Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/QO6ltz5rR6R0OyF27AZcTidvnIA.roa
File:                     QO6ltz5rR6R0OyF27AZcTidvnIA.roa (raw, json)
Hash identifier:          cFbojVfp+pG0LwrYO2rhKLzjewc6Ys9zNeee3bwBz0w=
Subject key identifier:   40:EE:A5:B7:3E:6B:47:A4:74:3B:21:76:EC:06:5C:4E:27:6F:9C:80
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D01F170ACD1C3CD90F8B621765CF4
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/QO6ltz5rR6R0OyF27AZcTidvnIA.roa
Signing time:             Tue 02 Jan 2024 08:31:56 +0000
ROA not before:           Tue 02 Jan 2024 08:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199459
IP address blocks:        2a0a:280:2800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:01:f1:70:ac:d1:c3:cd:90:f8:b6:21:76:5c:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40eea5b73e6b47a4743b2176ec065c4e276f9c80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ae:dd:5e:bf:bd:6b:8e:8c:fc:d9:41:29:02:
                    ab:5d:08:1b:7e:a7:47:78:ae:1e:6b:57:7b:a0:7c:
                    d7:b5:9b:b8:8d:69:32:ae:e1:4f:1b:2e:b1:2b:8c:
                    4e:8f:42:44:a8:3b:d2:b0:f0:b7:79:0f:05:64:6d:
                    f1:ad:6c:3f:03:ba:ff:24:63:3d:3d:21:1a:71:c7:
                    f5:0f:f8:b4:da:13:14:03:a6:d8:61:d2:0f:83:98:
                    b9:51:a3:a9:5c:5e:26:49:cd:9e:29:d1:eb:9f:7c:
                    58:b4:e8:dd:bf:36:69:2a:fd:44:d9:68:cf:77:17:
                    1f:3d:fe:53:26:55:31:b7:47:55:25:fb:dc:17:27:
                    7c:94:d7:47:1b:8e:33:63:ca:58:4a:96:44:74:aa:
                    ac:a7:28:c8:8b:79:47:b4:bb:26:92:21:5b:3c:1d:
                    cc:c3:db:31:f9:89:fd:85:4e:70:bc:79:55:97:12:
                    1d:d4:64:a3:bb:f6:c3:ca:b4:f7:78:cd:6e:3f:a7:
                    f4:47:87:33:c2:ab:b6:53:89:d7:70:5d:34:ec:cc:
                    06:ef:b8:0d:32:76:9e:40:01:72:b7:fe:64:1a:df:
                    57:00:c2:d8:81:af:36:c9:d8:ae:4b:19:14:fe:e1:
                    a8:6b:fd:c5:7d:39:a3:6e:b5:71:51:ad:f6:ae:18:
                    08:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:EE:A5:B7:3E:6B:47:A4:74:3B:21:76:EC:06:5C:4E:27:6F:9C:80
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/QO6ltz5rR6R0OyF27AZcTidvnIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         98:92:19:df:e7:f7:5c:08:75:66:62:94:bb:d7:e2:44:ad:ad:
         6b:9e:d5:f1:b4:3d:95:b1:ba:3c:72:f9:0e:3f:bd:ff:95:50:
         46:13:af:1f:d6:ed:1f:1e:b7:e0:95:c6:02:a5:92:75:15:dc:
         d2:fa:1b:6c:59:95:1c:95:be:a6:f3:32:13:3b:84:c3:70:91:
         09:8c:08:a7:22:2f:cf:a2:5f:9e:b5:11:09:be:f2:9a:ea:ae:
         9b:4e:4e:1b:22:cf:1e:96:09:54:2d:b2:ab:c8:78:5f:c3:11:
         2b:f3:2c:1c:f8:70:da:d3:6c:32:67:58:e7:a2:00:8b:32:8b:
         20:1d:7b:8a:90:1d:5a:aa:2a:d3:c5:03:cb:a9:f3:37:d3:6a:
         fc:7d:bf:9c:e8:ed:77:e6:4d:70:7d:cc:a8:a6:59:c9:99:45:
         85:17:b6:37:ed:95:ae:a7:80:83:7f:99:82:54:20:45:0e:28:
         9a:bf:2a:0d:95:1e:7b:9a:6e:c7:63:4a:4d:14:df:14:9d:79:
         85:59:dc:de:d5:9c:9e:d1:42:e8:e3:76:ba:83:4a:2e:31:8c:
         69:20:e1:db:1b:6a:be:cd:34:b6:23:7c:99:8d:69:b9:fc:b8:
         5c:c3:6d:54:55:42:1c:bf:26:61:1d:8d:62:1f:9c:65:30:5b:
         4d:e5:24:e6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQHxcKzRw82Q+LYhdlz0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGVlYTViNzNlNmI0N2E0NzQzYjIxNzZlYzA2NWM0ZTI3NmY5YzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK7dXr+9a46M/NlBKQKrXQgbfqdH
eK4ea1d7oHzXtZu4jWkyruFPGy6xK4xOj0JEqDvSsPC3eQ8FZG3xrWw/A7r/JGM9
PSEaccf1D/i02hMUA6bYYdIPg5i5UaOpXF4mSc2eKdHrn3xYtOjdvzZpKv1E2WjP
dxcfPf5TJlUxt0dVJfvcFyd8lNdHG44zY8pYSpZEdKqspyjIi3lHtLsmkiFbPB3M
w9sx+Yn9hU5wvHlVlxId1GSju/bDyrT3eM1uP6f0R4czwqu2U4nXcF007MwG77gN
MnaeQAFyt/5kGt9XAMLYga82ydiuSxkU/uGoa/3FfTmjbrVxUa32rhgI6QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEDupbc+a0ekdDshduwGXE4nb5yAMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvUU82bHR6NXJSNlIwT3lGMjdBWmNUaWR2bklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCgw
DQYJKoZIhvcNAQELBQADggEBAJiSGd/n91wIdWZilLvX4kStrWue1fG0PZWxujxy
+Q4/vf+VUEYTrx/W7R8et+CVxgKlknUV3NL6G2xZlRyVvqbzMhM7hMNwkQmMCKci
L8+iX561EQm+8prqrptOThsizx6WCVQtsqvIeF/DESvzLBz4cNrTbDJnWOeiAIsy
iyAde4qQHVqqKtPFA8up8zfTavx9v5zo7XfmTXB9zKimWcmZRYUXtjftla6ngIN/
mYJUIEUOKJq/Kg2VHnuabsdjSk0U3xSdeYVZ3N7VnJ7RQujjdrqDSi4xjGkg4dsb
ar7NNLYjfJmNabn8uFzDbVRVQhy/JmEdjWIfnGUwW03lJOY=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:39:22 2024 by rpki-client on console-fra.rpki-client.org