Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/Z8ATFdvUB79al0sFy0pWiQPPj6o.roa
File:                     Z8ATFdvUB79al0sFy0pWiQPPj6o.roa (raw, json)
Hash identifier:          8G/bipyN5gvhevsjMAPo9mU5ftCCX9alM6Gm6NAYucU=
Subject key identifier:   67:C0:13:15:DB:D4:07:BF:5A:97:4B:05:CB:4A:56:89:03:CF:8F:AA
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018CC5004A2FA937AE00F45F2C9A4851BF82
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/Z8ATFdvUB79al0sFy0pWiQPPj6o.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201363
IP address blocks:        217.113.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4a:2f:a9:37:ae:00:f4:5f:2c:9a:48:51:bf:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67c01315dbd407bf5a974b05cb4a568903cf8faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:46:20:1e:0f:87:be:f0:ad:f7:6a:d7:a7:1f:
                    ca:5a:1f:c8:4e:01:db:45:d2:de:2c:65:21:19:e9:
                    5e:63:fd:ae:fb:c6:20:e5:4f:f4:b3:d8:43:5a:6e:
                    d7:11:9a:09:cc:cb:c7:40:79:80:58:95:c4:7a:c3:
                    37:42:dd:4f:ac:88:0d:4e:5d:a0:0f:5e:8c:75:5c:
                    f5:a5:f5:cd:13:81:82:66:66:4c:43:16:bd:bf:d4:
                    2f:db:e0:e2:27:3f:aa:d7:21:28:a5:61:92:ec:27:
                    7d:c6:de:7d:c9:c9:f1:8c:70:29:07:ce:18:cc:b6:
                    dc:7e:8b:5f:c9:c9:8d:5f:e6:52:3c:fc:62:bf:ef:
                    4c:1a:f1:01:ff:e5:db:a3:fd:99:01:d7:d6:0e:1d:
                    26:a5:74:d5:4d:27:7b:f1:36:60:04:21:4f:2f:b3:
                    9d:0c:08:62:e9:51:bc:97:f3:4c:48:7d:63:49:27:
                    b0:9d:e8:47:3c:22:26:e0:24:2a:ae:37:79:ca:ef:
                    fc:22:5c:41:c2:b7:f0:94:e8:33:91:19:94:16:b6:
                    a8:2b:80:5f:f3:53:3f:f2:2c:f1:95:e5:18:8c:7e:
                    73:d6:e3:a0:ed:cf:c6:92:3b:09:70:39:e6:21:e5:
                    74:0a:27:87:df:68:71:22:02:4c:f2:66:6f:40:77:
                    ee:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C0:13:15:DB:D4:07:BF:5A:97:4B:05:CB:4A:56:89:03:CF:8F:AA
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/Z8ATFdvUB79al0sFy0pWiQPPj6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:11:a0:e6:97:80:82:a5:e2:83:8f:bd:0d:7c:d4:95:d4:f4:
         8f:44:80:97:d1:77:79:32:02:c3:e0:13:25:63:6d:b4:a8:67:
         fa:ea:0f:73:e1:dd:15:9f:1f:c2:39:bc:b9:6b:41:9b:c9:ee:
         62:69:83:eb:27:80:4c:1f:f2:eb:a7:b7:07:fa:a7:8b:98:89:
         fb:65:e9:ab:88:1a:9f:bb:32:94:62:da:e5:5a:f1:7d:ae:2c:
         e1:d8:96:25:1b:75:d2:1e:34:21:b1:e1:88:6e:8c:32:1a:0d:
         dd:c6:6c:de:4e:6b:69:1f:0a:f9:5c:c6:a0:9b:4c:18:bf:fb:
         cd:ee:f5:80:c1:c2:cd:23:99:6e:85:83:f4:4d:c4:76:67:07:
         31:21:a0:b4:99:15:a7:e8:9d:31:ee:01:8c:7c:78:6f:db:36:
         b9:f2:24:ce:a2:8a:c4:b6:4a:ef:a5:bb:37:b6:bc:6f:85:db:
         be:db:b0:f2:b7:d8:48:8c:e3:52:82:ed:eb:bb:51:03:f8:8b:
         c0:d3:98:30:05:d6:90:ba:55:1c:28:09:a3:56:34:d5:90:e3:
         6e:50:c5:74:6e:59:ad:ef:c2:94:0a:e9:4e:2a:de:9a:1e:38:
         d6:29:d6:83:41:4b:e8:54:16:8a:05:02:22:55:9e:0c:91:48:
         c2:4a:42:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEovqTeuAPRfLJpIUb+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MwMTMxNWRiZDQwN2JmNWE5NzRiMDVjYjRhNTY4OTAzY2Y4ZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUYgHg+HvvCt92rXpx/KWh/ITgHb
RdLeLGUhGeleY/2u+8Yg5U/0s9hDWm7XEZoJzMvHQHmAWJXEesM3Qt1PrIgNTl2g
D16MdVz1pfXNE4GCZmZMQxa9v9Qv2+DiJz+q1yEopWGS7Cd9xt59ycnxjHApB84Y
zLbcfotfycmNX+ZSPPxiv+9MGvEB/+Xbo/2ZAdfWDh0mpXTVTSd78TZgBCFPL7Od
DAhi6VG8l/NMSH1jSSewnehHPCIm4CQqrjd5yu/8IlxBwrfwlOgzkRmUFraoK4Bf
81M/8izxleUYjH5z1uOg7c/GkjsJcDnmIeV0CieH32hxIgJM8mZvQHfumQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfAExXb1Ae/WpdLBctKVokDz4+qMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvWjhBVEZkdlVCNzlhbDBzRnkwcFdpUVBQajZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XERMA0G
CSqGSIb3DQEBCwUAA4IBAQCuEaDml4CCpeKDj70NfNSV1PSPRICX0Xd5MgLD4BMl
Y220qGf66g9z4d0Vnx/COby5a0Gbye5iaYPrJ4BMH/Lrp7cH+qeLmIn7ZemriBqf
uzKUYtrlWvF9rizh2JYlG3XSHjQhseGIbowyGg3dxmzeTmtpHwr5XMagm0wYv/vN
7vWAwcLNI5luhYP0TcR2ZwcxIaC0mRWn6J0x7gGMfHhv2za58iTOoorEtkrvpbs3
trxvhdu+27Dyt9hIjONSgu3ru1ED+IvA05gwBdaQulUcKAmjVjTVkONuUMV0blmt
78KUCulOKt6aHjjWKdaDQUvoVBaKBQIiVZ4MkUjCSkLh
-----END CERTIFICATE-----
Generated at Thu May 2 10:36:35 2024 by rpki-client on console-ams.rpki-client.org