Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7979b2-c3d9-4f33-a09f-49591afe17f0/1/31fTMtBKcrondtlmp6zV9jF5WDM.roa
File:                     31fTMtBKcrondtlmp6zV9jF5WDM.roa (raw, json)
Hash identifier:          t52cCQb6p+ugrjwpu2wSh76zmJVoTwCewADrmdkg8RU=
Subject key identifier:   DF:57:D3:32:D0:4A:72:BA:27:76:D9:66:A7:AC:D5:F6:31:79:58:33
Certificate issuer:       /CN=8eee7a3ad152bb8725a7db9bb7520804b6f1155f
Certificate serial:       018CC26D6FCBADF40112C8AD1BE50E4C3015
Authority key identifier: 8E:EE:7A:3A:D1:52:BB:87:25:A7:DB:9B:B7:52:08:04:B6:F1:15:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ju56OtFSu4clp9ubt1IIBLbxFV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7979b2-c3d9-4f33-a09f-49591afe17f0/1/31fTMtBKcrondtlmp6zV9jF5WDM.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        185.228.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7979b2-c3d9-4f33-a09f-49591afe17f0/1/ju56OtFSu4clp9ubt1IIBLbxFV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7979b2-c3d9-4f33-a09f-49591afe17f0/1/ju56OtFSu4clp9ubt1IIBLbxFV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ju56OtFSu4clp9ubt1IIBLbxFV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6f:cb:ad:f4:01:12:c8:ad:1b:e5:0e:4c:30:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eee7a3ad152bb8725a7db9bb7520804b6f1155f
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df57d332d04a72ba2776d966a7acd5f631795833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:53:54:c0:91:09:b2:e2:69:01:2b:ad:4b:47:
                    ee:65:f4:b4:dc:e4:13:b1:3b:52:cd:2b:44:bd:4a:
                    60:7f:e2:c0:61:0e:00:77:35:f8:a8:fa:b5:9e:90:
                    2f:6f:27:ae:75:51:0f:fe:ac:33:85:d4:e1:fa:8f:
                    0b:21:91:b2:cf:f1:b8:b4:c3:63:58:ac:27:78:bf:
                    83:cc:3f:12:cd:c9:94:78:73:8c:6a:94:8e:4f:b9:
                    0c:b4:86:0f:6a:03:cb:d8:8c:14:63:40:09:10:be:
                    46:fd:cb:59:6d:e5:9f:26:15:1d:98:56:6d:ed:27:
                    03:df:c6:c0:95:f7:c4:ce:3f:b6:6a:ba:fa:f5:d6:
                    ec:79:ed:35:cf:28:b9:01:9e:61:77:6a:3a:90:d5:
                    29:e9:10:45:d6:64:c7:45:e8:d3:2c:0a:72:b1:b2:
                    04:4f:78:cd:ce:bd:ce:dc:e8:56:95:12:21:e9:58:
                    42:20:8b:a9:d4:1d:17:da:2e:6c:15:99:f7:b8:c4:
                    14:ce:d3:28:d1:d5:08:b2:b8:c1:8a:5d:c8:9d:52:
                    07:82:d2:f4:a0:b0:ab:12:ae:42:fa:c8:31:29:6a:
                    74:a0:30:9e:12:b7:f5:dd:79:be:14:c2:67:8d:8e:
                    d4:b5:3d:c4:ae:7d:5c:64:52:bd:a6:8f:f4:99:99:
                    d0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:57:D3:32:D0:4A:72:BA:27:76:D9:66:A7:AC:D5:F6:31:79:58:33
            X509v3 Authority Key Identifier:
                keyid:8E:EE:7A:3A:D1:52:BB:87:25:A7:DB:9B:B7:52:08:04:B6:F1:15:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ju56OtFSu4clp9ubt1IIBLbxFV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7979b2-c3d9-4f33-a09f-49591afe17f0/1/31fTMtBKcrondtlmp6zV9jF5WDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7979b2-c3d9-4f33-a09f-49591afe17f0/1/ju56OtFSu4clp9ubt1IIBLbxFV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:18:9c:bb:b7:ae:5b:04:9d:6c:0b:26:e5:6e:48:94:f9:df:
         bf:8e:28:af:fe:6b:19:df:b3:a7:78:5a:06:1e:05:43:5e:a4:
         86:dd:29:b6:cb:be:f6:20:74:45:2f:c2:5f:82:b1:c8:a4:bc:
         e4:de:be:0c:c9:c8:2a:73:80:06:12:0a:7b:62:43:7a:fe:1d:
         5c:e9:88:42:33:5f:3f:2c:4f:1f:5e:2a:31:ca:09:2b:b6:56:
         75:a5:3a:2f:65:43:c0:5b:14:01:af:ed:92:00:e9:8c:8d:51:
         bd:e9:b2:6c:4c:0a:31:fa:cb:95:0f:37:12:e8:2b:c8:62:62:
         00:5e:62:84:61:9d:ce:1d:3c:da:25:e8:d9:77:55:68:36:20:
         1f:47:a5:f8:4b:5e:95:3e:dd:f0:35:51:71:7d:41:fc:09:90:
         a6:92:4f:97:4d:ca:9f:ba:a5:f0:b3:55:39:eb:82:70:0e:8f:
         f9:78:2a:9e:b5:1e:f3:02:1e:c2:8b:83:b9:c5:0d:48:ff:4f:
         9f:81:bd:aa:92:16:b5:c1:38:8b:cc:2c:a6:25:d2:48:47:6f:
         5b:18:f4:38:f1:34:8b:fc:63:89:8c:46:f9:3c:df:85:b1:17:
         10:7d:3f:70:5b:cb:ab:02:50:1d:4a:95:30:49:66:92:94:0b:
         1c:dd:6e:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbW/LrfQBEsitG+UOTDAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZWU3YTNhZDE1MmJiODcyNWE3ZGI5YmI3NTIwODA0YjZm
MTE1NWYwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjU3ZDMzMmQwNGE3MmJhMjc3NmQ5NjZhN2FjZDVmNjMxNzk1ODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1NUwJEJsuJpASutS0fuZfS03OQT
sTtSzStEvUpgf+LAYQ4AdzX4qPq1npAvbyeudVEP/qwzhdTh+o8LIZGyz/G4tMNj
WKwneL+DzD8SzcmUeHOMapSOT7kMtIYPagPL2IwUY0AJEL5G/ctZbeWfJhUdmFZt
7ScD38bAlffEzj+2arr69dbsee01zyi5AZ5hd2o6kNUp6RBF1mTHRejTLApysbIE
T3jNzr3O3OhWlRIh6VhCIIup1B0X2i5sFZn3uMQUztMo0dUIsrjBil3InVIHgtL0
oLCrEq5C+sgxKWp0oDCeErf13Xm+FMJnjY7UtT3Ern1cZFK9po/0mZnQ3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9X0zLQSnK6J3bZZqes1fYxeVgzMB8GA1UdIwQY
MBaAFI7uejrRUruHJafbm7dSCAS28RVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanU1Nk90RlN1NGNscDl1YnQxSUlCTGJ4RlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83OTc5YjItYzNkOS00ZjMzLWEwOWYt
NDk1OTFhZmUxN2YwLzEvMzFmVE10Qktjcm9uZHRsbXA2elY5akY1V0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83OTc5YjItYzNkOS00ZjMzLWEwOWYtNDk1OTFhZmUxN2Yw
LzEvanU1Nk90RlN1NGNscDl1YnQxSUlCTGJ4RlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueTzMA0G
CSqGSIb3DQEBCwUAA4IBAQBzGJy7t65bBJ1sCyblbkiU+d+/jiiv/msZ37OneFoG
HgVDXqSG3Sm2y772IHRFL8JfgrHIpLzk3r4Mycgqc4AGEgp7YkN6/h1c6YhCM18/
LE8fXioxygkrtlZ1pTovZUPAWxQBr+2SAOmMjVG96bJsTAox+suVDzcS6CvIYmIA
XmKEYZ3OHTzaJejZd1VoNiAfR6X4S16VPt3wNVFxfUH8CZCmkk+XTcqfuqXws1U5
64JwDo/5eCqetR7zAh7Ci4O5xQ1I/0+fgb2qkha1wTiLzCymJdJIR29bGPQ48TSL
/GOJjEb5PN+FsRcQfT9wW8urAlAdSpUwSWaSlAsc3W6q
-----END CERTIFICATE-----
Generated at Wed May 8 10:15:07 2024 by rpki-client on console-fra.rpki-client.org