Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/2rNzZMm3INs3ag552XvlxKkgsEA.roa
File:                     2rNzZMm3INs3ag552XvlxKkgsEA.roa (raw, json)
Hash identifier:          rXgG+DRcB2ter41Rh6MQzi6NzNIXCAXcCRzWcNp6m8A=
Subject key identifier:   DA:B3:73:64:C9:B7:20:DB:37:6A:0E:79:D9:7B:E5:C4:A9:20:B0:40
Certificate issuer:       /CN=d5d1cd47a53ef57ebb567bc882ad2986faac5f0d
Certificate serial:       018CC8014BEE5B559440442B8791B990A5E9
Authority key identifier: D5:D1:CD:47:A5:3E:F5:7E:BB:56:7B:C8:82:AD:29:86:FA:AC:5F:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/2rNzZMm3INs3ag552XvlxKkgsEA.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201916
IP address blocks:        185.59.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4b:ee:5b:55:94:40:44:2b:87:91:b9:90:a5:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5d1cd47a53ef57ebb567bc882ad2986faac5f0d
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dab37364c9b720db376a0e79d97be5c4a920b040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:98:b5:0f:aa:2b:d3:29:b3:8c:40:b5:3a:d6:
                    2b:bc:1b:41:0a:52:71:68:05:68:d2:6c:23:ea:41:
                    aa:f5:0e:57:1f:5b:11:d3:d8:6b:64:2f:9b:56:fc:
                    c8:0c:53:59:eb:ff:3e:51:e8:cd:b9:a2:3c:69:f8:
                    fa:6d:a2:3c:a9:b9:c0:c4:93:c7:83:16:bf:f8:4c:
                    75:31:c5:f0:4c:f7:db:4d:46:a9:1e:46:d0:d5:95:
                    ca:99:2c:bb:89:f6:97:47:3a:2f:19:cc:f9:f5:c9:
                    df:8c:86:8e:f0:0c:d5:bd:be:14:98:1c:39:1a:f7:
                    25:8e:68:d2:c4:c0:ba:2d:39:87:c8:55:74:b2:40:
                    c4:51:c6:6e:9e:c0:81:1a:15:9a:3f:a1:bf:07:ff:
                    99:79:19:ce:35:7d:08:b4:99:82:9b:de:13:41:02:
                    72:a3:c3:d3:37:61:7c:c3:2e:33:4d:99:0e:3e:5c:
                    b9:72:02:93:2f:a8:c4:d2:55:82:31:fa:98:46:12:
                    1c:13:a1:dc:7b:02:45:56:c6:71:82:3b:cf:7b:5b:
                    b7:a3:e1:da:f4:c9:6d:79:f9:69:5c:fe:af:97:17:
                    cf:26:fc:2c:d3:e5:4f:95:ad:62:51:7a:28:0a:9f:
                    7a:fc:24:48:2f:14:06:59:9c:ea:2d:da:8b:2f:2c:
                    38:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:B3:73:64:C9:B7:20:DB:37:6A:0E:79:D9:7B:E5:C4:A9:20:B0:40
            X509v3 Authority Key Identifier:
                keyid:D5:D1:CD:47:A5:3E:F5:7E:BB:56:7B:C8:82:AD:29:86:FA:AC:5F:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/2rNzZMm3INs3ag552XvlxKkgsEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:9d:12:c2:aa:7c:9f:12:0f:83:b1:ff:89:61:e8:e2:3f:83:
         b3:eb:8b:be:00:b2:e0:f2:a7:c1:04:28:09:d0:dc:b9:97:f5:
         29:4e:8c:a1:22:f1:5a:82:f6:2e:68:2a:fb:2d:51:a2:a3:20:
         c2:14:1d:73:c7:13:4e:e5:55:72:97:a1:05:dd:58:31:f5:5a:
         5e:8c:bf:0a:1f:e2:09:e3:0f:dc:d0:9a:98:e1:d2:07:c9:e4:
         d6:bd:dd:b6:22:24:a6:9f:83:db:c2:92:5d:52:ff:b9:df:77:
         7b:57:c2:5b:4f:43:c1:fa:d1:43:64:88:9c:57:3d:63:d0:54:
         3d:17:0c:41:59:17:07:72:93:b7:74:f2:99:0a:c1:4a:0c:72:
         f8:2d:a4:6e:bd:48:9d:ac:56:dd:64:ea:b4:2a:ae:be:c0:81:
         cd:62:7d:38:14:c3:ac:f1:24:fd:ab:ef:a6:05:f8:d4:c6:b2:
         47:a9:c6:81:dc:d6:c2:26:f9:f1:3f:28:07:bf:a9:de:ce:ab:
         cf:62:db:49:eb:02:d4:8e:87:59:c7:44:17:1e:5b:f7:97:1e:
         1d:f1:1c:cc:e0:35:44:c7:7f:ec:0c:40:05:1a:74:18:4c:e6:
         18:37:85:9c:06:78:0a:69:c8:15:72:c1:57:3e:ea:49:b2:87:
         8f:db:eb:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUvuW1WUQEQrh5G5kKXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZDFjZDQ3YTUzZWY1N2ViYjU2N2JjODgyYWQyOTg2ZmFh
YzVmMGQwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWIzNzM2NGM5YjcyMGRiMzc2YTBlNzlkOTdiZTVjNGE5MjBiMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5i1D6or0ymzjEC1OtYrvBtBClJx
aAVo0mwj6kGq9Q5XH1sR09hrZC+bVvzIDFNZ6/8+UejNuaI8afj6baI8qbnAxJPH
gxa/+Ex1McXwTPfbTUapHkbQ1ZXKmSy7ifaXRzovGcz59cnfjIaO8AzVvb4UmBw5
GvcljmjSxMC6LTmHyFV0skDEUcZunsCBGhWaP6G/B/+ZeRnONX0ItJmCm94TQQJy
o8PTN2F8wy4zTZkOPly5cgKTL6jE0lWCMfqYRhIcE6HcewJFVsZxgjvPe1u3o+Ha
9MlteflpXP6vlxfPJvws0+VPla1iUXooCp96/CRILxQGWZzqLdqLLyw47QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqzc2TJtyDbN2oOedl75cSpILBAMB8GA1UdIwQY
MBaAFNXRzUelPvV+u1Z7yIKtKYb6rF8NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWRITlI2VS05WDY3Vm52SWdxMHBodnFzWHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84NjE5NTMtNWY2NS00NDY1LTkwNDYt
ZjRkMDcxZjUwZjFkLzEvMnJOelpNbTNJTnMzYWc1NTJYdmx4S2tnc0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84NjE5NTMtNWY2NS00NDY1LTkwNDYtZjRkMDcxZjUwZjFk
LzEvMWRITlI2VS05WDY3Vm52SWdxMHBodnFzWHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTvYMA0G
CSqGSIb3DQEBCwUAA4IBAQAtnRLCqnyfEg+Dsf+JYejiP4Oz64u+ALLg8qfBBCgJ
0Ny5l/UpToyhIvFagvYuaCr7LVGioyDCFB1zxxNO5VVyl6EF3Vgx9VpejL8KH+IJ
4w/c0JqY4dIHyeTWvd22IiSmn4PbwpJdUv+533d7V8JbT0PB+tFDZIicVz1j0FQ9
FwxBWRcHcpO3dPKZCsFKDHL4LaRuvUidrFbdZOq0Kq6+wIHNYn04FMOs8ST9q++m
BfjUxrJHqcaB3NbCJvnxPygHv6nezqvPYttJ6wLUjodZx0QXHlv3lx4d8RzM4DVE
x3/sDEAFGnQYTOYYN4WcBngKacgVcsFXPupJsoeP2+uY
-----END CERTIFICATE-----
Generated at Thu May 9 20:41:09 2024 by rpki-client on console-ams.rpki-client.org