Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/RnGsv9ag7WxbJ1pYCPqG8S1oj9s.roa
File:                     RnGsv9ag7WxbJ1pYCPqG8S1oj9s.roa (raw, json)
Hash identifier:          4bY1D9SEBhn1t5/57ioddEse+Xwb88/R2aLY5uGjqfM=
Subject key identifier:   46:71:AC:BF:D6:A0:ED:6C:5B:27:5A:58:08:FA:86:F1:2D:68:8F:DB
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348AD0C81A251A189FA99314D63C648
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/RnGsv9ag7WxbJ1pYCPqG8S1oj9s.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        2a0e:d786::/32 maxlen: 32
                          2a0e:d785::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ad:0c:81:a2:51:a1:89:fa:99:31:4d:63:c6:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4671acbfd6a0ed6c5b275a5808fa86f12d688fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:81:48:30:65:24:53:79:09:21:e9:e3:cc:9e:
                    cb:d5:12:59:af:84:d6:a7:82:9f:60:c2:10:37:08:
                    2b:a7:fc:82:e9:88:f8:65:8c:5a:66:84:10:0a:25:
                    06:e2:79:c7:79:36:ae:5a:c8:25:f4:56:a6:78:a8:
                    5b:1b:20:37:05:63:6b:4a:61:4e:35:d9:8a:6b:2e:
                    72:02:63:39:43:98:7d:94:14:aa:cf:4c:b9:b2:83:
                    40:4f:56:78:dd:da:31:1e:1b:06:d0:88:29:d9:a1:
                    60:7c:95:cf:d8:7e:ec:5f:74:92:48:c7:92:21:c5:
                    1c:b1:f2:2c:b5:ad:a6:27:12:37:0a:43:82:cc:9b:
                    e7:dd:ab:05:e0:a4:01:f9:d4:fb:b2:b3:e5:ae:c6:
                    70:3d:9f:6d:57:80:d7:9e:40:c6:76:93:0c:46:7b:
                    86:75:d8:79:e3:3a:48:15:6f:16:70:db:d1:84:0c:
                    dd:f5:f6:03:72:6a:b6:07:9c:fe:46:80:4b:fa:a4:
                    2f:0f:0b:77:c5:53:53:4a:23:0c:d5:71:c5:79:c8:
                    e2:17:88:ca:ca:f0:75:6b:6e:cf:f1:18:3d:aa:04:
                    13:6d:4b:b4:59:dd:9d:87:0c:de:2e:52:89:fe:5d:
                    30:a7:81:db:1a:ed:0d:ed:3c:e4:7a:1f:2d:36:6e:
                    2c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:71:AC:BF:D6:A0:ED:6C:5B:27:5A:58:08:FA:86:F1:2D:68:8F:DB
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/RnGsv9ag7WxbJ1pYCPqG8S1oj9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d785::-2a0e:d786:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         77:f1:12:7f:ec:22:d9:01:28:01:25:c4:6f:b0:d4:44:91:d0:
         0d:95:b1:a9:90:6a:5c:eb:54:7b:d2:9a:06:ff:34:dc:90:af:
         70:2f:37:70:11:1a:12:29:73:93:12:b0:0b:e4:29:87:26:e0:
         41:f5:b0:2d:a9:f4:ea:83:e1:26:77:eb:da:f5:87:4e:c3:fe:
         2d:fb:69:28:ad:cf:91:33:9b:67:10:1c:27:d0:11:f4:7a:3f:
         2b:61:c5:64:67:be:96:1d:11:ba:9b:b6:42:97:d1:7f:8c:e7:
         08:6f:08:fe:5b:93:b6:52:9e:6a:ff:73:cb:7c:bc:84:13:79:
         f6:12:0f:ff:59:72:fe:8e:42:af:a8:ec:e3:ce:80:af:41:79:
         72:3c:b9:3a:6c:f8:ea:04:4d:77:d5:da:0e:61:e0:36:a9:a2:
         11:4b:c5:39:fe:49:51:2c:8b:fa:c3:e5:23:78:21:f7:56:2e:
         e7:27:32:4a:f0:66:51:27:65:8b:bb:ea:91:ca:f8:07:16:71:
         6d:b3:2b:71:a4:5e:28:af:9b:cd:71:eb:2f:6c:73:80:b2:a0:
         85:ec:e2:6f:25:c0:e1:50:d4:94:8d:d9:22:e0:73:ac:95:a9:
         ed:51:96:8f:d8:4e:85:e0:f1:f9:9f:e4:e3:2b:09:df:3c:ac:
         f5:01:2c:d1
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzDSK0MgaJRoYn6mTFNY8ZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjcxYWNiZmQ2YTBlZDZjNWIyNzVhNTgwOGZhODZmMTJkNjg4ZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYFIMGUkU3kJIenjzJ7L1RJZr4TW
p4KfYMIQNwgrp/yC6Yj4ZYxaZoQQCiUG4nnHeTauWsgl9FameKhbGyA3BWNrSmFO
NdmKay5yAmM5Q5h9lBSqz0y5soNAT1Z43doxHhsG0Igp2aFgfJXP2H7sX3SSSMeS
IcUcsfIsta2mJxI3CkOCzJvn3asF4KQB+dT7srPlrsZwPZ9tV4DXnkDGdpMMRnuG
ddh54zpIFW8WcNvRhAzd9fYDcmq2B5z+RoBL+qQvDwt3xVNTSiMM1XHFecjiF4jK
yvB1a27P8Rg9qgQTbUu0Wd2dhwzeLlKJ/l0wp4HbGu0N7Tzkeh8tNm4sFQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFEZxrL/WoO1sWydaWAj6hvEtaI/bMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvUm5Hc3Y5YWc3V3hiSjFwWUNQcUc4UzFvajlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqDteF
AwUAKg7XhjANBgkqhkiG9w0BAQsFAAOCAQEAd/ESf+wi2QEoASXEb7DURJHQDZWx
qZBqXOtUe9KaBv803JCvcC83cBEaEilzkxKwC+QphybgQfWwLan06oPhJnfr2vWH
TsP+LftpKK3PkTObZxAcJ9AR9Ho/K2HFZGe+lh0Rupu2QpfRf4znCG8I/luTtlKe
av9zy3y8hBN59hIP/1ly/o5Cr6js486Ar0F5cjy5Omz46gRNd9XaDmHgNqmiEUvF
Of5JUSyL+sPlI3gh91Yu5ycySvBmUSdli7vqkcr4BxZxbbMrcaReKK+bzXHrL2xz
gLKghezibyXA4VDUlI3ZIuBzrJWp7VGWj9hOheDx+Z/k4ysJ3zys9QEs0Q==
-----END CERTIFICATE-----
Generated at Fri May 10 09:22:22 2024 by rpki-client on console-ams.rpki-client.org