFMSHNPNWVVTnE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mMjFlZTAtZDczMC00NWRiLTk3YmQtYzM0YmUwM2MxNWRi
LzEvUzVvN25oQWpJSlhCalNaRVJBemx4WW9UaXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn3xMA0G
CSqGSIb3DQEBCwUAA4IBAQAB+T/CuEI9HhyiA1ZO+ZfSZRZd0YREMpa2F05JKid4
oY+QjybZ44kVq9xNHhROhZXtNIRiZ0bd55xTiPhSjz1yAJwX75dky6kOw01t+LpN
CMYapG3YQo+4KH8a+JfT+40RC1aU5SSlKpaFezYZkjwXmYkx2zFog2yGeReTkhrH
rQPAIR4JBgKJs4Aso70or6aCyJNcu+15fralts2k40Q61MTsGeqeuAfUbs6s2HIG
RVaWj66COSUdIKMx2DuwGSdLsyzCvBk3Tb9sTKItPS/A/J/taAuSq7ZckkDzkGzi
gFeztofg9Rhb7aD6JVFs/EblyQsqz0AQM6ZoEb6xlfjT
-----END CERTIFICATE-----
Generated at Fri Jun 7 15:47:19 2024 by rpki-client on console-fra.rpki-client.org