Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/nCze57cjIRCMGshiGLAyEq3Ponw.roa
File:                     nCze57cjIRCMGshiGLAyEq3Ponw.roa (raw, json)
Hash identifier:          LkCADmNPCgQVqXTv0TQ5t5d3IzyZ0ofPj+bUmbp5Pl8=
Subject key identifier:   9C:2C:DE:E7:B7:23:21:10:8C:1A:C8:62:18:B0:32:12:AD:CF:A2:7C
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C771BB7FF6405FA2FB195D59AE18
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/nCze57cjIRCMGshiGLAyEq3Ponw.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200131
IP address blocks:        213.109.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c7:71:bb:7f:f6:40:5f:a2:fb:19:5d:59:ae:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c2cdee7b72321108c1ac86218b03212adcfa27c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:f5:57:35:82:88:9e:99:f7:8c:6d:65:00:0d:
                    b9:87:bf:29:21:b2:67:d3:4a:c5:1c:03:20:6b:cd:
                    36:87:b3:8a:88:a1:61:18:bb:f6:dc:b1:f4:b0:6e:
                    48:63:26:29:e0:24:6a:50:c6:ad:d8:ca:b6:bf:bf:
                    4e:13:5b:89:d6:8f:c8:65:9e:43:5f:80:b6:91:20:
                    50:4f:bd:c5:f0:c6:4a:ce:15:fb:15:8f:e7:6e:fc:
                    32:f2:b4:72:25:c9:75:15:a1:64:77:b0:41:30:c1:
                    16:c2:a5:eb:53:99:c8:bf:84:13:1d:33:a4:c0:e8:
                    2a:c8:93:d9:29:7d:c9:a6:ae:1d:12:82:ff:bf:af:
                    ac:9a:87:f0:60:a4:a4:31:df:2c:ed:43:73:15:e8:
                    cc:6e:c1:1e:2f:f1:55:7f:01:5e:d6:6e:57:66:c0:
                    a9:10:6d:d3:97:39:0a:d6:e4:e5:1c:97:77:34:91:
                    ab:a2:ff:c7:00:91:ae:11:85:0d:74:61:53:ed:e4:
                    e9:7f:be:f6:be:f0:e4:31:e2:27:15:00:09:30:5e:
                    3a:08:77:f3:5b:18:c6:1a:d6:13:f4:e7:db:26:84:
                    d1:72:95:e5:c3:05:3c:b9:cb:48:09:10:12:07:4a:
                    d7:b8:56:e6:7a:bb:78:6b:cd:1f:d6:ed:79:33:80:
                    a0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:2C:DE:E7:B7:23:21:10:8C:1A:C8:62:18:B0:32:12:AD:CF:A2:7C
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/nCze57cjIRCMGshiGLAyEq3Ponw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:86:c0:f5:87:22:ca:a3:e1:29:15:ab:c8:a8:f1:6c:3e:80:
         2e:5d:50:d0:56:79:e9:e1:50:2c:d7:d8:d2:22:76:7c:ac:9c:
         2e:5d:33:5d:db:43:84:5e:6a:3d:bb:fc:0f:6f:68:a6:03:fa:
         68:62:45:9a:8d:c2:bf:12:21:31:e9:2e:92:eb:9c:fc:0c:3e:
         89:16:a5:96:f4:d0:88:c1:05:5e:e8:c2:56:b5:7f:4c:0e:77:
         14:fa:a5:a2:ac:24:8c:6e:8d:4b:b2:db:4b:c3:be:d7:6c:5c:
         5e:b5:8b:c0:dc:07:47:8d:45:a5:ef:c2:2d:a1:c1:2d:a2:32:
         2c:67:85:88:16:2a:fb:2a:9f:5d:5c:b8:35:e6:6f:70:03:3e:
         3b:60:77:6e:02:25:c2:16:b0:bd:3a:e9:a1:77:56:cf:88:c2:
         a9:9c:b0:a0:c6:f9:ae:39:8e:b5:b0:c9:c7:0b:1d:fe:3c:fa:
         0d:fa:ad:9a:4c:0c:49:5c:8b:56:69:e2:a7:ea:0c:54:e9:23:
         75:07:21:3c:65:ad:af:65:43:04:74:96:d5:f6:36:b7:57:6b:
         a1:23:c4:9d:49:f5:5a:25:af:05:cd:6b:d3:30:73:8d:c1:ed:
         d1:6b:d8:ae:c1:d2:4b:3a:e7:ab:20:97:72:95:d6:a9:15:48:
         7e:a3:f4:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMdxu3/2QF+i+xldWa4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzJjZGVlN2I3MjMyMTEwOGMxYWM4NjIxOGIwMzIxMmFkY2ZhMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PVXNYKInpn3jG1lAA25h78pIbJn
00rFHAMga802h7OKiKFhGLv23LH0sG5IYyYp4CRqUMat2Mq2v79OE1uJ1o/IZZ5D
X4C2kSBQT73F8MZKzhX7FY/nbvwy8rRyJcl1FaFkd7BBMMEWwqXrU5nIv4QTHTOk
wOgqyJPZKX3Jpq4dEoL/v6+smofwYKSkMd8s7UNzFejMbsEeL/FVfwFe1m5XZsCp
EG3TlzkK1uTlHJd3NJGrov/HAJGuEYUNdGFT7eTpf772vvDkMeInFQAJMF46CHfz
WxjGGtYT9OfbJoTRcpXlwwU8uctICRASB0rXuFbmert4a80f1u15M4CgmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJws3ue3IyEQjBrIYhiwMhKtz6J8MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvbkN6ZTU3Y2pJUkNNR3NoaUdMQXlFcTNQb253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1W2aMA0G
CSqGSIb3DQEBCwUAA4IBAQB+hsD1hyLKo+EpFavIqPFsPoAuXVDQVnnp4VAs19jS
InZ8rJwuXTNd20OEXmo9u/wPb2imA/poYkWajcK/EiEx6S6S65z8DD6JFqWW9NCI
wQVe6MJWtX9MDncU+qWirCSMbo1LsttLw77XbFxetYvA3AdHjUWl78ItocEtojIs
Z4WIFir7Kp9dXLg15m9wAz47YHduAiXCFrC9Oumhd1bPiMKpnLCgxvmuOY61sMnH
Cx3+PPoN+q2aTAxJXItWaeKn6gxU6SN1ByE8Za2vZUMEdJbV9ja3V2uhI8SdSfVa
Ja8FzWvTMHONwe3Ra9iuwdJLOuerIJdyldapFUh+o/Qn
-----END CERTIFICATE-----
Generated at Sun May 12 15:24:11 2024 by rpki-client on console-fra.rpki-client.org