Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ODFnpVX1750dTcDx5lakCY5hzMA.roa
File:                     ODFnpVX1750dTcDx5lakCY5hzMA.roa (raw, json)
Hash identifier:          R9G0rI3ganz/ySmhWG//B/s3/8OdCZCrDskLI4vxMj4=
Subject key identifier:   38:31:67:A5:55:F5:EF:9D:1D:4D:C0:F1:E6:56:A4:09:8E:61:CC:C0
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013DA1DDEE0636D64D417E5E2F5A4D
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ODFnpVX1750dTcDx5lakCY5hzMA.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398104
IP address blocks:        2a01:488:bb1b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3d:a1:dd:ee:06:36:d6:4d:41:7e:5e:2f:5a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=383167a555f5ef9d1d4dc0f1e656a4098e61ccc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:21:66:c2:29:52:7c:9e:b0:3d:65:ca:a4:09:
                    d5:c0:65:95:63:6e:03:36:83:b7:d8:d8:a3:63:a6:
                    95:05:fb:1e:80:52:58:76:d3:9a:b1:5c:a2:40:a8:
                    28:10:e9:8e:56:e3:2a:a3:2d:62:8b:4b:72:da:a0:
                    da:bb:f3:0f:7f:82:08:9d:be:5e:8b:5a:bc:5c:c6:
                    93:a5:89:a2:af:d0:82:49:b7:f5:ea:24:84:b9:75:
                    68:bf:8f:ac:d1:79:a2:1e:bc:29:fd:c1:ae:9c:41:
                    80:20:88:ef:b9:55:6d:ff:13:32:4d:eb:0f:7d:e7:
                    3d:36:71:a1:29:03:e3:66:94:17:42:81:e7:c0:70:
                    e7:68:be:ee:05:4e:a9:16:69:d4:18:25:77:10:8c:
                    30:a8:91:f9:d3:e9:4d:8e:65:95:32:b8:c7:d0:bf:
                    98:28:f9:5d:fb:86:5e:84:3b:9e:f7:a5:0f:ef:af:
                    e7:ad:d8:e4:c2:cb:2b:f4:a9:e7:91:a6:80:8e:c8:
                    1d:dd:ef:ee:bd:ce:7a:90:40:d1:7d:0e:8b:d1:ec:
                    b2:57:01:a6:95:86:68:08:25:a5:54:66:1a:9d:b7:
                    a1:33:f9:79:90:c9:f4:e2:1b:28:0d:ff:dc:92:bb:
                    b8:cd:be:6e:5d:3a:54:7e:80:02:ca:6b:7e:b2:5c:
                    3c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:31:67:A5:55:F5:EF:9D:1D:4D:C0:F1:E6:56:A4:09:8E:61:CC:C0
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ODFnpVX1750dTcDx5lakCY5hzMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb1b::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:17:7a:3a:1e:72:d1:51:46:8c:dc:21:88:77:d1:84:1a:91:
         2e:b2:51:28:db:dc:c1:42:83:8b:7c:4b:39:2f:84:60:75:1e:
         90:56:03:2f:a8:fd:f7:36:88:4e:56:29:49:24:62:a1:21:eb:
         91:cc:b8:31:01:49:b7:1b:c3:89:d2:92:d3:ce:39:e4:91:5a:
         75:02:db:cc:9a:da:fc:13:64:0b:bf:1a:83:23:36:17:b1:6c:
         2b:4e:8d:a5:5b:2b:c5:00:41:e8:86:0c:b2:5f:64:a8:d2:b5:
         4b:fc:18:5a:93:e7:1a:8f:45:c1:bb:42:d5:3f:47:4e:b6:3e:
         0c:16:a0:44:16:e1:af:03:f0:c3:c8:d9:f8:9b:1d:96:ed:19:
         d0:9d:04:46:64:58:48:df:0e:4a:17:fc:b2:7f:76:76:85:cd:
         c3:91:00:e6:df:53:d9:21:b5:21:7c:7b:dd:70:f0:e9:e0:37:
         6b:88:38:63:ef:e5:f8:fa:59:a2:c3:c6:19:27:cc:fc:37:41:
         c6:e2:86:37:d2:52:7d:ce:03:53:f7:e1:b1:ab:96:b7:f9:b5:
         6a:d8:53:a0:9b:1b:26:29:d7:eb:72:a2:8f:a1:6f:0a:2b:ca:
         c3:d5:61:52:57:cd:31:7e:a0:44:d0:00:37:0d:c7:d6:7d:ac:
         ef:6a:ee:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAT2h3e4GNtZNQX5eL1pNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODMxNjdhNTU1ZjVlZjlkMWQ0ZGMwZjFlNjU2YTQwOThlNjFjY2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yFmwilSfJ6wPWXKpAnVwGWVY24D
NoO32NijY6aVBfsegFJYdtOasVyiQKgoEOmOVuMqoy1ii0ty2qDau/MPf4IInb5e
i1q8XMaTpYmir9CCSbf16iSEuXVov4+s0XmiHrwp/cGunEGAIIjvuVVt/xMyTesP
fec9NnGhKQPjZpQXQoHnwHDnaL7uBU6pFmnUGCV3EIwwqJH50+lNjmWVMrjH0L+Y
KPld+4ZehDue96UP76/nrdjkwssr9KnnkaaAjsgd3e/uvc56kEDRfQ6L0eyyVwGm
lYZoCCWlVGYanbehM/l5kMn04hsoDf/ckru4zb5uXTpUfoACymt+slw8bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDgxZ6VV9e+dHU3A8eZWpAmOYczAMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvT0RGbnBWWDE3NTBkVGNEeDVsYWtDWTVoek1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsb
MA0GCSqGSIb3DQEBCwUAA4IBAQBcF3o6HnLRUUaM3CGId9GEGpEuslEo29zBQoOL
fEs5L4RgdR6QVgMvqP33NohOVilJJGKhIeuRzLgxAUm3G8OJ0pLTzjnkkVp1AtvM
mtr8E2QLvxqDIzYXsWwrTo2lWyvFAEHohgyyX2So0rVL/Bhak+caj0XBu0LVP0dO
tj4MFqBEFuGvA/DDyNn4mx2W7RnQnQRGZFhI3w5KF/yyf3Z2hc3DkQDm31PZIbUh
fHvdcPDp4DdriDhj7+X4+lmiw8YZJ8z8N0HG4oY30lJ9zgNT9+Gxq5a3+bVq2FOg
mxsmKdfrcqKPoW8KK8rD1WFSV80xfqBE0AA3DcfWfazvau4R
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:19:58 2024 by rpki-client on console-ams.rpki-client.org