Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/7e2131-db8a-4c89-b50f-d82297e945ac/1/yhbUdTNsDEhsZtbFzpHVylyaSI8.roa
File:                     yhbUdTNsDEhsZtbFzpHVylyaSI8.roa (raw, json)
Hash identifier:          ZxykO7puuZOHGdOmsjCkSxjvO7z+VfkLHmGeWcbukjQ=
Subject key identifier:   CA:16:D4:75:33:6C:0C:48:6C:66:D6:C5:CE:91:D5:CA:5C:9A:48:8F
Certificate issuer:       /CN=6ffa59013a3af03f7c96c24e68d95e181a0305a8
Certificate serial:       018CC4251D9ACFA7828FC250859519CF43A1
Authority key identifier: 6F:FA:59:01:3A:3A:F0:3F:7C:96:C2:4E:68:D9:5E:18:1A:03:05:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b_pZATo68D98lsJOaNleGBoDBag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/7e2131-db8a-4c89-b50f-d82297e945ac/1/yhbUdTNsDEhsZtbFzpHVylyaSI8.roa
Signing time:             Mon 01 Jan 2024 08:30:15 +0000
ROA not before:           Mon 01 Jan 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210222
IP address blocks:        193.176.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/7e2131-db8a-4c89-b50f-d82297e945ac/1/b_pZATo68D98lsJOaNleGBoDBag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/7e2131-db8a-4c89-b50f-d82297e945ac/1/b_pZATo68D98lsJOaNleGBoDBag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b_pZATo68D98lsJOaNleGBoDBag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1d:9a:cf:a7:82:8f:c2:50:85:95:19:cf:43:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ffa59013a3af03f7c96c24e68d95e181a0305a8
        Validity
            Not Before: Jan  1 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca16d475336c0c486c66d6c5ce91d5ca5c9a488f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:49:9c:52:69:11:37:21:c4:e4:51:44:54:bb:
                    94:55:e8:7d:72:10:fa:c3:6b:64:0e:82:58:1e:be:
                    6f:a1:47:72:16:8d:5f:35:85:69:1e:79:45:b6:a6:
                    45:32:a5:2e:9c:39:5a:e1:35:2a:3f:17:8e:5d:b7:
                    7d:39:c7:1c:42:85:7c:6b:41:01:2a:fa:c3:03:61:
                    f2:8d:4d:13:e4:4e:8b:95:a9:00:98:42:2c:48:ce:
                    7b:8d:4f:9c:87:5d:c2:5e:27:61:03:93:da:0b:92:
                    ee:13:ea:c4:9d:07:d1:a7:ad:91:53:06:f9:a4:b5:
                    0e:5a:1f:00:3e:2b:e6:73:a7:26:8d:2b:b3:c1:91:
                    91:71:fd:c2:bd:51:0d:7b:ce:e8:91:2d:0e:02:87:
                    ac:27:73:32:56:eb:af:71:32:da:d9:7e:69:40:64:
                    6b:31:4a:4f:b6:ca:70:8f:9d:d9:19:0a:55:32:76:
                    0c:3b:2e:1e:7c:2f:2f:fe:da:73:5c:bd:be:f4:48:
                    80:e1:a6:b1:72:76:84:28:18:e6:67:4f:bf:5f:46:
                    eb:f9:b6:15:fc:e7:77:d1:f6:98:98:77:09:0e:5f:
                    4c:70:1c:08:3e:be:20:4e:5a:1c:8f:bf:72:e4:2b:
                    6a:97:fa:20:ba:8b:68:fe:0d:b9:bd:6e:1d:bb:2c:
                    a1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:16:D4:75:33:6C:0C:48:6C:66:D6:C5:CE:91:D5:CA:5C:9A:48:8F
            X509v3 Authority Key Identifier:
                keyid:6F:FA:59:01:3A:3A:F0:3F:7C:96:C2:4E:68:D9:5E:18:1A:03:05:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b_pZATo68D98lsJOaNleGBoDBag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/7e2131-db8a-4c89-b50f-d82297e945ac/1/yhbUdTNsDEhsZtbFzpHVylyaSI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/7e2131-db8a-4c89-b50f-d82297e945ac/1/b_pZATo68D98lsJOaNleGBoDBag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:59:d5:71:60:74:e1:cd:bf:14:59:6e:d6:aa:cc:43:e7:f6:
         01:88:12:5d:29:96:e5:ec:47:37:70:95:f3:92:78:a2:e1:05:
         77:9d:fc:f0:f9:dd:d3:49:b7:f2:d8:e8:08:67:82:61:d9:3c:
         f9:a6:9e:d6:2d:67:3b:e5:f1:c2:d1:3c:72:d9:73:53:49:2d:
         6c:43:e2:4f:92:f4:45:b9:30:08:4f:c2:a3:db:5a:e0:be:c4:
         b5:bc:0f:56:2c:3c:ea:f4:67:01:af:03:04:88:35:bd:42:48:
         a4:3c:f9:db:84:de:00:d0:42:c3:8d:67:0a:80:fa:48:ec:b1:
         cb:96:c3:58:54:4e:65:ec:a7:d3:b6:4f:cb:b4:c4:92:b0:f3:
         f5:d7:e1:89:81:88:49:15:48:c8:0e:5f:cf:5c:6f:36:2d:a6:
         02:69:a1:31:81:1f:49:e9:92:80:a0:84:98:11:c7:14:b0:3e:
         05:9b:49:98:7b:fc:d4:a6:b8:0f:d5:f8:63:fc:b2:67:f8:3c:
         23:10:c8:24:45:1b:96:5e:db:c6:43:e1:25:77:0f:6c:7b:b5:
         01:d0:51:e9:8c:ad:4d:2b:29:c8:4c:e3:8d:2f:5f:ea:cb:bc:
         8a:35:0e:db:35:3e:30:c8:2e:6a:dd:92:98:e0:2e:04:32:74:
         88:92:83:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJR2az6eCj8JQhZUZz0OhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZmE1OTAxM2EzYWYwM2Y3Yzk2YzI0ZTY4ZDk1ZTE4MWEw
MzA1YTgwHhcNMjQwMTAxMDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTE2ZDQ3NTMzNmMwYzQ4NmM2NmQ2YzVjZTkxZDVjYTVjOWE0ODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0mcUmkRNyHE5FFEVLuUVeh9chD6
w2tkDoJYHr5voUdyFo1fNYVpHnlFtqZFMqUunDla4TUqPxeOXbd9OcccQoV8a0EB
KvrDA2HyjU0T5E6LlakAmEIsSM57jU+ch13CXidhA5PaC5LuE+rEnQfRp62RUwb5
pLUOWh8APivmc6cmjSuzwZGRcf3CvVENe87okS0OAoesJ3MyVuuvcTLa2X5pQGRr
MUpPtspwj53ZGQpVMnYMOy4efC8v/tpzXL2+9EiA4aaxcnaEKBjmZ0+/X0br+bYV
/Od30faYmHcJDl9McBwIPr4gTlocj79y5Ctql/oguoto/g25vW4duyyhHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoW1HUzbAxIbGbWxc6R1cpcmkiPMB8GA1UdIwQY
MBaAFG/6WQE6OvA/fJbCTmjZXhgaAwWoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYl9wWkFUbzY4RDk4bHNKT2FObGVHQm9EQmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC83ZTIxMzEtZGI4YS00Yzg5LWI1MGYt
ZDgyMjk3ZTk0NWFjLzEveWhiVWRUTnNERWhzWnRiRnpwSFZ5bHlhU0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC83ZTIxMzEtZGI4YS00Yzg5LWI1MGYtZDgyMjk3ZTk0NWFj
LzEvYl9wWkFUbzY4RDk4bHNKT2FObGVHQm9EQmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwbAYMA0G
CSqGSIb3DQEBCwUAA4IBAQAaWdVxYHThzb8UWW7WqsxD5/YBiBJdKZbl7Ec3cJXz
knii4QV3nfzw+d3TSbfy2OgIZ4Jh2Tz5pp7WLWc75fHC0Txy2XNTSS1sQ+JPkvRF
uTAIT8Kj21rgvsS1vA9WLDzq9GcBrwMEiDW9QkikPPnbhN4A0ELDjWcKgPpI7LHL
lsNYVE5l7KfTtk/LtMSSsPP11+GJgYhJFUjIDl/PXG82LaYCaaExgR9J6ZKAoISY
EccUsD4Fm0mYe/zUprgP1fhj/LJn+DwjEMgkRRuWXtvGQ+Eldw9se7UB0FHpjK1N
KynITOONL1/qy7yKNQ7bNT4wyC5q3ZKY4C4EMnSIkoO/
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:07:02 2024 by rpki-client on console-fra.rpki-client.org