Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9WHcdRnJLrC1YFVJmslAo6M9QxY.roa
File:                     9WHcdRnJLrC1YFVJmslAo6M9QxY.roa (raw, json)
Hash identifier:          0Tu4UnKlMBNHJKQzsZF0DbrOlsQrvq7xAZyZWo9Z8Zc=
Subject key identifier:   F5:61:DC:75:19:C9:2E:B0:B5:60:55:49:9A:C9:40:A3:A3:3D:43:16
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCEB5FD370E923AAD6C56237001E2D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9WHcdRnJLrC1YFVJmslAo6M9QxY.roa
Signing time:             Tue 02 Jan 2024 10:34:10 +0000
ROA not before:           Tue 02 Jan 2024 10:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198879
IP address blocks:        2a0e:97c0:bf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:eb:5f:d3:70:e9:23:aa:d6:c5:62:37:00:1e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f561dc7519c92eb0b56055499ac940a3a33d4316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:0c:d1:69:d7:a6:a6:23:45:e4:a0:07:c3:82:
                    f6:46:35:de:84:31:ce:76:d5:10:bb:24:d4:54:93:
                    50:b8:e7:71:81:48:51:9a:5d:80:a0:85:24:81:cb:
                    9b:b9:81:5b:78:30:cc:c6:43:73:08:7b:7b:2e:3c:
                    07:5e:f7:27:5a:7a:3d:d7:0c:e5:f0:17:44:8f:b2:
                    bb:dd:3a:a1:3b:cb:cb:8e:a9:25:28:48:90:16:d8:
                    ee:68:e9:13:ab:4b:c9:04:99:96:de:80:37:09:e9:
                    0b:84:cb:d4:fa:3d:18:27:58:eb:e4:7e:a1:00:b6:
                    c9:3e:f9:f3:ec:f6:9d:63:55:3c:2b:46:b1:4a:14:
                    99:85:ef:fe:f9:77:ef:f0:3f:2d:f1:49:ca:e1:42:
                    1e:45:12:5b:10:41:0a:76:04:e2:92:83:c8:f4:c7:
                    f7:81:9a:96:21:b4:d5:bd:4f:26:26:cc:26:22:bd:
                    1d:2e:ce:af:6f:80:4f:d8:3c:c0:05:5e:dd:b2:c7:
                    ad:ef:4c:78:12:b6:b0:04:7c:cc:07:53:8d:e4:b2:
                    b8:36:55:27:3d:61:a6:c7:bf:1a:96:42:e9:cf:b0:
                    f4:ce:37:fb:99:2f:04:16:1a:d9:96:54:db:02:39:
                    0d:71:39:28:e2:b6:6d:9e:e7:e7:a4:b0:fc:b2:18:
                    dd:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:61:DC:75:19:C9:2E:B0:B5:60:55:49:9A:C9:40:A3:A3:3D:43:16
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9WHcdRnJLrC1YFVJmslAo6M9QxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:bf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a5:79:11:e4:97:e2:82:7d:e3:4c:8b:87:3c:10:10:26:4d:75:
         d5:db:65:dc:dd:c5:91:d0:3f:44:ff:48:15:9b:26:af:7c:ba:
         2d:d6:93:24:84:f7:85:d5:21:9f:3b:2a:d1:c6:02:d0:40:00:
         af:f9:ba:1a:06:c7:7a:cd:95:21:24:7a:af:28:98:02:d9:cf:
         fa:bb:52:8a:9f:7d:af:65:8d:d6:a1:2a:aa:f0:51:45:dc:7f:
         9c:34:65:ec:1e:ad:c5:d5:28:b7:36:e7:7e:e2:63:fa:2f:2d:
         a2:26:f9:5b:9b:2e:0b:48:cd:8b:3e:c8:cd:bc:28:80:a3:f9:
         07:8c:96:cd:0d:44:ff:0b:6e:40:a3:17:cb:75:bf:96:f7:ef:
         2e:f5:5c:3e:a3:46:18:0b:d1:20:ec:85:92:d0:d6:97:d2:18:
         6a:0e:2e:e6:44:2f:fc:d7:e9:5c:58:66:df:0c:d6:d5:e3:9b:
         f3:83:18:7e:c2:05:06:97:be:18:79:04:a3:41:fb:93:57:55:
         8f:fc:96:67:13:25:f5:c3:fc:6a:de:5f:8e:43:90:50:51:44:
         d1:71:c0:f4:dd:8c:c0:18:df:03:4b:a9:2a:1b:6b:e0:26:be:
         1c:8f:15:9d:ca:2a:04:8b:74:59:d0:c5:00:53:e8:8e:44:b4:
         ed:20:ad:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOtf03DpI6rWxWI3AB4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTYxZGM3NTE5YzkyZWIwYjU2MDU1NDk5YWM5NDBhM2EzM2Q0MzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggzRadempiNF5KAHw4L2RjXehDHO
dtUQuyTUVJNQuOdxgUhRml2AoIUkgcubuYFbeDDMxkNzCHt7LjwHXvcnWno91wzl
8BdEj7K73TqhO8vLjqklKEiQFtjuaOkTq0vJBJmW3oA3CekLhMvU+j0YJ1jr5H6h
ALbJPvnz7PadY1U8K0axShSZhe/++Xfv8D8t8UnK4UIeRRJbEEEKdgTikoPI9Mf3
gZqWIbTVvU8mJswmIr0dLs6vb4BP2DzABV7dsset70x4ErawBHzMB1ON5LK4NlUn
PWGmx78alkLpz7D0zjf7mS8EFhrZllTbAjkNcTko4rZtnufnpLD8shjd0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPVh3HUZyS6wtWBVSZrJQKOjPUMWMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOVdIY2RSbkpMckMxWUZWSm1zbEFvNk05UXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAvw
MA0GCSqGSIb3DQEBCwUAA4IBAQCleRHkl+KCfeNMi4c8EBAmTXXV22Xc3cWR0D9E
/0gVmyavfLot1pMkhPeF1SGfOyrRxgLQQACv+boaBsd6zZUhJHqvKJgC2c/6u1KK
n32vZY3WoSqq8FFF3H+cNGXsHq3F1Si3Nud+4mP6Ly2iJvlbmy4LSM2LPsjNvCiA
o/kHjJbNDUT/C25AoxfLdb+W9+8u9Vw+o0YYC9Eg7IWS0NaX0hhqDi7mRC/81+lc
WGbfDNbV45vzgxh+wgUGl74YeQSjQfuTV1WP/JZnEyX1w/xq3l+OQ5BQUUTRccD0
3YzAGN8DS6kqG2vgJr4cjxWdyioEi3RZ0MUAU+iORLTtIK0h
-----END CERTIFICATE-----
Generated at Fri May 3 03:33:15 2024 by rpki-client on console-ams.rpki-client.org