Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/7zAn1vWlt1tNqbbrPVdptBjOHJw.roa
File:                     7zAn1vWlt1tNqbbrPVdptBjOHJw.roa (raw, json)
Hash identifier:          3SgMD/a5lXvcOcSnfwK2/xT1v/rB+kX4VzpyJK6yaT4=
Subject key identifier:   EF:30:27:D6:F5:A5:B7:5B:4D:A9:B6:EB:3D:57:69:B4:18:CE:1C:9C
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       018E003D692EADA39AC5D2FC8FF649BE9F44
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/7zAn1vWlt1tNqbbrPVdptBjOHJw.roa
Signing time:             Sat 02 Mar 2024 17:36:48 +0000
ROA not before:           Sat 02 Mar 2024 17:36:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12676
IP address blocks:        185.87.21.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:00:3d:69:2e:ad:a3:9a:c5:d2:fc:8f:f6:49:be:9f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Mar  2 17:36:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef3027d6f5a5b75b4da9b6eb3d5769b418ce1c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2f:34:b2:f2:42:6c:1b:f9:01:ad:a3:48:c0:
                    74:2e:0b:37:4c:b4:29:80:73:11:38:72:32:05:34:
                    6a:fd:0a:bd:59:8b:a0:fc:31:0d:d2:f4:b3:d1:3e:
                    3a:d6:30:c7:6c:0d:34:43:e7:d5:8f:be:a9:20:7a:
                    78:ac:67:40:25:8f:f7:21:0c:49:16:e4:2f:51:37:
                    0e:47:5c:28:3a:0a:43:e3:07:8b:70:8e:bc:1b:a3:
                    b9:85:0e:22:49:a9:0e:52:1a:26:a5:c2:f5:9a:5b:
                    bc:11:21:6a:17:61:40:90:8e:39:51:61:7e:7a:0e:
                    f5:0e:2a:90:0b:0f:7b:c6:e1:25:e9:14:7d:db:55:
                    10:4c:01:eb:24:9a:26:a3:97:56:02:8c:16:41:fd:
                    97:69:16:ae:92:f2:d4:ff:6e:85:2b:33:1f:19:f8:
                    8c:2d:31:1c:8e:1f:51:ca:d7:69:18:2f:cd:e9:00:
                    63:44:29:34:44:0a:ea:ba:d2:fc:54:ec:01:a9:8a:
                    51:3a:0c:f6:f9:e2:74:40:bc:d4:ce:20:4b:2a:e4:
                    11:ce:99:04:37:5b:ab:06:9a:ec:9c:b2:cf:ce:bf:
                    1d:18:9c:41:d9:de:3e:45:a6:12:d0:f1:63:25:11:
                    8c:6b:bc:ea:4a:66:94:ae:f7:f1:37:30:90:ba:03:
                    91:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:30:27:D6:F5:A5:B7:5B:4D:A9:B6:EB:3D:57:69:B4:18:CE:1C:9C
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/7zAn1vWlt1tNqbbrPVdptBjOHJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:40:b8:8b:5e:95:f9:05:15:3a:36:ab:05:ca:bf:c2:63:9b:
         69:80:19:9b:0f:18:7b:a4:45:fb:d6:da:2c:d1:58:b0:0d:4f:
         1c:a5:ef:b0:6b:65:07:be:0d:c4:c3:56:c8:5d:fd:d5:1f:c7:
         ed:5e:0e:4f:fa:36:f1:ef:85:d9:7f:d6:b2:4d:9a:a9:1e:7f:
         75:1a:83:9b:19:16:46:6e:5b:de:20:82:6a:02:c9:b4:b2:d0:
         64:1c:96:3b:72:ca:3a:85:f1:89:52:de:4c:95:ec:f5:54:11:
         8b:aa:fe:69:5f:e1:52:2f:c9:36:cf:79:a1:54:cd:f8:14:88:
         38:48:17:e9:3b:76:14:af:2c:cc:b0:6c:a6:b2:89:40:1d:a8:
         1b:c2:ca:79:70:00:b8:2d:7b:1a:45:9d:6a:5e:a4:e6:e1:a9:
         24:db:80:e5:1b:2a:9d:ff:7b:51:5d:e4:c4:04:7b:45:4a:b6:
         16:a0:39:c3:08:5b:79:a1:13:bc:cb:10:cd:19:07:97:ed:dd:
         d0:cd:9b:c2:5d:5c:fe:b9:2c:22:8e:02:73:f1:60:83:61:ee:
         37:38:e0:bc:eb:4a:6e:d9:3c:b0:61:02:5c:29:3e:a3:d1:e6:
         49:65:36:08:b3:03:bc:62:ef:4d:ec:9b:67:c1:4a:05:15:15:
         17:61:c6:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4APWkuraOaxdL8j/ZJvp9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMzc2YzgwMDhkNmFiZDk2MjM0MTU2M2RkMmE0ZGNjYWYx
NTNjYmEwHhcNMjQwMzAyMTczNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjMwMjdkNmY1YTViNzViNGRhOWI2ZWIzZDU3NjliNDE4Y2UxYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli80svJCbBv5Aa2jSMB0Lgs3TLQp
gHMROHIyBTRq/Qq9WYug/DEN0vSz0T461jDHbA00Q+fVj76pIHp4rGdAJY/3IQxJ
FuQvUTcOR1woOgpD4weLcI68G6O5hQ4iSakOUhompcL1mlu8ESFqF2FAkI45UWF+
eg71DiqQCw97xuEl6RR921UQTAHrJJomo5dWAowWQf2XaRaukvLU/26FKzMfGfiM
LTEcjh9RytdpGC/N6QBjRCk0RArqutL8VOwBqYpROgz2+eJ0QLzUziBLKuQRzpkE
N1urBprsnLLPzr8dGJxB2d4+RaYS0PFjJRGMa7zqSmaUrvfxNzCQugORXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8wJ9b1pbdbTam26z1XabQYzhycMB8GA1UdIwQY
MBaAFFo3bIAI1qvZYjQVY90qTcyvFTy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEt
NjViZTU1MDMxNjVkLzEvN3pBbjF2V2x0MXROcWJiclBWZHB0QmpPSEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEtNjViZTU1MDMxNjVk
LzEvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVcVMA0G
CSqGSIb3DQEBCwUAA4IBAQCGQLiLXpX5BRU6NqsFyr/CY5tpgBmbDxh7pEX71tos
0ViwDU8cpe+wa2UHvg3Ew1bIXf3VH8ftXg5P+jbx74XZf9ayTZqpHn91GoObGRZG
blveIIJqAsm0stBkHJY7cso6hfGJUt5Mlez1VBGLqv5pX+FSL8k2z3mhVM34FIg4
SBfpO3YUryzMsGymsolAHagbwsp5cAC4LXsaRZ1qXqTm4akk24DlGyqd/3tRXeTE
BHtFSrYWoDnDCFt5oRO8yxDNGQeX7d3QzZvCXVz+uSwijgJz8WCDYe43OOC860pu
2TywYQJcKT6j0eZJZTYIswO8Yu9N7JtnwUoFFRUXYcZv
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:23:33 2024 by rpki-client on console-ams.rpki-client.org