Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2tjKzComP4qURpWOWM5j0mQdhnw.roa
File:                     2tjKzComP4qURpWOWM5j0mQdhnw.roa (raw, json)
Hash identifier:          NVcIxCn+3ND7MpgWM9iSskYctqNWyw5htVcX+WRLttM=
Subject key identifier:   DA:D8:CA:CC:2A:26:3F:8A:94:46:95:8E:58:CE:63:D2:64:1D:86:7C
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC79440B8CD62B038EC2CBD44CD252720
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2tjKzComP4qURpWOWM5j0mQdhnw.roa
Signing time:             Tue 02 Jan 2024 00:30:31 +0000
ROA not before:           Tue 02 Jan 2024 00:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13517
IP address blocks:        212.222.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 01:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:40:b8:cd:62:b0:38:ec:2c:bd:44:cd:25:27:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dad8cacc2a263f8a9446958e58ce63d2641d867c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:04:f7:6d:1b:6f:50:5a:28:3c:14:13:e3:8e:
                    44:bc:39:1b:0b:08:5f:3e:5f:89:4b:4e:20:96:b6:
                    b9:09:ed:80:31:04:19:1a:f4:bc:d4:32:22:17:95:
                    b5:e8:57:75:6f:25:09:b8:ad:f5:47:af:5d:37:98:
                    1c:91:dc:3c:89:35:3c:25:ee:a8:0d:4c:52:52:2e:
                    56:d5:52:0f:89:af:af:1a:9b:e3:11:a6:32:e1:32:
                    34:fc:34:71:63:4f:73:00:f4:6f:5c:4e:8a:a3:21:
                    e9:78:fa:df:d3:29:ee:b3:1d:86:ef:a9:1f:dd:16:
                    28:00:e2:cf:de:a1:d3:96:44:40:fd:72:b6:45:9b:
                    4d:63:67:6b:5e:db:73:5f:36:84:06:e3:1d:14:37:
                    20:57:26:6c:ff:22:99:43:34:b7:1f:5d:b2:0f:bf:
                    89:3c:71:21:c2:b9:4a:a8:8b:cc:41:b2:4e:c2:1c:
                    6a:26:44:89:22:6c:75:02:83:2c:c4:ce:01:8a:33:
                    3d:ff:db:93:ff:65:fa:05:fe:70:71:19:28:c8:e7:
                    f1:52:c2:07:05:11:46:c4:8e:a3:65:f0:08:3e:c5:
                    33:5d:40:62:33:1a:48:dc:9b:5c:66:9b:41:0b:c6:
                    e6:18:63:82:d6:6d:da:ce:b8:67:d6:75:a4:20:7d:
                    c9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D8:CA:CC:2A:26:3F:8A:94:46:95:8E:58:CE:63:D2:64:1D:86:7C
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2tjKzComP4qURpWOWM5j0mQdhnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.222.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:b0:d5:e5:f3:bf:2b:bb:00:58:9e:59:61:08:c7:be:fa:47:
         b1:44:7a:ca:06:87:47:2c:e9:5d:30:5e:15:c8:b3:3d:40:e2:
         8f:3f:60:18:2e:7a:17:be:df:f3:b8:0e:e5:01:22:6d:04:d1:
         d9:ca:21:2c:53:c5:1b:e3:87:53:8c:f7:63:48:af:2d:15:66:
         37:bf:08:2e:53:88:cd:4d:86:13:96:63:8f:cd:ea:ca:0b:22:
         ef:12:96:69:8e:24:de:27:2f:bf:89:35:43:9d:37:2a:22:86:
         a0:ef:e6:3b:de:02:f7:93:3d:7f:9b:7d:9e:ce:18:c7:48:74:
         43:2d:14:67:57:9a:1c:f3:63:a2:0f:f1:4c:21:81:4b:3f:81:
         b6:6e:87:26:24:ca:b6:5d:ed:09:92:a2:96:72:bf:ee:c4:13:
         a1:7e:40:91:cc:67:bd:90:b9:ed:f3:4e:6b:d8:8e:e0:a1:97:
         98:d1:dc:5d:e0:6d:f2:65:c2:65:dd:32:7c:eb:d1:56:d2:81:
         72:2a:c3:4d:0f:c9:88:2a:db:6b:94:0a:65:25:12:a4:5d:eb:
         dc:67:47:af:16:86:b1:7e:34:1a:3d:34:4d:22:bf:ff:99:60:
         54:41:37:9d:3d:65:1a:bb:ff:7c:ca:d3:6e:c9:85:87:11:ac:
         f2:36:2c:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEC4zWKwOOwsvUTNJScgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQ4Y2FjYzJhMjYzZjhhOTQ0Njk1OGU1OGNlNjNkMjY0MWQ4NjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgT3bRtvUFooPBQT445EvDkbCwhf
Pl+JS04glra5Ce2AMQQZGvS81DIiF5W16Fd1byUJuK31R69dN5gckdw8iTU8Je6o
DUxSUi5W1VIPia+vGpvjEaYy4TI0/DRxY09zAPRvXE6KoyHpePrf0ynusx2G76kf
3RYoAOLP3qHTlkRA/XK2RZtNY2drXttzXzaEBuMdFDcgVyZs/yKZQzS3H12yD7+J
PHEhwrlKqIvMQbJOwhxqJkSJImx1AoMsxM4BijM9/9uT/2X6Bf5wcRkoyOfxUsIH
BRFGxI6jZfAIPsUzXUBiMxpI3JtcZptBC8bmGGOC1m3azrhn1nWkIH3JZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrYyswqJj+KlEaVjljOY9JkHYZ8MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMnRqS3pDb21QNHFVUnBXT1dNNWowbVFkaG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1N4NMA0G
CSqGSIb3DQEBCwUAA4IBAQBSsNXl878ruwBYnllhCMe++kexRHrKBodHLOldMF4V
yLM9QOKPP2AYLnoXvt/zuA7lASJtBNHZyiEsU8Ub44dTjPdjSK8tFWY3vwguU4jN
TYYTlmOPzerKCyLvEpZpjiTeJy+/iTVDnTcqIoag7+Y73gL3kz1/m32ezhjHSHRD
LRRnV5oc82OiD/FMIYFLP4G2bocmJMq2Xe0JkqKWcr/uxBOhfkCRzGe9kLnt805r
2I7goZeY0dxd4G3yZcJl3TJ869FW0oFyKsNND8mIKttrlAplJRKkXevcZ0evFoax
fjQaPTRNIr//mWBUQTedPWUau/98ytNuyYWHEazyNixB
-----END CERTIFICATE-----
Generated at Wed May 29 11:05:40 2024 by rpki-client on console-ams.rpki-client.org