Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/49eQk9OAN4QMHK771ZTkRdlJOVI.roa
File:                     49eQk9OAN4QMHK771ZTkRdlJOVI.roa (raw, json)
Hash identifier:          wMGqRql9PYqa0zJZMLFUVBB/H07P0istAZ1scvSzdb0=
Subject key identifier:   E3:D7:90:93:D3:80:37:84:0C:1C:AE:FB:D5:94:E4:45:D9:49:39:52
Certificate issuer:       /CN=b60aac104376b79dd6829091947b779c989af68b
Certificate serial:       018CC4923DFEDA557951833B9A18D922A264
Authority key identifier: B6:0A:AC:10:43:76:B7:9D:D6:82:90:91:94:7B:77:9C:98:9A:F6:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tgqsEEN2t53WgpCRlHt3nJia9os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/49eQk9OAN4QMHK771ZTkRdlJOVI.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29551
IP address blocks:        194.153.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/tgqsEEN2t53WgpCRlHt3nJia9os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/tgqsEEN2t53WgpCRlHt3nJia9os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tgqsEEN2t53WgpCRlHt3nJia9os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3d:fe:da:55:79:51:83:3b:9a:18:d9:22:a2:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b60aac104376b79dd6829091947b779c989af68b
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3d79093d38037840c1caefbd594e445d9493952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e4:57:8f:8e:77:cb:f5:53:8d:3a:7e:53:52:
                    5c:b9:8e:5e:a7:97:be:07:c0:e2:43:3d:ab:c9:5f:
                    51:24:30:65:88:23:73:95:ee:d8:a3:db:f9:b2:78:
                    6c:22:6b:15:19:d3:d9:76:e3:02:a6:06:b4:0e:b1:
                    0e:21:72:4e:58:7f:a4:43:94:e0:12:11:f2:a7:2e:
                    3c:ed:15:37:38:e1:63:b0:81:80:96:a6:87:4e:43:
                    50:89:c6:74:5d:b4:21:5f:36:af:d6:9a:e3:52:74:
                    9a:2a:1f:ab:51:c5:4e:1f:f0:52:aa:9a:76:18:de:
                    e8:d5:83:3e:a0:c9:d1:53:04:ce:84:17:5c:25:13:
                    84:29:2f:b9:b3:11:87:ca:b0:c3:b2:19:71:53:56:
                    72:64:7f:87:8d:bf:ca:de:8a:3b:10:a1:87:7a:01:
                    d5:81:91:0d:56:4f:5b:24:9e:fa:68:27:51:33:86:
                    38:cf:63:49:d9:37:63:fc:fc:c1:aa:34:be:9c:65:
                    8b:e3:dc:cf:6a:35:fa:82:0b:43:5b:1f:c9:19:66:
                    37:4d:0b:5f:50:39:e4:d7:53:59:da:a2:07:ee:18:
                    f3:ca:ff:e0:7f:8e:3e:fa:92:52:be:d6:84:4b:0c:
                    f0:56:27:c9:95:6e:e6:1f:97:7c:04:99:7e:9a:18:
                    0a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:D7:90:93:D3:80:37:84:0C:1C:AE:FB:D5:94:E4:45:D9:49:39:52
            X509v3 Authority Key Identifier:
                keyid:B6:0A:AC:10:43:76:B7:9D:D6:82:90:91:94:7B:77:9C:98:9A:F6:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tgqsEEN2t53WgpCRlHt3nJia9os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/49eQk9OAN4QMHK771ZTkRdlJOVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/tgqsEEN2t53WgpCRlHt3nJia9os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:f4:92:52:30:7f:e5:0b:a7:22:5e:69:1b:a9:2c:89:1c:ce:
         9d:cf:db:78:ab:e2:79:68:1d:73:8d:3d:ec:9d:fb:a4:94:5b:
         e2:df:45:5c:0d:df:a3:02:46:9d:87:b3:08:a0:3a:c4:62:c4:
         c0:83:ce:c0:3c:d3:0a:82:27:82:0a:51:e4:15:e8:d8:83:34:
         0b:fb:ac:a8:ed:6f:dc:10:55:ba:bd:a9:57:8c:12:39:f3:4d:
         d5:08:74:59:eb:4c:bd:7d:a5:40:e2:2d:55:10:84:fe:90:64:
         de:df:53:f3:55:d3:34:35:9f:99:10:47:3b:ba:d7:25:e2:3a:
         88:f6:ee:0e:38:16:13:b2:d7:ae:d7:49:bf:e4:8e:37:42:4e:
         06:5d:54:d5:2e:13:76:e9:1a:76:16:fc:2b:b4:be:c6:d5:3d:
         ed:f0:d0:55:fb:a4:a1:73:28:04:77:fd:92:ee:54:52:44:6c:
         c3:fb:eb:8b:a7:25:af:31:a7:39:0f:42:c0:20:41:39:af:ef:
         0d:67:b2:bc:db:18:33:9e:0e:fd:94:5f:9f:e5:7d:c4:da:44:
         bd:e5:6c:17:30:6e:ef:f3:f5:07:d0:71:af:52:a0:9c:40:c2:
         2e:f6:e2:d7:46:fd:d9:3f:27:a1:c8:96:02:e0:a0:4e:35:7d:
         cd:1e:f4:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkj3+2lV5UYM7mhjZIqJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MGFhYzEwNDM3NmI3OWRkNjgyOTA5MTk0N2I3NzljOTg5
YWY2OGIwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2Q3OTA5M2QzODAzNzg0MGMxY2FlZmJkNTk0ZTQ0NWQ5NDkzOTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueRXj453y/VTjTp+U1JcuY5ep5e+
B8DiQz2ryV9RJDBliCNzle7Yo9v5snhsImsVGdPZduMCpga0DrEOIXJOWH+kQ5Tg
EhHypy487RU3OOFjsIGAlqaHTkNQicZ0XbQhXzav1prjUnSaKh+rUcVOH/BSqpp2
GN7o1YM+oMnRUwTOhBdcJROEKS+5sxGHyrDDshlxU1ZyZH+Hjb/K3oo7EKGHegHV
gZENVk9bJJ76aCdRM4Y4z2NJ2Tdj/PzBqjS+nGWL49zPajX6ggtDWx/JGWY3TQtf
UDnk11NZ2qIH7hjzyv/gf44++pJSvtaESwzwVifJlW7mH5d8BJl+mhgKfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPXkJPTgDeEDByu+9WU5EXZSTlSMB8GA1UdIwQY
MBaAFLYKrBBDdred1oKQkZR7d5yYmvaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGdxc0VFTjJ0NTNXZ3BDUmxIdDNuSmlhOW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9lYWJiOWEtOWEwNy00ODY3LTk3MGIt
MmIxZGE2MjRmN2JjLzEvNDllUWs5T0FONFFNSEs3NzFaVGtSZGxKT1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9lYWJiOWEtOWEwNy00ODY3LTk3MGItMmIxZGE2MjRmN2Jj
LzEvdGdxc0VFTjJ0NTNXZ3BDUmxIdDNuSmlhOW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwplXMA0G
CSqGSIb3DQEBCwUAA4IBAQBS9JJSMH/lC6ciXmkbqSyJHM6dz9t4q+J5aB1zjT3s
nfuklFvi30VcDd+jAkadh7MIoDrEYsTAg87APNMKgieCClHkFejYgzQL+6yo7W/c
EFW6valXjBI5803VCHRZ60y9faVA4i1VEIT+kGTe31PzVdM0NZ+ZEEc7utcl4jqI
9u4OOBYTsteu10m/5I43Qk4GXVTVLhN26Rp2FvwrtL7G1T3t8NBV+6ShcygEd/2S
7lRSRGzD++uLpyWvMac5D0LAIEE5r+8NZ7K82xgzng79lF+f5X3E2kS95WwXMG7v
8/UH0HGvUqCcQMIu9uLXRv3ZPyehyJYC4KBONX3NHvTD
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:21:15 2024 by rpki-client on console-ams.rpki-client.org