Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/kbJi1kDtX2FJZDciblJbANLevsI.roa
File:                     kbJi1kDtX2FJZDciblJbANLevsI.roa (raw, json)
Hash identifier:          BqpIwYHCNEZvGsNxWjvYsJd0wSstKF7IKNTgbRyZe2w=
Subject key identifier:   91:B2:62:D6:40:ED:5F:61:49:64:37:22:6E:52:5B:00:D2:DE:BE:C2
Certificate issuer:       /CN=4e2a299f182a1fd51d4b0362997af7aaae0d6be9
Certificate serial:       018CC5DC01FE45E7E4D300F433670841E933
Authority key identifier: 4E:2A:29:9F:18:2A:1F:D5:1D:4B:03:62:99:7A:F7:AA:AE:0D:6B:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TiopnxgqH9UdSwNimXr3qq4Na-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/kbJi1kDtX2FJZDciblJbANLevsI.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2072
IP address blocks:        185.4.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/TiopnxgqH9UdSwNimXr3qq4Na-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/TiopnxgqH9UdSwNimXr3qq4Na-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TiopnxgqH9UdSwNimXr3qq4Na-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:01:fe:45:e7:e4:d3:00:f4:33:67:08:41:e9:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e2a299f182a1fd51d4b0362997af7aaae0d6be9
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91b262d640ed5f61496437226e525b00d2debec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a0:d6:70:06:2e:f0:1c:3c:02:23:7c:e2:2c:
                    a1:df:c8:93:66:7e:c3:ec:20:8b:4b:ed:36:89:79:
                    aa:7a:d2:c7:b5:c8:05:a8:c5:fa:da:c7:42:1a:bf:
                    ba:d7:e0:c5:d0:e9:06:17:c5:6a:97:54:4e:49:00:
                    dc:b0:24:ed:ea:4c:d3:fe:62:07:b3:2a:74:1a:2e:
                    86:d2:90:b4:d2:94:87:08:e0:65:b0:33:38:a6:1c:
                    7c:d7:8e:b3:dc:12:41:91:31:14:61:75:c8:52:8c:
                    6b:0d:c7:ed:8d:86:47:b8:e1:7b:76:8b:a2:13:57:
                    b1:ee:fd:84:bd:84:e2:65:a2:19:4e:b2:15:aa:20:
                    10:1a:74:e2:3d:92:ed:86:d0:e3:95:32:37:90:82:
                    af:3f:70:4f:a0:48:a5:87:85:8e:30:33:a1:e7:5a:
                    4f:bd:6b:ac:b0:84:d5:c6:a2:27:0b:f5:c1:58:c3:
                    01:b6:90:08:19:a3:73:3e:39:47:b7:b9:ac:0d:dc:
                    82:d5:7e:26:7b:fe:96:66:53:1e:ac:52:56:6e:fe:
                    b1:46:b7:4f:e5:8c:2e:36:b5:fa:fc:1c:b7:e7:7e:
                    9b:00:a9:24:e6:a0:b0:23:30:74:81:cd:17:50:d1:
                    d1:e4:6b:0d:08:99:1b:66:97:77:13:9b:15:12:99:
                    49:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:B2:62:D6:40:ED:5F:61:49:64:37:22:6E:52:5B:00:D2:DE:BE:C2
            X509v3 Authority Key Identifier:
                keyid:4E:2A:29:9F:18:2A:1F:D5:1D:4B:03:62:99:7A:F7:AA:AE:0D:6B:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TiopnxgqH9UdSwNimXr3qq4Na-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/kbJi1kDtX2FJZDciblJbANLevsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/TiopnxgqH9UdSwNimXr3qq4Na-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:72:f2:48:48:3d:29:f5:5f:85:66:96:b1:54:03:5c:bb:3b:
         89:6e:2d:af:1e:87:98:ce:6b:a4:47:2f:d1:0d:62:34:74:45:
         9f:89:df:d0:77:94:3b:1e:83:ad:a3:d7:69:ac:8a:78:1c:af:
         36:00:07:7d:73:c3:dd:b6:d7:ef:ee:30:ca:35:eb:49:1c:cd:
         f5:72:b6:64:b7:35:e9:b4:41:20:7e:b3:d7:2d:10:1b:9f:0f:
         06:a5:76:ed:f3:fd:81:53:d6:95:e1:72:b7:f0:db:77:ca:1d:
         a0:ca:15:ad:e1:1d:9c:43:d7:7e:d5:a2:10:35:5d:a1:85:82:
         7a:d7:4a:c0:05:05:db:f2:c1:45:71:d7:cd:17:86:c1:6c:7f:
         91:2f:4c:46:66:5f:56:2e:2b:31:1f:3f:76:ab:8b:b8:3a:e0:
         db:7f:3c:60:81:f8:e9:8a:bb:a5:ab:01:85:a3:15:19:21:2c:
         07:a6:7d:93:f1:6f:45:f6:62:fd:06:17:63:2f:03:2d:af:04:
         a8:e7:b7:b2:93:48:cf:c0:59:5c:36:66:6f:71:da:18:b6:36:
         ac:b1:88:55:88:74:44:13:43:58:25:d8:50:ab:3c:5c:ba:1e:
         de:05:c5:93:2a:da:16:de:4b:45:88:26:90:8d:a3:60:c0:50:
         7f:77:e9:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AH+Refk0wD0M2cIQekzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMmEyOTlmMTgyYTFmZDUxZDRiMDM2Mjk5N2FmN2FhYWUw
ZDZiZTkwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWIyNjJkNjQwZWQ1ZjYxNDk2NDM3MjI2ZTUyNWIwMGQyZGViZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqDWcAYu8Bw8AiN84iyh38iTZn7D
7CCLS+02iXmqetLHtcgFqMX62sdCGr+61+DF0OkGF8Vql1ROSQDcsCTt6kzT/mIH
syp0Gi6G0pC00pSHCOBlsDM4phx8146z3BJBkTEUYXXIUoxrDcftjYZHuOF7doui
E1ex7v2EvYTiZaIZTrIVqiAQGnTiPZLthtDjlTI3kIKvP3BPoEilh4WOMDOh51pP
vWussITVxqInC/XBWMMBtpAIGaNzPjlHt7msDdyC1X4me/6WZlMerFJWbv6xRrdP
5YwuNrX6/By3536bAKkk5qCwIzB0gc0XUNHR5GsNCJkbZpd3E5sVEplJHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGyYtZA7V9hSWQ3Im5SWwDS3r7CMB8GA1UdIwQY
MBaAFE4qKZ8YKh/VHUsDYpl696quDWvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGlvcG54Z3FIOVVkU3dOaW1YcjNxcTROYS1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kM2RmMjYtM2RiNS00NTM5LTgwMzAt
ZjJjZTc3ZTMxOTFlLzEva2JKaTFrRHRYMkZKWkRjaWJsSmJBTkxldnNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kM2RmMjYtM2RiNS00NTM5LTgwMzAtZjJjZTc3ZTMxOTFl
LzEvVGlvcG54Z3FIOVVkU3dOaW1YcjNxcTROYS1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQT7MA0G
CSqGSIb3DQEBCwUAA4IBAQApcvJISD0p9V+FZpaxVANcuzuJbi2vHoeYzmukRy/R
DWI0dEWfid/Qd5Q7HoOto9dprIp4HK82AAd9c8Pdttfv7jDKNetJHM31crZktzXp
tEEgfrPXLRAbnw8GpXbt8/2BU9aV4XK38Nt3yh2gyhWt4R2cQ9d+1aIQNV2hhYJ6
10rABQXb8sFFcdfNF4bBbH+RL0xGZl9WLisxHz92q4u4OuDbfzxggfjpirulqwGF
oxUZISwHpn2T8W9F9mL9BhdjLwMtrwSo57eyk0jPwFlcNmZvcdoYtjassYhViHRE
E0NYJdhQqzxcuh7eBcWTKtoW3ktFiCaQjaNgwFB/d+mY
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:48:39 2024 by rpki-client on console-fra.rpki-client.org