Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/201763-176c-4e78-9bc0-496f30ac5275/1/TFBmP2FW9mxeaeuFmA5kG5ps3ms.roa
File:                     TFBmP2FW9mxeaeuFmA5kG5ps3ms.roa (raw, json)
Hash identifier:          NhYGI3CkdR9S3ORjDyJBI9M8Vaspm49gxcta1uRsBsM=
Subject key identifier:   4C:50:66:3F:61:56:F6:6C:5E:69:EB:85:98:0E:64:1B:9A:6C:DE:6B
Certificate issuer:       /CN=88652fe652966d728a527aee6e43c485c6939f45
Certificate serial:       018CC6B7CBEA243D4A53B84AE8BC4C360B89
Authority key identifier: 88:65:2F:E6:52:96:6D:72:8A:52:7A:EE:6E:43:C4:85:C6:93:9F:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iGUv5lKWbXKKUnrubkPEhcaTn0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/201763-176c-4e78-9bc0-496f30ac5275/1/TFBmP2FW9mxeaeuFmA5kG5ps3ms.roa
Signing time:             Mon 01 Jan 2024 20:29:43 +0000
ROA not before:           Mon 01 Jan 2024 20:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29663
IP address blocks:        195.149.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/201763-176c-4e78-9bc0-496f30ac5275/1/iGUv5lKWbXKKUnrubkPEhcaTn0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/201763-176c-4e78-9bc0-496f30ac5275/1/iGUv5lKWbXKKUnrubkPEhcaTn0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iGUv5lKWbXKKUnrubkPEhcaTn0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:cb:ea:24:3d:4a:53:b8:4a:e8:bc:4c:36:0b:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88652fe652966d728a527aee6e43c485c6939f45
        Validity
            Not Before: Jan  1 20:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c50663f6156f66c5e69eb85980e641b9a6cde6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:39:5c:d2:fc:09:ce:cc:86:85:0f:f2:ef:1d:
                    78:0c:2a:4c:58:9c:49:19:fc:17:8f:b1:c6:c1:76:
                    ba:c8:3e:d8:9c:47:17:4b:c4:97:8d:3d:cf:e0:84:
                    4f:61:12:af:70:9b:cc:92:8f:35:0f:72:cb:5a:46:
                    f5:26:f7:eb:e4:ff:4c:84:bc:0f:44:f2:54:cb:db:
                    ff:37:23:04:1e:8a:c8:04:b2:b0:de:a6:05:03:64:
                    04:0d:89:44:24:43:89:37:30:54:1b:b1:7b:51:c0:
                    41:a3:cc:c5:62:c3:e4:f1:fb:69:13:7c:08:6c:1d:
                    32:f3:2d:7e:a8:59:c7:8d:b7:88:63:b7:bd:bc:dc:
                    bb:3a:7e:ad:39:35:0b:ec:51:36:c4:a4:90:12:15:
                    d2:ba:52:8e:78:7f:b2:78:a0:2e:8f:4a:ec:f1:ab:
                    d4:97:da:c6:a0:d0:0b:9d:01:84:3b:38:a8:74:11:
                    41:82:dd:02:9c:21:e5:bc:22:8b:a9:cf:46:9f:3b:
                    c7:e1:ce:45:f7:bf:f8:87:a5:9a:51:ee:1d:31:fd:
                    c9:2d:d6:39:d1:32:55:b4:2a:ce:ec:67:16:4c:28:
                    6a:aa:00:e1:a5:50:10:c3:7a:ca:bb:1d:15:2d:8a:
                    c4:db:b9:2a:5b:cd:de:e5:f4:36:8e:54:16:46:b3:
                    9d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:50:66:3F:61:56:F6:6C:5E:69:EB:85:98:0E:64:1B:9A:6C:DE:6B
            X509v3 Authority Key Identifier:
                keyid:88:65:2F:E6:52:96:6D:72:8A:52:7A:EE:6E:43:C4:85:C6:93:9F:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iGUv5lKWbXKKUnrubkPEhcaTn0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/201763-176c-4e78-9bc0-496f30ac5275/1/TFBmP2FW9mxeaeuFmA5kG5ps3ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/201763-176c-4e78-9bc0-496f30ac5275/1/iGUv5lKWbXKKUnrubkPEhcaTn0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:e6:29:99:a4:45:d2:21:8d:5c:e8:66:66:8f:b9:5c:19:00:
         dc:be:06:4a:45:8a:b3:ef:62:37:9f:c3:e7:6a:d6:11:e8:8b:
         78:65:75:42:33:0d:b9:d3:9e:f0:6e:02:ed:82:71:56:3a:93:
         5d:81:a7:bc:7c:c9:9c:10:16:f7:69:79:28:42:c3:ad:39:94:
         40:63:21:4e:b5:a4:e7:aa:5f:5a:26:c7:2b:49:47:97:36:a3:
         8e:b7:49:20:46:4b:e9:84:c3:46:94:69:26:21:01:5a:d4:bd:
         0c:8d:9b:21:f5:21:fa:e4:cd:ab:1f:de:d6:c3:f1:78:96:32:
         b7:b9:d4:11:e5:76:7c:7a:b7:27:06:fa:53:f6:f2:61:f3:18:
         c5:91:b8:3e:90:be:f3:5e:b0:3a:7d:42:11:8b:9d:d9:fd:dd:
         cf:39:d3:33:56:e8:e7:d5:67:0b:fd:09:84:eb:b8:0c:2a:75:
         64:76:13:e9:84:23:d5:9c:ac:83:98:70:2b:46:e6:8e:26:86:
         6e:0b:05:92:bf:a9:86:6f:b0:ca:54:ca:86:0a:1b:2d:28:78:
         8a:cc:08:7d:a2:d8:18:d6:dc:d6:10:c8:af:c7:63:8a:d9:f6:
         48:08:3a:3e:2f:d8:c1:81:46:5d:fd:2a:5b:40:74:fc:fe:40:
         6a:5f:f8:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt8vqJD1KU7hK6LxMNguJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NjUyZmU2NTI5NjZkNzI4YTUyN2FlZTZlNDNjNDg1YzY5
MzlmNDUwHhcNMjQwMTAxMjAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzUwNjYzZjYxNTZmNjZjNWU2OWViODU5ODBlNjQxYjlhNmNkZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTlc0vwJzsyGhQ/y7x14DCpMWJxJ
GfwXj7HGwXa6yD7YnEcXS8SXjT3P4IRPYRKvcJvMko81D3LLWkb1Jvfr5P9MhLwP
RPJUy9v/NyMEHorIBLKw3qYFA2QEDYlEJEOJNzBUG7F7UcBBo8zFYsPk8ftpE3wI
bB0y8y1+qFnHjbeIY7e9vNy7On6tOTUL7FE2xKSQEhXSulKOeH+yeKAuj0rs8avU
l9rGoNALnQGEOziodBFBgt0CnCHlvCKLqc9GnzvH4c5F97/4h6WaUe4dMf3JLdY5
0TJVtCrO7GcWTChqqgDhpVAQw3rKux0VLYrE27kqW83e5fQ2jlQWRrOd/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExQZj9hVvZsXmnrhZgOZBuabN5rMB8GA1UdIwQY
MBaAFIhlL+ZSlm1yilJ67m5DxIXGk59FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUdVdjVsS1diWEtLVW5ydWJrUEVoY2FUbjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yMDE3NjMtMTc2Yy00ZTc4LTliYzAt
NDk2ZjMwYWM1Mjc1LzEvVEZCbVAyRlc5bXhlYWV1Rm1BNWtHNXBzM21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yMDE3NjMtMTc2Yy00ZTc4LTliYzAtNDk2ZjMwYWM1Mjc1
LzEvaUdVdjVsS1diWEtLVW5ydWJrUEVoY2FUbjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5VwMA0G
CSqGSIb3DQEBCwUAA4IBAQCH5imZpEXSIY1c6GZmj7lcGQDcvgZKRYqz72I3n8Pn
atYR6It4ZXVCMw25057wbgLtgnFWOpNdgae8fMmcEBb3aXkoQsOtOZRAYyFOtaTn
ql9aJscrSUeXNqOOt0kgRkvphMNGlGkmIQFa1L0MjZsh9SH65M2rH97Ww/F4ljK3
udQR5XZ8ercnBvpT9vJh8xjFkbg+kL7zXrA6fUIRi53Z/d3POdMzVujn1WcL/QmE
67gMKnVkdhPphCPVnKyDmHArRuaOJoZuCwWSv6mGb7DKVMqGChstKHiKzAh9otgY
1tzWEMivx2OK2fZICDo+L9jBgUZd/SpbQHT8/kBqX/i9
-----END CERTIFICATE-----
Generated at Fri Jun 7 16:38:17 2024 by rpki-client on console-ams.rpki-client.org