Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/i4hV2A65IeHohLh2YK4F0CaRzpY.roa
File:                     i4hV2A65IeHohLh2YK4F0CaRzpY.roa (raw, json)
Hash identifier:          /fpnt1+vePN1fcA/2rIiLevMQcaQxreQtbKIXisvBKA=
Subject key identifier:   8B:88:55:D8:0E:B9:21:E1:E8:84:B8:76:60:AE:05:D0:26:91:CE:96
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D0A13DEA1EDBFC632A7ADA7B0F8D
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/i4hV2A65IeHohLh2YK4F0CaRzpY.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4546
IP address blocks:        213.41.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 07:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d0:a1:3d:ea:1e:db:fc:63:2a:7a:da:7b:0f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b8855d80eb921e1e884b87660ae05d02691ce96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f2:65:3c:bb:93:dc:79:73:53:27:21:6c:3e:
                    3c:2a:97:4e:de:0e:f6:c8:26:d5:d6:7b:31:5c:4e:
                    90:75:b8:e9:5c:f7:8d:6b:53:29:75:24:d4:75:a3:
                    58:30:86:bb:d7:69:46:cf:a3:e5:4a:a2:88:a8:54:
                    2c:6c:e0:41:53:e9:d3:42:55:29:97:49:3e:e0:c3:
                    b0:7d:3f:56:cb:d2:c1:4f:b8:11:80:98:79:ef:85:
                    c8:e2:b3:bc:19:36:61:5a:9a:58:77:d4:fb:e9:55:
                    77:46:af:d9:36:29:42:23:1f:dc:1d:96:d3:68:49:
                    06:4d:7b:a9:67:9b:74:a1:06:7c:15:bd:35:eb:b3:
                    b4:e6:d6:da:52:a7:11:11:f5:ff:04:95:fb:f9:77:
                    cf:3d:c7:44:f9:7a:dc:f9:3e:19:88:e8:c7:2a:c8:
                    23:2f:f1:43:76:0f:51:7a:39:13:17:75:45:1b:24:
                    73:fc:5f:8a:44:ae:7f:02:94:d8:05:56:e7:53:d3:
                    96:bd:91:56:e3:ba:25:fa:0a:f5:81:86:75:f9:31:
                    4a:1f:f8:26:a0:ec:36:7e:21:9c:79:e6:36:91:2c:
                    eb:e8:50:50:f2:4d:32:74:23:07:c0:61:d9:bc:19:
                    2f:8d:4a:8e:f6:93:f3:f0:f6:b9:c7:4c:ca:00:9b:
                    6f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:88:55:D8:0E:B9:21:E1:E8:84:B8:76:60:AE:05:D0:26:91:CE:96
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/i4hV2A65IeHohLh2YK4F0CaRzpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.41.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:6a:27:f9:41:0a:7e:6d:bb:a2:07:e7:1c:a4:89:e8:bd:12:
         b7:3e:22:33:90:83:4b:6b:01:7d:a5:96:ca:06:c9:56:09:e6:
         f3:eb:51:ff:35:b6:e6:ee:e5:21:ca:6d:72:37:ec:a8:fc:24:
         8e:45:c6:d4:3c:1e:5f:fa:5e:32:3b:6c:5f:62:e4:44:ed:a4:
         20:dc:70:09:9d:f4:d6:8f:52:cc:d8:d5:41:6d:5c:91:b8:15:
         b0:f9:ff:b8:08:5a:6a:ab:61:47:02:96:25:7f:cd:89:57:29:
         5a:ef:21:dc:68:fe:f9:9b:a7:ba:78:97:13:9e:eb:80:c6:b6:
         33:08:51:a7:e3:d6:63:f9:31:f4:1b:b7:0f:b0:6a:09:40:72:
         23:32:10:9f:b7:5c:f6:e6:03:eb:76:d3:dd:5e:c9:f1:7b:18:
         1f:92:1a:b7:41:e3:fe:8f:b0:0a:35:e8:78:22:b0:03:59:e4:
         b1:00:45:fe:a6:0e:9c:db:be:3c:b5:86:64:61:eb:19:9d:a1:
         83:c0:c8:bb:30:55:18:98:da:f5:e9:e6:f6:f9:22:35:9a:17:
         83:e6:9b:a3:6d:c5:da:ce:4e:3a:f3:b2:0e:a8:ad:f3:c4:ca:
         86:1a:aa:8b:75:ed:be:94:aa:95:77:fa:87:e8:5b:83:dd:34:
         3e:9a:da:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttChPeoe2/xjKnraew+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjg4NTVkODBlYjkyMWUxZTg4NGI4NzY2MGFlMDVkMDI2OTFjZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/JlPLuT3HlzUychbD48KpdO3g72
yCbV1nsxXE6QdbjpXPeNa1MpdSTUdaNYMIa712lGz6PlSqKIqFQsbOBBU+nTQlUp
l0k+4MOwfT9Wy9LBT7gRgJh574XI4rO8GTZhWppYd9T76VV3Rq/ZNilCIx/cHZbT
aEkGTXupZ5t0oQZ8Fb0167O05tbaUqcREfX/BJX7+XfPPcdE+Xrc+T4ZiOjHKsgj
L/FDdg9RejkTF3VFGyRz/F+KRK5/ApTYBVbnU9OWvZFW47ol+gr1gYZ1+TFKH/gm
oOw2fiGceeY2kSzr6FBQ8k0ydCMHwGHZvBkvjUqO9pPz8Pa5x0zKAJtvdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuIVdgOuSHh6IS4dmCuBdAmkc6WMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvaTRoVjJBNjVJZUhvaExoMllLNEYwQ2FSenBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SlbMA0G
CSqGSIb3DQEBCwUAA4IBAQB1aif5QQp+bbuiB+ccpInovRK3PiIzkINLawF9pZbK
BslWCebz61H/Nbbm7uUhym1yN+yo/CSORcbUPB5f+l4yO2xfYuRE7aQg3HAJnfTW
j1LM2NVBbVyRuBWw+f+4CFpqq2FHApYlf82JVyla7yHcaP75m6e6eJcTnuuAxrYz
CFGn49Zj+TH0G7cPsGoJQHIjMhCft1z25gPrdtPdXsnxexgfkhq3QeP+j7AKNeh4
IrADWeSxAEX+pg6c2748tYZkYesZnaGDwMi7MFUYmNr16eb2+SI1mheD5pujbcXa
zk4687IOqK3zxMqGGqqLde2+lKqVd/qH6FuD3TQ+mtoF
-----END CERTIFICATE-----
Generated at Tue Jun 4 10:27:48 2024 by rpki-client on console-ams.rpki-client.org