Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/bd7209-44e9-423e-84a4-b89dc4fd6ee0/1/GUsXt5ltAUsXRIxTor8qU5XY0gY.roa
File:                     GUsXt5ltAUsXRIxTor8qU5XY0gY.roa (raw, json)
Hash identifier:          5wtnb9pG4fS33KCvW4/s2BNWxUZIY9BZ7FdiFz1fz+g=
Subject key identifier:   19:4B:17:B7:99:6D:01:4B:17:44:8C:53:A2:BF:2A:53:95:D8:D2:06
Certificate issuer:       /CN=cbb525e263a95b1652064bdff8964d4bf62b533d
Certificate serial:       0193153DCDBA2C4C39E63A8ED88CCB07A8C7
Authority key identifier: CB:B5:25:E2:63:A9:5B:16:52:06:4B:DF:F8:96:4D:4B:F6:2B:53:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y7Ul4mOpWxZSBkvf-JZNS_YrUz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/bd7209-44e9-423e-84a4-b89dc4fd6ee0/1/GUsXt5ltAUsXRIxTor8qU5XY0gY.roa
Signing time:             Sun 10 Nov 2024 08:43:12 +0000
ROA not before:           Sun 10 Nov 2024 08:43:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209836
IP address blocks:        185.209.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/bd7209-44e9-423e-84a4-b89dc4fd6ee0/1/y7Ul4mOpWxZSBkvf-JZNS_YrUz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/bd7209-44e9-423e-84a4-b89dc4fd6ee0/1/y7Ul4mOpWxZSBkvf-JZNS_YrUz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y7Ul4mOpWxZSBkvf-JZNS_YrUz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:15:3d:cd:ba:2c:4c:39:e6:3a:8e:d8:8c:cb:07:a8:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbb525e263a95b1652064bdff8964d4bf62b533d
        Validity
            Not Before: Nov 10 08:43:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=194b17b7996d014b17448c53a2bf2a5395d8d206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0b:b4:c4:d8:c2:66:0a:3a:a4:69:74:c2:25:
                    16:a3:db:15:99:82:12:de:3f:56:a7:b9:d8:36:21:
                    ae:84:bc:bf:59:da:e1:b8:84:e6:7b:de:85:b7:f7:
                    ff:30:52:e0:61:52:15:c5:dd:05:d8:9d:b8:b3:b1:
                    ad:9a:d3:63:50:b9:33:76:6f:60:33:73:93:1e:75:
                    11:c0:b7:aa:76:58:60:67:b9:48:57:d0:6b:c6:fc:
                    de:53:58:34:b4:45:f4:1b:0a:6d:af:de:12:35:e2:
                    d4:38:37:bd:bb:00:58:2d:e3:1d:5b:c7:d7:1f:f3:
                    af:8b:0f:6c:35:a2:c6:4d:3b:c2:0b:a8:cc:cf:a9:
                    94:61:27:de:b4:00:06:90:48:f1:32:ee:ab:69:3c:
                    0e:fb:41:0d:70:99:9a:d6:e6:3e:a8:62:af:72:2a:
                    72:9b:79:5f:b6:47:a7:77:00:a7:c2:37:5d:7b:8f:
                    2c:75:c5:6e:3d:d6:60:dd:e5:87:ca:37:c0:21:23:
                    fc:32:4e:34:b1:65:e0:b3:bc:fb:58:e4:a1:03:6f:
                    09:d6:20:13:bf:4f:58:7d:b0:2e:35:d9:be:cb:fd:
                    70:2e:48:6b:2c:d9:ea:36:ec:0c:0c:c9:a1:71:f0:
                    59:ad:2f:72:ae:2b:15:7c:64:36:c4:98:22:c9:a2:
                    b3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:4B:17:B7:99:6D:01:4B:17:44:8C:53:A2:BF:2A:53:95:D8:D2:06
            X509v3 Authority Key Identifier:
                keyid:CB:B5:25:E2:63:A9:5B:16:52:06:4B:DF:F8:96:4D:4B:F6:2B:53:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y7Ul4mOpWxZSBkvf-JZNS_YrUz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/bd7209-44e9-423e-84a4-b89dc4fd6ee0/1/GUsXt5ltAUsXRIxTor8qU5XY0gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/bd7209-44e9-423e-84a4-b89dc4fd6ee0/1/y7Ul4mOpWxZSBkvf-JZNS_YrUz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:6d:07:89:fb:3c:0d:8e:4b:12:f9:f5:01:fc:42:72:c6:d0:
         1f:0c:6d:a8:14:69:29:d5:26:4c:41:ef:51:d7:1a:ce:39:c6:
         76:fe:fb:c4:09:c8:cc:a1:ea:8b:1b:0e:e8:eb:a8:98:5f:a5:
         e2:0d:20:52:19:bf:41:e5:b3:42:7f:cb:ec:ec:61:50:3e:ea:
         8f:4a:fc:b9:20:db:5d:0b:ac:db:09:ba:58:3b:af:fa:10:22:
         35:6a:2b:e1:c7:18:ce:ff:8a:3b:13:3b:39:be:c3:5a:85:0d:
         8a:e5:77:b0:00:e4:9d:98:5c:5b:dd:5e:ff:1c:10:1e:61:4e:
         02:60:92:da:1c:e2:ec:ae:3e:40:f6:50:3c:af:9e:0f:c3:76:
         5b:0e:43:0c:cd:5f:db:d2:ce:51:33:bb:b9:74:34:8a:7e:c6:
         a5:23:cd:b1:92:6d:f6:60:72:76:27:b5:70:10:bf:80:2b:6e:
         bc:18:c6:80:80:cb:45:e8:4d:63:a2:d1:e8:71:c3:44:71:9f:
         92:b8:a7:0c:0b:2f:0f:9a:05:c5:6a:f9:af:72:88:69:ff:87:
         0a:32:42:11:ce:af:64:8d:e3:68:54:ac:70:95:9d:d4:66:52:
         d3:8c:6e:67:92:7f:51:7a:77:d5:8d:54:e6:fa:80:ee:8e:ce:
         ad:7d:f4:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMVPc26LEw55jqO2IzLB6jHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYjUyNWUyNjNhOTViMTY1MjA2NGJkZmY4OTY0ZDRiZjYy
YjUzM2QwHhcNMjQxMTEwMDg0MzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTRiMTdiNzk5NmQwMTRiMTc0NDhjNTNhMmJmMmE1Mzk1ZDhkMjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQu0xNjCZgo6pGl0wiUWo9sVmYIS
3j9Wp7nYNiGuhLy/WdrhuITme96Ft/f/MFLgYVIVxd0F2J24s7GtmtNjULkzdm9g
M3OTHnURwLeqdlhgZ7lIV9BrxvzeU1g0tEX0Gwptr94SNeLUODe9uwBYLeMdW8fX
H/Oviw9sNaLGTTvCC6jMz6mUYSfetAAGkEjxMu6raTwO+0ENcJma1uY+qGKvcipy
m3lftkendwCnwjdde48sdcVuPdZg3eWHyjfAISP8Mk40sWXgs7z7WOShA28J1iAT
v09YfbAuNdm+y/1wLkhrLNnqNuwMDMmhcfBZrS9yrisVfGQ2xJgiyaKzSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlLF7eZbQFLF0SMU6K/KlOV2NIGMB8GA1UdIwQY
MBaAFMu1JeJjqVsWUgZL3/iWTUv2K1M9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTdVbDRtT3BXeFpTQmt2Zi1KWk5TX1lyVXowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9iZDcyMDktNDRlOS00MjNlLTg0YTQt
Yjg5ZGM0ZmQ2ZWUwLzEvR1VzWHQ1bHRBVXNYUkl4VG9yOHFVNVhZMGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9iZDcyMDktNDRlOS00MjNlLTg0YTQtYjg5ZGM0ZmQ2ZWUw
LzEveTdVbDRtT3BXeFpTQmt2Zi1KWk5TX1lyVXowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudEqMA0G
CSqGSIb3DQEBCwUAA4IBAQA7bQeJ+zwNjksS+fUB/EJyxtAfDG2oFGkp1SZMQe9R
1xrOOcZ2/vvECcjMoeqLGw7o66iYX6XiDSBSGb9B5bNCf8vs7GFQPuqPSvy5INtd
C6zbCbpYO6/6ECI1aivhxxjO/4o7Ezs5vsNahQ2K5XewAOSdmFxb3V7/HBAeYU4C
YJLaHOLsrj5A9lA8r54Pw3ZbDkMMzV/b0s5RM7u5dDSKfsalI82xkm32YHJ2J7Vw
EL+AK268GMaAgMtF6E1jotHoccNEcZ+SuKcMCy8PmgXFavmvcohp/4cKMkIRzq9k
jeNoVKxwlZ3UZlLTjG5nkn9RenfVjVTm+oDujs6tffQA
-----END CERTIFICATE-----
Generated at Tue Nov 26 22:55:14 2024 by rpki-client on console-fra.rpki-client.org