Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/lCy-FhBsqCJbMoXwguQxuOMMLo0.roa
File:                     lCy-FhBsqCJbMoXwguQxuOMMLo0.roa (raw, json)
Hash identifier:          XLCCftB8y2vyNunp/dlW6/gtszKNO9Ob7OGcXxXWXM0=
Subject key identifier:   94:2C:BE:16:10:6C:A8:22:5B:32:85:F0:82:E4:31:B8:E3:0C:2E:8D
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DADBDAB265E46C607ED8E819B3EC5
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/lCy-FhBsqCJbMoXwguQxuOMMLo0.roa
Signing time:             Tue 02 Jan 2024 08:32:40 +0000
ROA not before:           Tue 02 Jan 2024 08:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60397
IP address blocks:        84.236.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ad:bd:ab:26:5e:46:c6:07:ed:8e:81:9b:3e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=942cbe16106ca8225b3285f082e431b8e30c2e8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fc:f7:77:77:dc:be:d7:ef:a6:06:66:03:d9:
                    1e:e8:b9:1b:4f:01:74:be:54:69:2a:b7:b0:b6:e5:
                    df:9f:66:33:d0:36:a0:f6:de:c9:c8:2b:ed:dd:23:
                    19:f6:96:74:0b:04:ac:d4:6f:0d:ce:d8:a5:12:fe:
                    c0:18:1f:67:c1:a0:34:97:ac:f1:d9:34:1d:04:00:
                    b5:45:5d:08:3a:e5:3d:3a:c4:87:48:31:d5:b5:d6:
                    71:77:5c:cc:5b:59:6a:bd:16:cd:be:1e:98:ce:e8:
                    8c:c2:7a:39:7a:a7:e0:4b:d4:a8:84:a6:6f:b6:40:
                    2c:0e:d5:39:c8:b6:0c:53:68:84:2e:1a:2b:98:09:
                    26:79:68:59:15:85:91:2d:2d:84:9b:a0:07:b4:fd:
                    66:bd:9f:35:06:1a:70:d3:de:b7:be:20:32:cb:b5:
                    45:e5:fd:ce:42:b1:31:4a:f2:2b:7c:83:f9:e4:46:
                    64:ec:85:f7:33:a4:23:d3:16:85:73:f7:56:18:9f:
                    82:3a:fb:47:aa:6a:59:92:3a:4e:2a:a2:05:4f:39:
                    0e:11:91:80:05:e9:8b:0c:e8:7d:7a:be:bb:b8:85:
                    a4:13:7f:12:6d:ec:02:cf:36:79:2f:1e:6c:5a:2a:
                    32:5f:c1:45:5d:24:b7:f3:ab:9f:87:78:3f:be:c7:
                    b1:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:2C:BE:16:10:6C:A8:22:5B:32:85:F0:82:E4:31:B8:E3:0C:2E:8D
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/lCy-FhBsqCJbMoXwguQxuOMMLo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.236.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:b3:79:8b:67:a7:db:c7:ef:85:41:4a:37:78:56:d5:6d:0b:
         40:0c:a0:88:5b:05:68:68:61:3a:a7:14:e1:49:ad:fb:ec:a3:
         eb:4e:55:75:f6:70:50:ac:48:19:1e:8c:2b:26:c0:cb:4e:41:
         c7:53:46:8d:35:e2:d4:28:b8:5d:f5:91:95:20:89:47:e5:30:
         c1:da:8e:d5:5a:0e:60:2c:26:d6:b2:1d:d0:1f:26:c9:58:99:
         96:7a:30:e9:30:bb:9e:b5:c3:bf:af:67:d8:ee:43:5e:dc:26:
         4c:9d:81:ed:dc:de:41:b2:21:e3:f2:23:2c:9d:ee:0e:4d:fd:
         09:56:75:cf:f9:ac:73:f4:83:9e:8e:6b:64:89:80:48:46:3f:
         22:12:68:d4:f7:13:71:13:3a:7b:97:9d:5c:46:06:5f:2c:46:
         0a:d5:ac:21:79:a1:01:c1:80:c9:2f:37:80:76:60:63:1c:4f:
         7e:e5:8e:55:aa:2a:04:a1:a3:91:63:53:28:7f:d8:64:a6:8e:
         ce:f2:fd:ec:c3:b9:fd:fa:76:62:a1:ca:d5:60:b6:c9:f2:17:
         88:c5:f1:d9:21:b6:9d:04:bd:7f:25:b5:b4:64:09:97:a8:e6:
         89:e1:85:77:2c:b4:96:11:ad:2e:08:44:a2:ee:cc:2a:df:be:
         88:63:8b:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTa29qyZeRsYH7Y6Bmz7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDJjYmUxNjEwNmNhODIyNWIzMjg1ZjA4MmU0MzFiOGUzMGMyZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvz3d3fcvtfvpgZmA9ke6LkbTwF0
vlRpKrewtuXfn2Yz0Dag9t7JyCvt3SMZ9pZ0CwSs1G8NztilEv7AGB9nwaA0l6zx
2TQdBAC1RV0IOuU9OsSHSDHVtdZxd1zMW1lqvRbNvh6YzuiMwno5eqfgS9SohKZv
tkAsDtU5yLYMU2iELhormAkmeWhZFYWRLS2Em6AHtP1mvZ81Bhpw0963viAyy7VF
5f3OQrExSvIrfIP55EZk7IX3M6Qj0xaFc/dWGJ+COvtHqmpZkjpOKqIFTzkOEZGA
BemLDOh9er67uIWkE38SbewCzzZ5Lx5sWioyX8FFXSS386ufh3g/vsexbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQsvhYQbKgiWzKF8ILkMbjjDC6NMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvbEN5LUZoQnNxQ0piTW9Yd2d1UXh1T01NTG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVOyYMA0G
CSqGSIb3DQEBCwUAA4IBAQCKs3mLZ6fbx++FQUo3eFbVbQtADKCIWwVoaGE6pxTh
Sa377KPrTlV19nBQrEgZHowrJsDLTkHHU0aNNeLUKLhd9ZGVIIlH5TDB2o7VWg5g
LCbWsh3QHybJWJmWejDpMLuetcO/r2fY7kNe3CZMnYHt3N5BsiHj8iMsne4OTf0J
VnXP+axz9IOejmtkiYBIRj8iEmjU9xNxEzp7l51cRgZfLEYK1awheaEBwYDJLzeA
dmBjHE9+5Y5VqioEoaORY1Mof9hkpo7O8v3sw7n9+nZiocrVYLbJ8heIxfHZIbad
BL1/JbW0ZAmXqOaJ4YV3LLSWEa0uCESi7swq376IY4u2
-----END CERTIFICATE-----
Generated at Wed May 22 08:54:36 2024 by rpki-client on console-fra.rpki-client.org